DETAILED ACTION
1. Claims 19-31 are pending in this examination.
Notice of Pre-AIA or AIA Status
2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
3. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Election/Restrictions
4. Applicant’s election without traverse of claim 19-31 in the reply filed on 12/14/2025 is acknowledged.
CLAIM INTERPRETATION
5.1 The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
5.2. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “…. a plurality of programmable cryptographic
modules configured to…” in claim 29.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
6. A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation: paragraph 24, fig. 10 shows a specific implementation of a programmable cryptographic module configured as a systolic array of FPGAs, according to one embodiment.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
7.1. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
independent claims 19 and 29
7.2. Claims 19, 22, 27-31 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20140108782 to Salinger et al (“Salinger”) in view of US Patent Application No. 20030014627 to Krishna et al (“Krishna”).
As per claim 19, Salinger discloses a method, comprising: receiving, by a computing device, an encrypted data packet, wherein the computing device comprises a plurality of cryptographic modules (fig. 2A: plurality of line cards, each with cryptographic modules; [0023], [0026]; fig. 6C; [0066]; -[0023], some or all of line cards 205 may execute one or more encryption modules that encrypt content data under the control of a CAS device. Each encryption module represents a collection of instructions that may be executed by a line card to carry out encryption-related operations in accordance with encryption management data and in accordance with encryption control data. The instructions of the encryption module may include software, firmware, hardwired logic, and combinations thereof. As part of the encryption-related operations, an encryption module may encrypt content data by scrambling that data using an encryption key and may change that encryption key on a frequent basis. The encryption module may also forward those keys and other information needed to decrypt encrypted content data to end devices. The line card may provide such information to end devices by forwarding entitlement messages (e.g., entitlement control messages and entitlement management messages) that the encryption module has received from a CAS device, …[0040], so that platform 101 can receive encryption management data originating at different CAS devices and provide that management data to encryption modules executing on various of line cards 205, and to avoid exposing aspects of encryption modules or CAS devices to the operator of platform 101,……….. also see ([0015], [0040])).
routing, by the computing device, the encrypted data packet to a first cryptographic module of the plurality of cryptographic modules, based on tagging data associated with the encrypted data packet (0022] Platform 101 may include a hardware or software switch 206 through which content data packets received by network-side cards 204 are routed to different ones of line cards 205. Switch 206 may also replicate data for routing to multiple line cards 205. Processor 201 accesses and controls memory 202, cards 204, line cards 205, switch 206 and other components in platform 101 by communicating with those components across a backplane 207. Processor 201 may also encapsulate, decapsulate or otherwise process packets of content data before forwarding such data from one of cards 204 to one of cards 205. In addition to forwarding content data downstream to end devices and forwarding data from end devices upstream to other network elements, platform 101 may also initiate communications (e.g., for management of access network 100). Accordingly, processor 201 may generate packets and forward those packets to cards 204 (for transmission to other elements in the larger network) or to line cards 205 (for transmission to end devices). Similarly, some communications from end devices or other network elements may terminate at processor 201 or another component of platform 101. [0040], so that platform 101 can receive encryption management data originating at different CAS devices and provide that management data to encryption modules executing on various of line cards 205, and to avoid exposing aspects of encryption modules or CAS devices to the operator of platform 101, a predefined common encryption management data interface may be employed. In particular, platform 101 is configured to accept encryption management data that is formatted according to the predefined common encryption management data interface and to pass that encryption management data to a specific line card. A management data converter of an encryption module executing within a line card can then convert the encryption management data from the predefined interface formatting to a form usable by other portions of the encryption module. Neither the operator of platform 101 nor the manufacturer of a line card, for example, needs to know the specifics of how an encryption module or its associated CAS device operates. Moreover, an operator of platform 101 can readily change an encryption module by replacing a line card or by simply installing a new encryption module into an existing line card. Even if a new encryption module must receive its encryption management data from a new CAS, the common encryption management data interface allows the new CAS device to communicate with the newly installed encryption module).
