SYSTEMS AND METHODS FOR REDUCING FRAME LOSS IN A NETWORK PROCESSING SYSTEM

--DETAILED ACTION Examiner acknowledges receipt of Applicant’s amendment filed on 06/30/2025 Claims 1, 3, 4, 8, 10-12, and 15-20 are currently amended Claims 1-20 are pending Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Examiner has fully considered Applicant’s amendments to the Claims in the arguments filed on 06/30/2025. Claims 1-20 remain pending in the application. Examiner has withdrawn the 112 rejections of Claims 4, 11, and 18 based on the amendments filed on 06/30/2025. Response to Arguments Applicant’s arguments filed 06/30/2025, with respect to the rejections of independent claims 1. 8, and 15 and their respective dependent claims under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejections have been withdrawn. However, upon further consideration, new grounds of rejection are made in view of newly applied references from Chan et al. (US 20210376954 A1), hereinafter Chan, and Ahmed (US 20230261971 A1), hereinafter Ahmed. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3, 8-10, and 15-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al. (US 20210376954 A1), hereinafter Chan, in view of Ahmed (US 20230261971 A1), hereinafter Ahmed. Regarding Claim 1: Chan teaches a method for filtering network traffic (Chan – Paragraph [0004]: An apparatus for handling an incoming communication data frame containing a plurality of bits is provided; and Paragraph [0025]: The data frame 110 may for example be an Ethernet frame in accordance with a respective standard (e.g., IEEE 802.3) and may include payload data of a plurality of communication protocol layers), the method comprising: receiving, by a processing resource, network traffic data (Chan – Paragraph [0035]: FIG. 2 shows a schematic illustration of an apparatus 200 for handling an incoming communication data frame 110 in accordance with various embodiments); operating a plurality of traffic filter processors, including a first traffic filter processor and a second traffic filter processor, in parallel, wherein each traffic filter processor of the plurality of filter processors performs a same type of filtering (Chan – Paragraph [0037]: The apparatus 200 may include a plurality of data matchers 220. The individual data matchers have reference numbers 220_0, . . . , 220_1, . . . , 220_n, for n greater or equal to 1. Each of the data matchers 220_1, . . . , 220_n may be configured to compare a subset of the plurality of bits of the data frame 110 with a predetermined data pattern (which may be selected from a plurality of predetermined data patterns) and to provide an output 220R to indicate the result of said comparison; and Paragraph [0048]: In various embodiments, two or more of the data matchers 220_1, . . . , 220_n may be configured to compare the same subset of the plurality of bits of the data frame 110 to the same predetermined data pattern. In other words, two or more redundant data matchers 220_1, . . . , 220_n may be provided, for example for identifying defective data matchers 220, and/or for limiting their harmful effect; and Paragraph [0172]: the subject-matter of any of Examples 16 to 26 may optionally further include that the comparing in each of the plurality of data matchers is performed in parallel); providing, by the processing resource, the network traffic data to both the first traffic filter processor and the second traffic filter processor (Chan – Paragraph [0048]: In various embodiments, two or more of the data matchers 220_1, . . . , 220_n may be configured to compare the same subset of the plurality of bits of the data frame 110 to the same predetermined data pattern. In other words, two or more redundant data matchers 220_1, . . . , 220_n may be provided, for example for identifying defective data matchers 220, and/or for limiting their harmful effect), wherein the first traffic filter processor generates a first filtered data set corresponding to the network traffic data, wherein the second traffic filter processor generates a second filtered data set corresponding to the network traffic data (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame); selecting, by the processing resource, one of the first filtered data set or the second filtered data set as an output data set based on results of a logical exclusive OR (XOR) of corresponding frames (Chan – Paragraph [0059]: This is visualized in FIG. 4B: The predetermined data pattern, which may be stored in a further memory 442 of the data matcher 220 (e.g. of the matching logic 334), may be “100000011”. The subset of the plurality of bits of the data frame 110 (as defined by the window selector 330) may be “100000010”. As a consequence, the comparison operator 440 may indicate a match for the first eight bits and a mismatch for the last bit of the subset of the plurality of bits. Since an XOR operation is applied by the exemplary comparison operator 440, the result is a bit pattern of eight “1” and one “0”; and Paragraph [0060] The filtering mask 444 may be set to ignore a mismatch in the last bit (and in the last bit only), which is indicated by setting the last bit of the filtering mask 444 to “0”, and the other bits to “1”. In other words, the subset of the plurality of bits will be identified as matching the predetermined data pattern if the first eight bits match, e.g. the subset of the plurality of bits having the values “100000011” and the subset of the plurality of bits having the values “100000010” (which may be considered as permutations of a bit pattern) will both be considered as matches to the predetermined data pattern “100000011” in consideration of the filtering mask “111111110”) of the first filtered data set and the second filtered data set (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame; and Paragraph [0116]: The fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 use predetermined data patterns that match the