Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 of instant Application US 18/783,999 are rejected on the ground of anticipatory type double patenting as being unpatentable over claims 1-21 US Patent US 11115383. Although the conflicting claims are not identical, they are not patentably distinct from each other because the claims both in the present application and the US patent discloses a method and systems for providing security to SoC (system on chip) through firewalls.
The table below shows the comparison of claims of the instant application with that of the US patent US11115383.
Claim No.
Limitations of Instant Application US18/783,999.
Limitations of the US patent US11115383.
Claim No.
1
1. A system comprising: a plurality of functional units including a plurality of firewalls, respectively, in which each firewall stores configuration data for a corresponding functional unit of the plurality of functional units; a first bus coupled to the plurality of functional units; a second bus that is coupled to the plurality of functional units and is electrically isolated from the first bus; and a configuration controller coupled to the second bus and configured to use the second bus to control the configuration data that is stored in each of the plurality of firewalls.
1. A system on a chip (SoC), comprising: multiple functional blocks coupled to a system bus configured to communicate among ones of the functional blocks coupled to the system bus; the functional blocks configured to perform at least one of sending messages to or receiving messages from other ones of the functional blocks through the system bus; multiple initiator-side firewall blocks, different ones of the initiator-side firewall blocks corresponding to different ones of the functional blocks, the initiator-side firewall blocks having respective initiator-side memories configured to store configuration settings of the respective initiator-side firewall blocks, the initiator-side firewall blocks configured so that, when a sending one of the functional blocks sends a sent message to a receiving functional block on the system bus, the initiator side firewall block corresponding to the sending functional block adds an identifier to the sent message in at least partial dependence on the configuration settings of the corresponding initiator-side firewall block; multiple receiver-side firewall blocks, different ones of the receiver-side firewall blocks corresponding to different ones of the functional blocks, the receiver-side firewall blocks having respective receiver-side firewall block memories configured to store configuration settings of the respective receiver-side firewall blocks, the receiver-side firewall blocks configured so that, when the receiving functional block receives the sent message on the system bus, the receiver-side firewall block corresponding to the receiving functional block allows or refuses permission for the sent message to be accessed by the receiving functional block in at least partial dependence on the configuration settings of the corresponding receiver-side firewall block and on the identifier; a security bus which is electrically isolated from the system bus, the security bus coupled to the initiator-side firewall blocks and to the receiver-side firewall blocks; and a single security configuration controller coupled to the security bus and configured to use the security bus to exclusively control the configuration settings to be stored in all of the initiator-side firewall block memories and all of the receiver-side firewall block memories.
1
1. A system comprising: a plurality of functional units including a plurality of firewalls, respectively, in which each firewall stores configuration data for a corresponding functional unit of the plurality of functional units; a first bus coupled to the plurality of functional units; a second bus that is coupled to the plurality of functional units and is electrically isolated from the first bus; and a configuration controller coupled to the second bus and configured to use the second bus to control the configuration data that is stored in each of the plurality of firewalls
12. A system on a chip (SoC), comprising: multiple functional blocks coupled to a system bus, the functional blocks configured to perform at least one of send messages to and receive messages from other ones of the functional blocks through the system bus; ones of the functional blocks comprising one or more of: an initiator-side firewall block coupled to the system bus and comprising an initiator-side memory configured to store configuration settings of the initiator-side firewall block, the initiator-side firewall block configured to add an identifier to a sent message sent on the system bus by a sending one of the functional blocks to a receiving one of the functional blocks in at least partial dependence on the configuration settings of the initiator-side firewall block; and a receiver-side firewall block coupled to the system bus comprising a receiver-side memory configured to store configuration settings of the receiver-side firewall block, the receiver-side firewall block configured to electively allow or refuse permission for the received message to be further accessed by the receiving functional block in at least partial dependence on the configuration settings of the receiver-side firewall block and on the identifier; a security bus which is electrically isolated from the system bus, the security bus coupled to the initiator-side firewall blocks and to the receiver-side firewall blocks; and a single security configuration controller coupled to the security bus and configured to use the security bus to exclusively control the configuration settings to be stored in all of the initiator-side memories and all of the receiver-side memories.