Salinger does not explicitly disclose however in the same field of endeavor, Krishna discloses each cryptographic module within the plurality of cryptographic modules is associated with one of a plurality of security classes ([0038] From the input FIFO 202, packet header information is sent to a packet classifier unit 204 where a classification engine rapidly determines security association information required for processing the packet, such as encryption keys, data, etc. As described in further detail below with reference to FIGS. 4, 5 and 6A and B, the classification engine performs lookups from databases stored in associated memory. The memory may be random access memory (RAM), for example, DRAM or SSRAM, in which case the chip includes a memory controller 212 to control the associated RAM. The associated memory may also be contact addressable memory (CAM), in which case the memory is connected directly with the cryptography engines 216 and packet classifier 204, and a memory controller is unnecessary. The associated memory may be on or off chip memory. The security association information determined by the packet classifier unit 204 is sent to a packet distributor unit 206)
the first cryptographic module is associated with a first security class; and routing the encrypted data packet to the first cryptographic module is based on the first cryptographic module belonging to the first security class as indicated by the tagging data; and decrypting, by the computing device using the first cryptographic module, the data packet ([0091] FIGS. 6A and 6B provide process flow diagrams showing aspects of the inbound and outbound packet processing procedures (including lookups) associated with packet classification in accordance with one embodiment of the present invention. FIG. 6A depicts the flow in the inbound direction (600). When an inbound packet is received by the packet classifier on a cryptography acceleration chip in accordance with the present invention, its header is parsed (602) and a SAD lookup is performed (604). Depending on the result of the SAD lookup and as specified by the resulting policy, the packet may be dropped (606), passed-through (608), or directed into the cryptography processing system. Once in the system, the packet is decrypted and authenticated (610), and decapsulated (612). Then, a SPD lookup is performed (614). If the result of the lookup is a policy that does not match that specified by the SAD lookup, the packet is dropped (616). Otherwise, a clear text packet is sent out of the cryptography system (618) and into the local system/network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salinger with the teaching of Krishna by including the feature of security/classification, in order for Salinger’s system to provide automatic IP packet encryption/decryption. By embedding cryptography functionality in network hardware, both system performance and data security are enhanced. Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets (Krishna, abstract).
As per claim 29, Salinger discloses a system comprising: an encryption device comprising a plurality of programmable cryptographic modules configured to process data packets ([0022]-[0023], …content data packets received by network-side cards 204 are routed to different ones of line cards 205. Switch 206 may also replicate data for routing to multiple line cards 205…, also see [0026]) and
Salinger does not explicitly disclose however in the same field of endeavor, Krishna discloses a programmable input/output interface coupled to the cryptographic modules and configured to route data packets between the cryptographic modules and one or more external interfaces ([0036] FIG. 2 is a high-level block diagram of a cryptography chip architecture in accordance with one embodiment of the present invention. The chip 200 may be connected to external systems by a standard PCI interface (not shown), for example a 32-bit bus operating at up to 33 MHz. Of course, other interfaces and configurations may be used, as is well known in the art, without departing from the scope of the present invention. [0053] The packet distributor unit 306 includes a processor which controls the sequencing and processing of the packets according to microcode stored on the chip. The chip also includes various buffers associated with each cryptography engine 316. A packet buffer 312 is used for storing packet data between distribution and crypto processing. Also, in this embodiment, each crypto engine 316 has a pair of security association information (SA) buffers 314a, 314b associated with it. Two buffers per crypto engine are used so that one 314b, may hold the SA for a current packet (packet currently being processed) while the other 314a is being preloaded with the security association information for the next packet. A status buffer 310 may be used to store processing status information, such as errors, etc; also see [0051] [0091] FIGS. 6A and 6B).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salinger with the teaching of Krishna by including the feature of security/classification, in order for Salinger’s system to provide automatic IP packet encryption/decryption. By embedding cryptography functionality in network hardware, both system performance and data security are enhanced. Provided is an architecture for a cryptography accelerator chip that allows significant performance improvements over previous prior art designs. In various embodiments, the architecture enables parallel processing of packets through a plurality of cryptography engines and includes a classification engine configured to efficiently process encryption/decryption of data packets. Cryptography acceleration chips in accordance may be incorporated on network line cards or service modules and used in applications as diverse as connecting a single computer to a WAN, to large corporate networks, to networks servicing wide geographic areas (e.g., cities). The present invention provides improved performance over the prior art designs, with much reduced local memory requirements, in some cases requiring no additional external memory. In some embodiments, the present invention enables sustained full duplex Gigabit rate security processing of IPSec protocol data packets (Krishna, abstract).