respective subsets provided to them (0x11 vs. 0x11, 0x22 vs. 0x22, 0x33 vx. 0x33 and 0x44 vs. 0x44). As a consequence, the output 220R of each of the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 is “1”, indicating a match; and Paragraph [0117]: Since, as explained above, the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 have a redundant setup to the first to fourth data matchers 220_1, 220_2, 220_3, 220_4, also the output 220R of each of the first to fourth data matchers 220_1, 220_2, 220_3, 220_4 is “1”, indicating a match; and Paragraph [0118]: The selectors 222 may be configured in such a way that only the outputs provided by the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 are evaluated by the first selector 222_1, and only the first to fourth data matchers 220_1, 220_2, 220_3, 220_4 are evaluated by the fourth selector 222_4. Each of the first selector 222_1 and the fourth selector 222_4 may be configured to determine the data frame 110 to be a match only in the case that the outputs 220R of all four data matchers 220 that the respective selector 222_1 or 222_4, respectively, receives are matches. In other words, each selector 222 may expect four “1”s … If this had not been a case, a notification may have been issued, as described above; and Paragraph [0050]: In various embodiments, each of the predetermined selection patterns and the predetermined filter pattern may be set in such a way that a final result provided by the frame filter indicates a match (and transfers the data frame 110 to the application logic 226) only if the third output matches the fourth output, because discrepant results for redundant checks would be indicative of a filter failure, e.g. of failed data matchers 220; and Paragraph [0051]: In various embodiments, a notification may be triggered by the mismatch. The notification may include an identification of the affected data matchers 220. This allows a reconfiguration for eliminating the defective data matcher 220). Chan does not expressly teach and reducing frame loss that would otherwise occur during transition from an inoperable traffic filter processor to a backup traffic filter processor configured as part of an active/passive high-availability network cluster by; selecting, by the processing resource, one of the first filtered data set or the second filtered data set as an output data set; and transmitting, by the processing resource, the output data set to a destination of the network traffic data. However, Ahmed teaches and reducing frame loss that would otherwise occur during transition from an inoperable traffic filter processor to a backup traffic filter processor configured as part of an active/passive high-availability network cluster by (Ahmed – Paragraph [0043]: Data communication resources may be offered as network interface card (NIC,) firewall or access control lists (ACLs,) gateways, network address translation (NAT) service, private/public Internet protocol (IP) addresses … etc.; and Figure 3B: illustration of upstream and downstream data packet flow; and Paragraph [0074]: e. F 1 data packet may arrive at v-cable 310 ports RX 315 and RX 314 of the upstream redundant set. The switching module of v-cable 310 may sent all packets arriving at a secondary/standby port RX 315 to a blackhole module BH 312 and all packets arriving at a primary/active port RX 314 to every port of the downstream redundant set (or network devices.) It should be noted that the aforementioned behavior filters out duplicate packets effectively and in real time; and Paragraph [0075]: f. It should be noted that v-cable 310 may select port RX 315 to become active while processing packet of F 1, which should result in no packet loss (or minimal packet loss) due to the fact that F 1 packet are flowing on both RX 315 and RX 314 at the same time regardless of their primary/secondary status); selecting, by the processing resource, one of the first filtered data set or the second filtered data set as an output data set (Ahmed – Figure 5: flow chart for process of instantaneous failover for network communication paths; and Paragraph [0113]: Operation 503 may be followed by operation 505. Operation 505 illustrates that when a failure of the communication path p.sup.i, due to a failure of the i.sup.th upstream device, is detected by the switch modules, alternate communication path(s) p.sup.j is/are indicated between the i.sup.th upstream device (or network) and some or all of the downstream device or networks, where i≠j should be appreciated that failure of the i.sup.th upstream device may result in distributing the p.sup.i communication path to multiple communication paths p.sup.j based on the selection criterion of the switch module of the data cable (or of the v-switch device.) In some embodiment, the upstream device with best link quality may be selected next to serve as primary provider of network traffic to a downstream device (or network.) Other embodiments may follow round-robin (or any other selection criterion) to select the next primary interface based on a priority order resulting on j.sup.th upstream device replacing i.sup.th upstream device when a failure is detected. Some embodiments may utilize random selection criterion to select the next primary interface. Those skilled in the art would appreciate the tradeoffs different selection criteria, efficiency complexity, and cost of the implemented system); and transmitting, by the processing resource, the output data set to a destination of the network traffic data (Ahmed – Figure 5: flow chart for process of instantaneous failover for network communication paths; and Paragraph [0113]: Operation 505 illustrates that when a failure of the communication path p.sup.i, due to a failure of the i.sup.th upstream device, is detected by the switch modules, alternate communication path(s) p.sup.j is/are indicated between the i.sup.th upstream device (or network) and some or all of the downstream device or networks, where i≠j should be appreciated that failure of the i.sup.th upstream device may result in distributing the p.sup.i communication path to multiple communication paths p.sup.j based on the selection criterion of the switch module of the data cable (or of the v-switch device; and Paragraph [0114]: Operation 505 may be followed by operation 507. Given the indication of communication path p.sup.j, Operation 507 illustrates that communication path(s) p.sup.j may be enabled between the j.sup.th upstream device (or network) and some or all of the downstream devices (or networks,) where i≠j, by the switch module of some or all data cables). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Chan, further incorporating Ahmed to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Ahmed’s teaching to instantly switch a primary active network communication path among a plurality of redundant communication paths upon detection of a faulty/failed path into Chan’s method for redundant filtering of traffic to identify one or more malfunctioning filters. Chan exhibits a capability to apply logical XOR operations to find mismatches in redundant filter output data. A mismatch of expected vs. actual filter output data indicates at least one filter failure. Ahmed supplements Chan by implementing redundant network communication paths in the case that one path is determined to be faulty. Therefore, the listed elements and combined motivation of Chan and Ahmed is sufficient to render the claimed invention obvious to one of ordinary skill in the art. Regarding Claim 2: The combination of Chan and Ahmed teaches the method of claim 1. Ahmed further teaches wherein selecting the one of the first filtered data set or the second filtered data set as the output data set includes: selecting, by the processing resource, the first filtered data set as the output data set when the first filtered data set is identical to the second filtered data set (Ahmed – Paragraph [0012]: The techniques shown herein address deficiencies related to failures of networking devices and/or computing nodes. For example, data center may eliminate data blips and reduce the time when its computing nodes may lose network level connectivity and stop servicing downstream customers. In addition, computing nodes redundancy is possible where multiple instances of the same application are ready to provide service once the primary/active instance loses its connectivity. Also, the access network can now have planned service without the need to move customer virtual servers to different rack and/or provide an advance notice to customers providing further agility to respond to emergent incident. In addition, data lost or blips due to those unplanned failures of networking nodes are subdued and/or eliminated; Examiner’s Comment: Ahmed’s use of a primary/active networking device indicates its default operation until a failure is detected). The motivation to combine the arts is the same as that of Claim 1. Regarding Claim 3: The combination of Chan and Ahmed teaches the method of claim 1. Chan further teaches the method further comprising: providing, by the processing resource, the network traffic data to a third traffic filter processor of the plurality of traffic filter processors (Chan – Paragraph [0048]: In various embodiments, two or more of the data matchers 220_1, . . . , 220_n may be configured to compare the same subset of the plurality of bits of the data frame 110 to the same predetermined data pattern. In other words, two or more redundant data matchers 220_1, . . . , 220_n may be provided, for example for identifying defective data matchers 220, and/or for limiting their harmful effect), wherein the third traffic filter processor generates a third filtered data set corresponding to the network traffic data (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame); when the first filtered data set is not identical to the third filtered data set and the second filtered data set is identical to the third filtered data set (Chan – Paragraph [0050]: In various embodiments, each of the predetermined selection patterns and the predetermined filter pattern may be set in such a way that a final result provided by the frame filter indicates a match (and transfers the data frame 110 to the application logic 226) only if the third output matches the fourth output, because discrepant results for redundant checks would be indicative of a filter failure, e.g. of failed data matchers 220; and Paragraph [0051]: In various embodiments, a notification may be triggered by the mismatch. The notification may include an identification of the affected data matchers 220. This allows a reconfiguration for eliminating the defective data matcher 220; and Paragraph [0118]: [0118] The selectors 222 may be configured in such a way that only the outputs provided by the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 are evaluated by the first selector 222_1, and only the first to fourth data matchers 220_1, 220_2, 220_3, 220_4 are evaluated by the fourth selector 222_4. Each of the first selector 222_1 and the fourth selector 222_4 may be configured to determine the data frame 110 to be a match only in the case that the outputs 220R of all four data matchers 220 that the respective selector 222_1 or 222_4, respectively, receives are matches. In other words, each selector 222 may expect four “1”s. This is the case here, hence each of the first selector 222_1 and the fourth selector 222_4 provides “1” as output. If this had not been a case, a notification may have been issued, as described above). Ahmed further teaches and wherein the selecting the one of the first filtered data set or the second filtered data set as the output data set includes selecting, by the processing resource, the second filtered data set as the output data set (Ahmed – Figure 5: flow chart for process of instantaneous failover for network