15
15. A method comprising: determining, by a configuration controller, a location of a first configuration memory of a first firewall of a first functional unit using a first pointer stored in a memory; determining, by the configuration controller, a location of a second configuration memory of a second firewall of a second functional unit using a second pointer stored in the memory; configuring, by the configuration controller via a security bus, one or more configuration settings of the first configuration memory; configuring, by the configuration controller via the security bus, one or more configuration settings of the second configuration memory; sending a message, by the first functional unit to the second functional unit, in which the first firewall applies an identifier to the message; receiving the message, by the second functional unit; and determining, by the second firewall, whether the second functional unit has permission to access the message based on the identifier and the configuration settings of the second configuration memory.
18. A method for sending messages in a system on a chip (SoC), the method comprising: determining a location of an initiator-side memory of an initiator-side firewall block and a location of a receiver-side memory of a receiver-side firewall block, using respective pointers to the initiator-side memory and the receiver-side memory stored in a single memory comprising contiguous memory elements, addresses of the pointers within the single memory being determined in at least partial dependence on respective unique firewall identifiers of the initiator side firewall block and of the receiver-side firewall block; configuring one or more configuration settings of the initiator-side firewall block and one or more configuration settings of the receiver-side firewall block using an exclusive security configuration controller, the respective pointers, and a security bus which is electrically isolated from a system bus; sending a message from a sending functional block to a receiving functional block using the system bus; adding a message identifier to the message using the initiator-side firewall block, the identifier added in at least partial dependence on the configuration settings of the initiator-side firewall block; and allowing or refusing permission for the receiving functional block to further access the message using the receiver-side firewall block, in at least partial dependence on the message identifier and the configuration settings of the receiver-side firewall block.
7
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1 & 3 are rejected under 35 USC 103 as being unpatentable over Conti (US 20080163353 A1 as mentioned in IDS dated 7/25/2024) in view of Halabi (US 9391955 B2)
Regrading claim 1, a system comprising: a plurality of functional units including a plurality of firewalls, respectively, [0021] FIG. 2 shows an embodiment of the megacell 102 in detail. Each of the components described in FIG. 1 is shown coupled to other components via interconnects 146 and 148. The synchronous dynamic random-access memory (SDRAM) 130 couples to the interconnect 146 via SDRAM memory scheduler (SMS) logic 200. Most or all of the components described in FIG. 1 are associated with firewalls, as shown in FIG. 2. In particular, the core 116, DSP 118, DMA 120, LCD 122, camera 124, graphics accelerator 140, stacked modem 138, stacked OMAP 136, and USB 134 are known as "initiators," and each initiator is associated with a different initiator firewall 180. Similarly, the peripherals 142, control module 144, ROM 126, RAM 128, storage 132 and SMS 200 are known as "targets" and are associated with different target firewalls 182. The initiator firewalls 180 and target firewalls 182 are used for security purposes as described below. The megacell 102 comprises additional safety components, such as a system security controller 154, a power and reset controller 152, and a firewall value generator 154, also described below.]
a first bus coupled to the plurality of functional units; [0021] FIG. 2 shows an embodiment of the megacell 102 in detail. Each of the components described in FIG. 1 is shown coupled to other components via interconnects 146 (first bus) and 148. The synchronous dynamic random access memory (SDRAM) 130 couples to the interconnect 146 via SDRAM memory scheduler (SMS) logic 200. Most or all of the components described in FIG. 1 are associated with firewalls, as shown in FIG. 2. In particular, the core 116, DSP 118, DMA 120, LCD 122, camera 124, graphics accelerator 140, stacked modem 138, stacked OMAP 136, and USB 134 are known as "initiators," and each initiator is associated with a different initiator firewall 180. Similarly, the peripherals 142, control module 144, ROM 126, RAM 128, storage 132 and SMS 200 are known as "targets" and are associated with different target firewalls 182. The initiator firewalls 180 and target firewalls 182 are used for security purposes as described below. The megacell 102 comprises additional safety components, such as a system security controller 154, a power and reset controller 152, and a firewall value generator 154, also described below.]