As per claim 22, the combination of Salinger and Krishn discloses the method of claim 19, further comprising: receiving, by the computing device, a second encrypted data packet Salinger. [0023], [0026]; fig. 6C; [0066] note: system may repeat steps);
routing, by the computing device, the second encrypted data packet to a second cryptographic module of the plurality of cryptographic modules, based on second tagging data associated with the second encrypted data packet ([0022], note: system may repeat steps).
Salinger does not explicitly disclose however in the same field of endeavor, Krishna discloses the second cryptographic module is associated with a second security class ([0038], note: system may repeat steps); and
routing the second encrypted data packet to the second cryptographic module is based on the second cryptographic module belonging to the second security class as indicated by the second tagging data; and decrypting, by the computing device using the second cryptographic module, the data packet ([0091] FIGS. 6A and 6B, note: system may repeat steps). The motivation regarding the obviousness of claim 19 is also applied to claim 22.
As per claim 27, the combination of Salinger and Krishn discloses the method of claim 19, wherein receiving the encrypted data packet comprises receiving the encrypted data packet from an encrypted data storage device connected to the computing device (Salinger, [0092], also see, [0096]-[0070], figs. 6a-b and associated texts).
As per claim 28, the combination of Salinger and Krishn discloses the method of claim 27, wherein: the encrypted data storage device and the computing device are at a first site; and the encrypted data storage device receives the encrypted data packet from a cloud network communicatively connecting the first site with a second site (Salinger, [0092], also see, [0096]-[0070], figs. 6a-b and associated texts).
As per claim 30, the combination of Salinger and Krishn discloses the system of claim 29, further comprising: an interchangeable physical interface coupled to the programmable input/output interface and adapted to facilitate reception and transmission of the data packets from and to a data source (Salinger, [0020]-[0023], [0019]), also see [0026], [0028], [0014], [0017]).
As per claim 31, the combination of Salinger and Krishn discloses the system of claim 30, wherein: the programmable input/output interface supports a plurality of communication protocols; and the interchangeable physical interface accommodates a plurality of physical connection standards (Salinger, [0020]-[0023], [0019]), also see [0026], [0028], [0014], [0017]).
7.3. Claims 20, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Salinger and Krishn as applied to claim above, and in view of Patent Application No. 20090327617 to Furuichi et al (“Furuichi”).
As per claim 20, the combination of Salinger and Krishn discloses the method of claim 19, wherein: the computing device comprises a plurality of ports, each port configurable to correspond to one of a plurality of security classes (Krishna, [0038]); and
Furthermore, Krishna discloses, ports; routing, by the computing device, the encrypted data packet to a first cryptographic module of the plurality of cryptographic modules, based on tagging data associated with the encrypted data packet as describe above claim 1,
Salinger and Krishn do not explicitly disclose however in the same field of endeavor, Furuichi discloses the computing device generates the tagging data corresponding to a port of the computing device on which the encrypted data packet arrived to be encrypted (Furuichi, [0051]-[0059], FIG. 6 illustrates the storage area management table 131 according to another embodiment of the present invention. As shown in FIG. 6, the storage area management table 131 stores pointer information 134 representing a start address of a target division area in association with a user ID 133 as user identification information for identifying a user. Further, the table may store pointer information in association with a group ID 132 as identification information for identifying a group including a plurality of users.[0052] Further, the table stores security level information 135 representing the degree of confidentiality and encryption key information 136 corresponding to the security level information 135 in association with a user ID 133 or a group ID 132. The system may extract encryption key information necessary for a user who issued an instruction to execute read/write processing through a shared object., also see [0036]-[0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salinger with the teaching of Furuichi/ Krishn by including the feature of a port, in order for Salinger’s system for controlling information read/write processing. The risk of information leakage upon data exchange between computers can be reduced using a security function. However, it is difficult to enhance security for a shared object accessible from plural programs in the same computer, so that the other programs on the same computer can easily read/write data from/to the shared object. Division areas as a target of read/write processing are specified in accordance with user identification information to thereby assign a shared object to division areas that permit a predetermined user to read write data thereto/therefrom to execute information read/write processing through the shared object. In this way, a shared object can be used at any address different from the standard address without loss of functionality (Furuichi).
As per claim 23, the combination of Salinger, Krishn and Furuichi the discloses the method of claim 19, further comprising: selecting, based on the tagging data, one of a plurality of ports of the computing device; and providing the decrypted packet as output on the selected port of the computing device (Furuichi, [0051]-[0059], also see [0036]-[0042]). The motivation regarding the obviousness of claim 20 is also applied to claim 23.