communication paths; and Paragraph [0113]: Operation 503 may be followed by operation 505. Operation 505 illustrates that when a failure of the communication path p.sup.i, due to a failure of the i.sup.th upstream device, is detected by the switch modules, alternate communication path(s) p.sup.j is/are indicated between the i.sup.th upstream device (or network) and some or all of the downstream device or networks, where i≠j should be appreciated that failure of the i.sup.th upstream device may result in distributing the p.sup.i communication path to multiple communication paths p.sup.j based on the selection criterion of the switch module of the data cable (or of the v-switch device.) In some embodiment, the upstream device with best link quality may be selected next to serve as primary provider of network traffic to a downstream device (or network.) Other embodiments may follow round-robin (or any other selection criterion) to select the next primary interface based on a priority order resulting on j.sup.th upstream device replacing i.sup.th upstream device when a failure is detected. Some embodiments may utilize random selection criterion to select the next primary interface. Those skilled in the art would appreciate the tradeoffs different selection criteria, efficiency complexity, and cost of the implemented system). The motivation to combine the arts is the same as that of Claim 1. Regarding Claim 8: Claim 8 is a system claim that recites limitations corresponding to those of the method Claim 1. Therefore, Claim 8 is rejected with the same rationale and motivation as applied against claim 1 above. In addition, Ahmed teaches a system for providing multi-path network traffic filtering, the system comprising: a processing resource; a non-transient computer readable medium coupled to the processing resource and having stored therein instructions that when executed by the processing resource cause the processing resource to (Ahmed – Paragraph [0094]: It should also be noted that the illustrated methods may be broken into smaller sub-methods or sub-tasks and that the execution of the illustrated methods my not entail the execution of every sub-method (or sub-task.) Some or all of sub-tasks of the methods, and/or considerably equivalent sub-tasks, can be carried out by the execution of computer program (set of computer-readable instructions) provided via on a computer-readable storage media. A computer program and variants thereof, as used in description and claims, is widely used herein to include applications, application libraries and modules, routines, program modules, data structures, algorithms, components, microcode, and the like. Computer programs can be carried out by various form of computing devices and configurations such as single-processor or multiprocessor systems). Regarding Claim 9: Claim 9 is a system claim with limitations corresponding to those of method Claim 2. Therefore, Claim 9 is rejected with the same combination and rationale as that of the rejection of Claim 2. Regarding Claim 10: Claim 10 is a system claim with limitations corresponding to those of method Claim 3. Therefore, Claim 10 is rejected with the same combination and rationale as that of the rejection of Claim 3. Regarding Claim 15: Claim 15 is a non-transient computer readable medium claim that recites limitations corresponding to those of the method Claim 1. Therefore, Claim15 is rejected with the same rationale and motivation as applied against Claim 1 above. In addition, Ahmed teaches a non-transient computer readable medium having stored therein instructions that when executed by a processing resource cause the processing resource to (Ahmed – Paragraph [0094]: It should also be noted that the illustrated methods may be broken into smaller sub-methods or sub-tasks and that the execution of the illustrated methods my not entail the execution of every sub-method (or sub-task.) Some or all of sub-tasks of the methods, and/or considerably equivalent sub-tasks, can be carried out by the execution of computer program (set of computer-readable instructions) provided via on a computer-readable storage media. A computer program and variants thereof, as used in description and claims, is widely used herein to include applications, application libraries and modules, routines, program modules, data structures, algorithms, components, microcode, and the like. Computer programs can be carried out by various form of computing devices and configurations such as single-processor or multiprocessor systems). Regarding Claim 16: Claim 16 is a computer-readable medium claim with limitations corresponding to those of method Claim 2. Therefore, Claim 16 is rejected with the same combination and rationale as those of the rejections of Claim 2. Regarding Claim 17: Claim 17 is a computer-readable medium claim with limitations corresponding to those of method Claim 3. Therefore, Claim 17 is rejected with the same combination and rationale as those of the rejections of Claim 3. Claim(s) 4-7, 11-14, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chan in view of Ahmed and Adams et al. (US 20070061876 A1), hereinafter Adams. Regarding Claim 4: The combination of Chan and Ahmed teaches the method of claim 1. Chan further teaches further comprising: providing, by the processing resource, the network traffic data to a third traffic filter processor of the plurality of traffic filter processors (Chan – Paragraph [0048]: In various embodiments, two or more of the data matchers 220_1, . . . , 220_n may be configured to compare the same subset of the plurality of bits of the data frame 110 to the same predetermined data pattern. In other words, two or more redundant data matchers 220_1, . . . , 220_n may be provided, for example for identifying defective data matchers 220, and/or for limiting their harmful effect), wherein the third traffic filter processor generates a third filtered data set corresponding to