a second bus that is coupled to the plurality of functional units and is electrically isolated from the first bus; [0022] Some or all of the control module 144, the initiator firewalls 180, the target firewalls 182, the system security controller 154, the power and reset controller 152 and the firewall value generator 154 form the security infrastructure for the computer system 100. In accordance with preferred embodiments, the control module 144 has three ports 174, 176 and 178 through which the control module 144 interacts with the remaining components of the security infrastructure. Port 174 couples with the firewall value generator 154 via bus 160. Port 176 couples with the system security controller 154 via bus 158 (second bus). Port 178 couples to each of the initiator firewalls 180 and each of the target firewalls 182 via bus 156 (2nd bus).]
and a configuration controller coupled to the second bus and configured to use the second bus to control the configuration data that is stored in each of the plurality of firewalls. [0029] When the system security controller 154 receives a security violation signal, the system security controller 154 determines the type of violation that has occurred. Based on this determination, and further based on security violation reporting strategy information provided by the control module 144 on bus 158 in response to a violation notice provided on bus 156 (2nd bus), the system security controller 154 may cause the power and reset controller 152 to take protective action such that the detected attack is foiled. Any suitable protective action may be taken, such as resetting some or all of the circuit logic of the megacell 102, forcing one or more components of the megacell 102 to be powered off, etc. The control module 144, the system security controller 154 and the power and reset controller 152 together may implement any of a variety of protective security measures (e.g., resetting the system 100), many of which are described in the commonly owned patent application entitled, "System and Method of Identifying and Preventing Security Violations Within a Computing System,"……. The control module 144 also has the capability to adjust (change or modify) the parameters (configuration data) in one or more firewalls (it is obvious that this configuration data are stored in memory of the firewall) using the firewall value generator 150 and bus 162, thereby adjusting the conditions under which the firewalls send alert signals to the control module 144.]
Although, Conti teaches firewalls and configuration data and memory, he does not teach explicitly, however, Halabi teaches;
in which each firewall stores configuration data for a corresponding functional unit of the plurality of functional units; [ Col 5, lines 30-55: FIG. 3 depicts an illustrative network 300 including a group of networked computing devices 302 (computing devices 304, 306, 308, 310) protected from other computing devices 318a-f by firewalls 312, 314, 316. The computing devices 318c, 318d may be another group 322 of networked computing devices operated by the same entity or a different entity as the group 302. The other computing devices may connect to or access the group of networked computing devices 302 via another network (e.g., internet 320). The firewalls may be implemented in one or more access devices such as gateways, routers, bridges, or other routing and/or access controlling devices. The firewalls may be defined by one or more policies which are used in determining which traffic is allowed to pass through the firewall and which traffic is denied access through or blocked by the firewall. The firewall may allow or block traffic in either direction. Each firewall policy may be implemented using one or more rules. Traffic satisfying the conditions of the rule may be processed according to that rule. For example, traffic matching a source, destination, and service defined in a rule may be allowed or blocked in accordance with the action defined by the rule. A rule may include firewall objects which may be parameters in the rule such as internet protocol (IP) addresses, devices, protocols, hosts, and applications. {Col 5, lines 56-67 & Col 6 lines 01-03: The different firewalls 312, 314, 316 in the network 300 may use different technologies and use different formats to define the policies of the firewalls. For example, firewall 312 may use a first format in configuring the firewall. Each firewall format may use a different firewall policy viewer dedicated to the