the network traffic data (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame), wherein the first traffic filter processor, the second traffic filter processor, and the third traffic filter processor are included in a multi-path network security appliance (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame, the plurality of filters operating within an apparatus for handling an incoming communication data frame); determining, by the processing resource, that the first filtered data set is not identical to the second filtered data set; determining, by the processing resource, that the first filtered data set is not identical to the third filtered data set; determining, by the processing resource, that the second filtered data set is not identical to the third filtered data set (Chan – Paragraph [0050]: In various embodiments, each of the predetermined selection patterns and the predetermined filter pattern may be set in such a way that a final result provided by the frame filter indicates a match (and transfers the data frame 110 to the application logic 226) only if the third output matches the fourth output, because discrepant results for redundant checks would be indicative of a filter failure, e.g. of failed data matchers 220; and Paragraph [0051]: In various embodiments, a notification may be triggered by the mismatch. The notification may include an identification of the affected data matchers 220. This allows a reconfiguration for eliminating the defective data matcher 220; and Paragraph [0118]: [0118] The selectors 222 may be configured in such a way that only the outputs provided by the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 are evaluated by the first selector 222_1, and only the first to fourth data matchers 220_1, 220_2, 220_3, 220_4 are evaluated by the fourth selector 222_4. Each of the first selector 222_1 and the fourth selector 222_4 may be configured to determine the data frame 110 to be a match only in the case that the outputs 220R of all four data matchers 220 that the respective selector 222_1 or 222_4, respectively, receives are matches. In other words, each selector 222 may expect four “1”s. This is the case here, hence each of the first selector 222_1 and the fourth selector 222_4 provides “1” as output. If this had not been a case, a notification may have been issued, as described above). Ahmed further teaches and wherein selecting the one of the first filtered data set or the second filtered data set as the output data set includes selecting one of the first filtered data set, the second filtered data set, or the third filtered data set as the output data set (Ahmed – Figure 5: flow chart for process of instantaneous failover for network communication paths; and Paragraph [0113]: Operation 503 may be followed by operation 505. Operation 505 illustrates that when a failure of the communication path p.sup.i, due to a failure of the i.sup.th upstream device, is detected by the switch modules, alternate communication path(s) p.sup.j is/are indicated between the i.sup.th upstream device (or network) and some or all of the downstream device or networks, where i≠j should be appreciated that failure of the i.sup.th upstream device may result in distributing the p.sup.i communication path to multiple communication paths p.sup.j based on the selection criterion of the switch module of the data cable (or of the v-switch device.) In some embodiment, the upstream device with best link quality may be selected next to serve as primary provider of network traffic to a downstream device (or network.) Other embodiments may follow round-robin (or any other selection criterion) to select the next primary interface based on a priority order resulting on j.sup.th upstream device replacing i.sup.th upstream device when a failure is detected. Some embodiments may utilize random selection criterion to select the next primary interface. Those skilled in the art would appreciate the tradeoffs different selection criteria, efficiency complexity, and cost of the implemented system). The combination of Chan and Ahmed does not expressly teach and wherein the method further includes: accessing a health status of the multi-path network security appliance, wherein the health status of the multi-path network security appliance indicates a first operational status of the first traffic filter processor, a second operational status of the second traffic filter processor, and a third operational status of the third traffic filter processor; wherein selecting the one of the first filtered data set or the second filtered data set as the output data set includes: selecting, by the processing resource, the second filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is fully operational; and selecting, by the processing resource, the third filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is not fully operational. However, Adams teaches and wherein the method further includes: accessing a health status of the multi-path network security appliance, wherein the health status of the multi-path network security appliance indicates a first operational status of the first traffic filter processor, a second operational status of the second traffic filter processor, and a third operational status of the third traffic filter processor (Adams – Paragraph [0038]: At step 220, the logical device may classify the first firewall (e.g., firewall A) as "failed." In at least one embodiment of the present disclosure, the first firewall may remain classified as "failed" until a reset condition and/or operator initiated reset request is received by the logical device. From step 220, the method 200 generally proceeds to step 240; and Paragraph [0039]: Similarly, at step 220', the logical device may classify the second firewall (e.g., firewall B) as "failed." In at least one embodiment of the present disclosure, the second firewall may remain classified as "failed" until a reset condition and/or operator initiated reset request is received by the logical device. From step 220', the method 200 generally proceeds to step 240; and Paragraph [0025]: To facilitate understanding of the present disclosure, the method 200 is illustrated in FIGS. 2(a-b) using a first (i.e., firewall A) and a second (i.e., firewall B) firewall device (i.e., firewall). However, any appropriate number of firewall devices (e.g., the devices 104) may be implemented within the spirit and scope of the present disclosure); wherein selection of the output data set includes: selecting, by the processing resource, the second filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is fully operational (Adams – Paragraph [0042]: At decision block 224, the logical device may determine whether the second firewall device (i.e., second redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the second firewall (i.e., the second redundant data packet is invalid, a second firewall error was detected at step 214'). When the second redundant data packet source has failed and/or the second redundant data packet is invalid, the method 200 may proceed to step 228 such that the valid first redundant data packet may be transmitted to the target device); and selecting, by the processing resource, the third filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is not fully operational (Adams – Paragraph [0042]: At decision block 224, the logical device may determine whether the second firewall device (i.e., second redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the second firewall (i.e., the second redundant data packet is invalid, a second firewall error was detected at step 214'). When the second redundant data packet source has failed and/or the second redundant data packet is invalid, the method 200 may proceed to step 228 such that the valid first redundant data packet may be transmitted to the target device; and Paragraph [0025]: To facilitate understanding of the present disclosure, the method 200 is illustrated in FIGS. 2(a-b) using a first (i.e., firewall A) and a second (i.e., firewall B) firewall device (i.e., firewall). However, any appropriate number of firewall devices (e.g., the devices 104) may be implemented within the spirit and scope of the present disclosure). Adams further teaches determining, by the processing resource, that the first filtered data set is not identical to the second filtered data set (Adams – Paragraph [0012]: The logical device is configured for transmitting the first redundant data packet to the target device via the output when the first redundant data packet is valid a first logical condition is satisfied, and transmitting the second redundant data packet to the target device via the output when the second redundant data packet is valid and a second logical condition is satisfied. The first logical condition is at least one of the second firewall device is failed, the second redundant data packet is invalid, and the first firewall device is a primary firewall device. Similarly, the second logical condition is at least one of the first firewall device is failed, the first redundant data packet is invalid, and the second firewall device is the primary firewall device; Examiner’s Comment: the distinction of an “invalid” redundant data packet is sufficient to read on a determination that one filter’s output is not identical to another filter’s output that has been determined to be valid); determining, by the processing resource, that the first filtered data set is not identical to the third filtered data set (Adams – Paragraph [0012]: The logical device is configured for transmitting the first redundant data packet to the target device via the output when the first redundant data packet is valid a first logical condition is satisfied, and transmitting the second redundant data packet to the target device via the output when the second redundant data packet is valid and a second logical condition is satisfied. The first logical condition is at least one of the second firewall device is failed, the second redundant data packet is invalid, and the first firewall device is a primary firewall device. Similarly, the second logical condition is at least one of the first firewall device is failed, the first redundant data packet is invalid, and the second firewall device is the primary firewall device; and Paragraph [0025]: To facilitate understanding of the present disclosure, the method 200 is illustrated in FIGS. 2(a-b) using a first (i.e., firewall A) and a second (i.e., firewall B) firewall device (i.e., firewall). However, any appropriate number of firewall devices (e.g., the devices 104) may be implemented within the spirit and scope of the present disclosure; Examiner’s Comment: the distinction of an “invalid” redundant data packet is sufficient to read on a determination that one filter’s output is not identical to another filter’s output that has been determined to be valid); determining, by the processing resource, that the second filtered data set is not identical to the third filtered data set (Adams – Paragraph [0012]: The logical device is configured for transmitting the first redundant data packet to the target device via the output when the first redundant data packet is valid a first logical condition is satisfied, and transmitting the second redundant data packet to the target device via the output when the second redundant data packet is valid and a second logical condition is satisfied. The first logical condition is at least one of the second firewall device is failed, the second redundant data packet is invalid, and the first firewall device is a primary firewall device. Similarly, the second logical condition is at least one of the first firewall device is failed, the first redundant data packet is invalid, and the second firewall device is the primary firewall device; and Paragraph [0025]: To facilitate understanding of the present disclosure, the method 200 is illustrated in FIGS. 2(a-b) using a first (i.e., firewall A) and a second (i.e., firewall B) firewall device (i.e., firewall). However, any appropriate number of firewall devices (e.g., the devices 104) may be implemented within the spirit and scope of the present disclosure; Examiner’s Comment: the distinction of an “invalid” redundant data packet is sufficient to read on a determination that one filter’s output is not identical to another filter’s output that has been determined to be valid). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Chan and Ahmed, further incorporating Adams to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Adams’s specific teaching to indicate when one or more of a plurality of filters is not fully operational in order to continue processing incoming data efficiently and effectively into Chan and Ahmed’s combined method for filtering network traffic through a multipath filtering device. This combination would provide the system with a mechanism to identify malfunctioning filters and adjust packet processing accordingly. Regarding Claim 5: The combination of Chan and Ahmed teaches the method of claim 1. Chan further teaches wherein the first traffic filter processor and the second traffic filter processor are included in a multi-path network security appliance (Chan – Figure 6D: illustration of redundant filtering of the same subsets of a data frame, the plurality of filters operating within an apparatus for handling an incoming communication data frame). The combination of Chan and Ahmed does not expressly teach and wherein the method further includes: accessing a health status of the multi-path network security appliance, wherein the health status of the multi-path network security appliance indicates a first operational status of the first traffic filter processor and a second operational status of the second traffic filter processor. However, Adams teaches and wherein the method further includes: accessing a health status of the multi-path network security appliance, wherein the health status of the multi-path network security appliance indicates a first operational status of the first traffic filter processor and a second operational status of the second traffic filter processor (Adams – Paragraph [0042]: At decision block 224, the logical device may determine whether the second firewall device (i.e., second redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the second firewall (i.e., the second redundant data packet is invalid, a second firewall error was detected at step 214'). When the second redundant data packet source has failed and/or the second redundant data packet is invalid, the method 200 may proceed to step 228 such that the valid first redundant data packet may be transmitted to the target device. Otherwise, the method 200 generally falls through to step 226; and Paragraph [0043]: Similarly, at decision block 224', the logical device may determine whether the first firewall device (i.e., first redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the first firewall (i.e., the first redundant data packet is invalid, a first firewall error was detected at step 214). When the first redundant data packet source has failed and/or the first redundant data packet is invalid, the method 200 may proceed to step 228' such that the valid second redundant data packet may be transmitted to the target device. Otherwise, the method 200 generally falls through to step 226'). It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Chan and Ahmed, further incorporating Adams to arrive at the conclusion of the claimed invention. One would be motivated to incorporate Adams’s specific teaching to indicate when one or more of a plurality of filters is not fully operational in order to continue processing incoming data efficiently and effectively into Chan and Ahmed’s combined method for filtering network traffic through a multipath filtering device. This combination would provide the system with a mechanism to identify malfunctioning filters and adjust packet processing accordingly. Regarding Claim 6: The combination of Chan, Ahmed, and Adams teaches the method of claim 5. Adams further teaches wherein selecting the one of the first filtered data set or the second filtered data set as the output data set includes: selecting, by the processing resource, the first filtered data set as the output data set when the first operational status indicates the first traffic filter processor is fully operational (Adams – Paragraph [0044]: At decision block 226, the logical device may determine whether the first firewall is the primary firewall. When the first firewall is the primary firewall, a corresponding valid first redundant data packet may be transmitted to the target device. By designating a firewall as a primary firewall, a valid redundant data packet may be selected from a plurality of valid and/or potentially valid redundant data packets for subsequent transmission to the target device); and selecting, by the processing resource, the second filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is fully operational (Adams – Paragraph [0043]: Similarly, at decision block 224', the logical device may determine whether the first firewall device (i.e., first redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the first firewall (i.e., the first redundant data packet is invalid, a first firewall error was detected at step 214). When the first redundant data packet source has failed and/or the first redundant data packet is invalid, the method 200 may proceed to step 228' such that the valid second redundant data packet may be transmitted to the target device. Otherwise, the method 200 generally falls through to step 226'). The motivation to combine the arts is the same as that of Claim 5. Regarding Claim 7: The combination of Chan, Ahmed, and Adams teaches the method of claim 5. Chan