particular firewall format. A unified format converter (e.g., parser or parsing module) of the unified firewall policy system may be used to convert the firewall policies in various formats to a unified format, and the unified firewall policy browser may present the firewall policies in the unified format to the user. The unified firewall policy system may be implemented in one or more computing devices such as one or more of the computing devices in the group 302 of networked computing devices.] [Col 6, lines 10-30: FIG. 4 illustrates an example of a method performed by a unified format converter which may be a parser or parsing module of the unified firewall policy system. At step 402, the parser may collect or retrieve configuration data (obviously configuration data is stored in memory which be addressed as configuration memory) from the firewalls in their respective original formats. For example, firewall 312 may be implemented using a first technology and/or configuration format which may be specific to the firewall 312. Firewall 314 may use a different technology and/or configuration format from firewall 312 and may be configured using an interface which is different from and incompatible with the technology and/or configuration format used by firewall 312. The original configuration data outputted by firewall 312 may be in the first configuration format. The parser may connect to firewall 312 via a configuration interface of the firewall 312 and obtain a data file containing all of the policies for firewall 312 in the configuration format of the firewall 312 (e.g., a first configuration format). At step 404, the parser may read the configuration data of firewalls in the original format (e.g., the first configuration format). The parser may read and process one configuration item at a time. The data file containing all of the policies may provide different configuration items of the firewall in different lines. The parser may read and process one line of the configuration data file at a time.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Conti with the disclosure of Halabi. The motivation or suggestion would have been to implement a system that will provide efficient techniques for configuring firewall in multiple formats according to firewall polices. (abstract, Col 1, lines 15-60, Halabi)
Regarding claim 3, Conti teaches:
wherein the first bus includes a device bus used by the plurality of functional units to communicate with each other via messages, [0021] FIG. 2 shows an embodiment of the megacell 102 in detail. Each of the components described in FIG. 1 is shown coupled to other components via interconnects 146 (first bus) and 148. The synchronous dynamic random access memory (SDRAM) 130 couples to the interconnect 146 via SDRAM memory scheduler (SMS) logic 200. Most or all of the components described in FIG. 1 are associated with firewalls, as shown in FIG. 2. In particular, the core 116, DSP 118, DMA 120, LCD 122, camera 124, graphics accelerator 140, stacked modem 138, stacked OMAP 136, and USB 134 are known as "initiators," and each initiator is associated with a different initiator firewall 180. Similarly, the peripherals 142, control module 144, ROM 126, RAM 128, storage 132 and SMS 200 are known as "targets" and are associated with different target firewalls 182. The initiator firewalls 180 and target firewalls 182 are used for security purposes as described below. The megacell 102 comprises additional safety components, such as a system security controller 154, a power and reset controller 152, and a firewall value generator 154, also described below.]
the second bus includes a security control bus configured to be used exclusively for controlling the configuration data that is stored in each of the plurality of firewalls. [0022] Some or all of the control module 144, the initiator firewalls 180, the target firewalls 182, the system security controller 154, the power and reset controller 152 and the firewall value generator 154 form the security infrastructure for the computer system 100. In accordance with preferred embodiments, the control module 144 has three ports 174, 176 and 178 through which the control module 144 interacts with the remaining components of the security infrastructure. Port 174 couples with the firewall value generator 154 via bus 160. Port 176 couples with the system security controller 154 via bus 158. Port 178 couples to each of the initiator firewalls 180 and each of the target firewalls 182 via bus 156 (2nd bus).]