further teaches wherein selecting the one of the first filtered data set or the second filtered data set as the output data set includes: determining, by the processing resource, that the first filtered data set is not identical to the second filtered data set (Chan – Paragraph [0050]: In various embodiments, each of the predetermined selection patterns and the predetermined filter pattern may be set in such a way that a final result provided by the frame filter indicates a match (and transfers the data frame 110 to the application logic 226) only if the third output matches the fourth output, because discrepant results for redundant checks would be indicative of a filter failure, e.g. of failed data matchers 220; and Paragraph [0051]: In various embodiments, a notification may be triggered by the mismatch. The notification may include an identification of the affected data matchers 220. This allows a reconfiguration for eliminating the defective data matcher 220; and Paragraph [0118]: [0118] The selectors 222 may be configured in such a way that only the outputs provided by the fifth to eighth data matchers 220_5, 220_6, 220_7, 220_8 are evaluated by the first selector 222_1, and only the first to fourth data matchers 220_1, 220_2, 220_3, 220_4 are evaluated by the fourth selector 222_4. Each of the first selector 222_1 and the fourth selector 222_4 may be configured to determine the data frame 110 to be a match only in the case that the outputs 220R of all four data matchers 220 that the respective selector 222_1 or 222_4, respectively, receives are matches. In other words, each selector 222 may expect four “1”s. This is the case here, hence each of the first selector 222_1 and the fourth selector 222_4 provides “1” as output. If this had not been a case, a notification may have been issued, as described above). Adams further teaches selecting, by the processing resource, the first filtered data set as the output data set when the first operational status indicates the first traffic filter processor is fully operational (Adams – Paragraph [0044]: At decision block 226, the logical device may determine whether the first firewall is the primary firewall. When the first firewall is the primary firewall, a corresponding valid first redundant data packet may be transmitted to the target device. By designating a firewall as a primary firewall, a valid redundant data packet may be selected from a plurality of valid and/or potentially valid redundant data packets for subsequent transmission to the target device); and selecting, by the processing resource, the second filtered data set as the output data set when the first operational status indicates the first traffic filter processor is not fully operational, and the second operational status indicates the second traffic filter processor is fully operational (Adams – Paragraph [0043]: Similarly, at decision block 224', the logical device may determine whether the first firewall device (i.e., first redundant data packet source) has failed (i.e., classified as failed) and/or whether an error has occurred at the first firewall (i.e., the first redundant data packet is invalid, a first firewall error was detected at step 214). When the first redundant data packet source has failed and/or the first redundant data packet is invalid, the method 200 may proceed to step 228' such that the valid second redundant data packet may be transmitted to the target device. Otherwise, the method 200 generally falls through to step 226'). The motivation to combine the arts is the same as that of Claim 5. Regarding Claim 11: Claim 11 is a system claim with limitations corresponding to those of method Claim 4. Therefore, Claim 11 is rejected with the same combination and rationale as that of the rejection of Claim 4. Regarding Claim 12: Claim 12 is a system claim with limitations corresponding to those of method Claim 5. Therefore, Claim 12 is rejected with the same combination and rationale as that of the rejection of Claim 5. Regarding Claim 13: Claim 13 is a system claim with limitations corresponding to those of method Claim 6. Therefore, Claim 13 is rejected with the same combination and rationale as that of the rejection of Claim 6. Regarding Claim 14: Claim 14 is a system claim with limitations corresponding to those of method Claim 7. Therefore, Claim 14 is rejected with the same combination and rationale as that of the rejection of Claim 7. Regarding Claim 18: Claim 18 is a computer-readable medium claim with limitations corresponding to those of method Claim 4 and system claim 11. Therefore, Claim 18 is rejected with the same combination and rationale as those of the rejections of Claim 4 and Claim 11. Regarding Claim 19: Claim 19 is a computer-readable medium claim with limitations corresponding to those of method Claim 5 and system claim 12. Therefore, Claim 19 is rejected with the same combination and rationale as those of the rejections of Claim 5 and Claim 12. Regarding Claim 20: Claim 20 is a computer-readable medium claim with limitations corresponding to those of method Claim 6 and system claim 13. Therefore, Claim 20 is rejected with the same combination and rationale as those of the rejections of Claim 6 and Claim 13. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Anholt (US 20130272356 A1) teaches an apparatus which redundantly filters input data and performs XOR operations on the expected-identical outputs to detect faults Hillman et al. (US 7467326 B2) is directed to processor signals, but implements a concept of XOR-ing processor outputs expected to be the same in order to identify a faulty processor Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS JOSEPH DILUZIO whose telephone number is (703)756-1229. The examiner can normally be reached Mon - Fri -- 7:30 AM - 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS JOSEPH DILUZIO/Examiner, Art Unit 2498 /YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498