Claims 2 & 14 are rejected under 35 USC 103 as being unpatentable over Conti (US 20080163353 A1) in view of Halabi (US 9391955 B2) and Yuki (US20130133080)
Regarding claim 2, although, Conti and Halabi teach plurality of firewalls and configuration data (stored in memory/configuration memory), he does not teach explicitly, however, Yuki teaches wherein: each device of the plurality of devices has a configuration memory and an identifier associated therewith; and the memory is configured to store pointers at respective memory addresses to the respective configuration memories based on the respective identifiers. [0066] FIG. 6 shows an example of virtual device data held by the virtual device data holding unit 341, with a plurality of virtual device data being stored as a virtual device data table 601 in this example. A device identifier and a tenant identifier are respectively stored in a device identifier column 602 and a tenant identifier column 603. A value uniquely identifying virtual device configuration data stored in a virtual device configuration data holding unit 343 which will be discussed later is stored in a virtual device configuration data identifier column 604. This value is used as a pointer to the virtual device configuration data (stored in memory-configuration memory). Also, a value uniquely identifying virtual license data stored in a virtual license data holding unit 342 which will be discussed later is stored in a virtual license data identifier column 605. This value is used as a pointer to the virtual license data. These items constitute a single record of the virtual device data table 601. Virtual device data is newly registered when a real device is newly connected to the network, for example.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Conti and Halabi with the disclosure of Yuki. The motivation or suggestion would have been to implement a system that will provide efficient and improved techniques for managing configuration data of plurality devices (para 0009-0011, Yuki)
Regarding claim 14, Conti teaches wherein the memory is configured to provide the configuration controller with a view of all configuration memories in a contiguous memory space.[[0029]:When the system security controller 154 receives a security violation signal, the system security controller 154 determines the type of violation that has occurred. Based on this determination, and further based on security violation reporting strategy information provided by the control module 144 on bus 158 in response to a violation notice provided on bus 156, the system security controller 154 may cause the power and reset controller 152 to take protective action such that the detected attack is foiled. Any suitable protective action may be taken, such as resetting some or all of the circuit logic of the megacell 102, forcing one or more components of the megacell 102 to be powered off, etc. The control module 144, the system security controller 154 and the power and reset controller 152 together may implement any of a variety of protective security measures (e.g., resetting the system 100), many of which are described in the commonly owned patent application entitled, …. reference. The control module 144 also has the capability to adjust the parameters in one or more firewalls (that’s controller has of view/access/read/write) of all configuration using the firewall value generator 150 and bus 162, thereby adjusting the conditions under which the firewalls send alert signals to the control module 144.]
Claim 12 is rejected under 35 USC 103 as being unpatentable over Conti (US 20080163353 A1) in view of Halabi (US 9391955 B2), Yuki (US20130133080) and Balan (US 20110016284 A1 as mentioned in IDS 7/25/2024)
Regarding claim 12, although, Conti, Halabi and Yuki teach plurality of firewalls and their configuration memory, they do not teach explicitly, however, Balan teaches wherein the memory includes a contiguously addressed set of memory elements configured to store the pointers, each pointer pointing to a location of a respective configuration memory of the plurality of devices. [0007] In accordance with one embodiment of the present invention, a system for storing information units is provided. The system includes a memory comprising a plurality of contiguous memory segments, a local memory storing a plurality of pointers, each pointer pointing to one contiguous memory segment, a receiving unit configured to arrange incoming information units into queues and memory control logic configured to allocate pointers to the queues and configured to cause the incoming information units to be written into contiguous memory segments. The incoming information units form at least one queue and the pointers form a linked list of pointers if the information units are written into more than one contiguous memory segment.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Conti, Halabi & Yuki with the disclosure of Balan. The motivation or suggestion would have been to implement a system that will provide efficient and improved techniques for managing pointers to multiple contiguous memory locations. (abstract, 0aras 0005-0007, Balan)
Regarding claim 13, although, Conti, Halabi and Yuki teach plurality of firewalls and their respective configuration memory, they do not teach explicitly, however, Balan teaches wherein the memory includes a plurality of memory regions, each corresponding to a respective memory. [0007] In accordance with one embodiment of the present invention, a system for storing information units is provided. The system includes a memory comprising a plurality of contiguous memory segments, a local memory storing a plurality of pointers, each pointer pointing to one contiguous memory segment, a receiving unit configured to arrange incoming information units into queues and memory control logic configured to allocate pointers to the queues and configured to cause the incoming information units to be written into contiguous memory segments. The incoming information units form at least one queue and the pointers form a linked list of pointers if the information units are written into more than one contiguous memory segment.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Conti, Halabi & Yuki with the disclosure of Balan. The motivation or suggestion would have been to implement a system that will provide efficient and improved techniques for managing pointers to multiple contiguous memory locations. (abstract, 0aras 0005-0007, Balan)
Allowable Subject Matter
Claims 4-11 are objected but would be allowable if limitations of these claims are fully incorporated into their base claim including limitations of any intervening claim, if any.
Claims 15-20 are allowed.
Reasons of allowability:
Claims 4 is objected as none of the cited arts either alone or in combination teach wherein: the plurality of functional units includes a first functional unit that includes a first firewall of the plurality of firewalls, and a second functional unit that includes a second firewall of the plurality of firewalls, the first firewall having a first configuration memory and a first identifier associated therewith, and the second firewall having a second configuration memory and a second identifier associated therewith; the first firewall is configured to apply a first identifier to a message directed to the second functional unit; and the second firewall is configured to determine whether the second functional unit is permitted to access the message based on the first identifier and configuration data stored in the second firewall.
Dependent claims 5-11 are also objected due to their direct or hierarchical dependencies on claim 4.
Claim 15 is allowed as none of the cited arts either alone or in combination teach configuring, by the configuration controller via a security bus, one or more configuration settings of the first configuration memory; configuring, by the configuration controller via the security bus, one or more configuration settings of the second configuration memory; sending a message, by the first functional unit to the second functional unit, in which the first firewall applies an identifier to the message; receiving the message, by the second functional unit; and determining, by the second firewall, whether the second functional unit has permission to access the message based on the identifier and the configuration settings of the second configuration memory.
Dependent claims 16-20 are also allowed due to their direct or hierarchical dependencies on claim 15.
The closest prior art (patent publications) made of records are:
1. Halabi (US 9391955 B2) teaches methods, computer-readable media, systems and apparatuses for firewall policy system are described. The firewall policy system may include a unified format converter, a firewall policy browser, and a firewall policy converter. The firewall policy converter may convert firewall policies between different configuration formats. A first firewall policy may be received in a first configuration format. The first firewall policy may be converted into a second configuration format, and a command to convert the first firewall policy from the second configuration format into a third configuration format may be received. In response to receiving the command, the first firewall policy may be converted from the second configuration format into the third configuration format. The first firewall policy may be outputted in the third configuration format.
2. Letey (US 20120202495) discloses the present invention relates to a system for providing a localized information service using an infrastructure of a cellular communication network, to a method for operating a system that provides a localized information service using an infrastructure of a cellular communication network, to a network entity of a cellular communication network, and to a method of controlling such a network entity.
3. Yuki (US 20130133080 A1) teache an image forming apparatus is detected, a check is performed as to whether the hardware was used with another image forming apparatus, and, if used, a license of an application that is operated by the hardware is automatically transferred so that the application can be used in the image forming apparatus to which the hardware is connected.
4.. Wang (CN 105577628 A-Englsih translation and original is attached) discloses a method for realizing the virtual firewall of according to the first information received by the data flow for obtaining virtual firewall instance identifier according to the identifier of the virtual firewall instance searching the virtual firewall configuration parameter. and searching the ACL rule set according to the message information of the data flow according to the data flow, the virtual firewall configuration parameter and the ACL rule set generates session list item and the security service parameters related to the conversation of the said data flow is stored in the session table entry. The invention further claims a device for realizing the virtual firewall. so it can realize through which a physical firewall is divided into a plurality of logical firewall for each logical firewall can independently apply resource, at the same time, solves the problem that the traditional firewall deployment, it can greatly reduce the maintenance and management cost, while providing independent security service policy for different users.
5.. Jie (CN106453333 A- English translation and original is attached) describes a firewall rule creation method of virtualization platform, the method comprises: receiving a firewall rule information, and generating firewall rules based on the firewall rules information received the creation request based on the creating request generated. obtaining firewall rule of the group identification information of the group identification information associated with the firewall rule, and according to the network topology of the cluster sends the firewall rule virtual switch of every host computer node in the cluster on all virtual switch or a virtual machine to the firewall rules specified access. to finish the firewall rule creation. The invention also claims a firewall rule creation device of a virtualization platform. The invention solves the problem that the virtualization platform in firewall rules configuration process is too complicated in the prior art.
Special Note: Although few prior are mentioned above, in fact, the prior arts made of record and listed on the PTO-892 and not relied upon are considered pertinent to applicant’s disclosure.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574. The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/ Primary Examiner, Art Unit 2497