7.4. Claim 21 are rejected under 35 U.S.C. 103 as being unpatentable over Salinger and Krishn as applied to claim above, and in view of Patent Application No. 20120257506 to Bazlamacci et al ("Bazlamacci").
As per claim 21, the combination of Salinger and Krishn discloses the invention as described above. Salinger and Krishn do not explicitly disclose however, In the same field of endeavor, Bazlamacci discloses the method of claim 19, wherein each cryptographic module within the plurality of cryptographic modules comprises a cryptographic engine configured as a systolic-matrix array ([0082], [0089]).
It would have been obvious to one of ordinary skill in the art before the effective
filing date of the claimed invention to combine the teaching of Salinger with the
teaching of Bazlamacci /Krishn by including the feature of systolic-matrix array, in order for Salinger’s system to protecting data on the storage device. For example, if the data is read directly from the storage device such that in order for the host system to access data from the storage device, the request to access is authorized prior to decryption of the data on the storage device to be accessed. Additionally, the location where the encryption key that encrypts data on the storage device is stored affects the security of encrypted storage device. If the encryption key is stored on a storage device in the host system, the security of the encryption key may be compromised when the host system is lost or stolen. For example, if data on the storage device is read directly and the location of the stored encryption key is known by the hacker. Data security can thus be compromised due to the encryption key residing on the system (Bazlamacci).
7.5. Claims 24 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Salinger and Krishn as applied to claim above, and in view of Patent Application No. 20050198412 to Pedersen et al (“Pedersen”).
As per claim 24, the combination of Salinger and Krishn discloses the invention as described above. Salinger and Krishn do not explicitly disclose however, In the same field of endeavor, Pedersen i discloses the method of claim 19, further comprising loading at least one key for the decrypting by the computing device of the encrypted data packet, wherein the at least one key is selected based on a security class of the encrypted data packet (Pedersen, [0158]-[0159], also see fig. 30 and associated texts).
It would have been obvious to one of ordinary skill in the art before the effective
filing date of the claimed invention to combine the teaching of Salinger with the
teaching of Pedersen/Krishn by including the feature of systolic-matrix array, in order for Salinger’s system for establishing trust on a network that is configured to transmit data having at least one sensitivity level associated with the data. The present invention includes a trusted interface unit and a method of making and using the same. According to one embodiment of the present invention, a method of transmitting data on a network may include receiving data from a partition within a node on the network. This node may be configured to transmit data associated with a number of sensitivity levels. According to one embodiment of the invention, these sensitivity levels may be classification levels. One method of transmission of data may include determining the identity of the partition that originated the data within the node. Furthermore, a label may be added to the data received from within the node and the data may be encrypted with a key that may be uniquely associated with the label on the data. After encryption, the data may be transmitted on the network Pedersen, [0013]).
As per claim 26, the combination of Salinger, Krishn and Pedersen discloses the method of claim 24, wherein the security class of the encrypted data packet is determined by the tagging data (Pedersen, [0158]-[0159], also see fig. 30 and associated texts). The motivation regarding the obviousness of claim 24 is also applied to claim 26.
7.6. Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Salinger and Krishn as applied to claim above, and in view of US Patent Application No. 20110283339 to Smith et al (“Smith”), and further in view of US Patent Application No. 20090129388 to Akhtar et al (“Akhtar”).
As per claim 26, the combination of Salinger and Krishn discloses the invention as described above. Salinger and Krishn do not explicitly disclose however, In the same field of endeavor, Smith disclose the method of claim 19, further comprising: replacing an external tag of the encrypted data packet with an internal tag, wherein the internal tag includes at least one header comprising security information (Smith, [0046]-[0048]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salinger with the teaching of Smith/Krishn by including the feature of tag, in order for Salinger’s system for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node. Network security is increasing importance. A mechanism that allows for the efficient identification of network traffic. Preferably, such an approach should address limitations encountered in the use of existing ACL technology. Also preferably, such an approach should allow the network to be easily reconfigured and grow, without incurring a disproportionate administrative burden or consuming inordinately large amounts of network resources.
Salinger, Krishn and Smith do not explicitly disclose however in the same field of endeavor, Smith discloses verifying, based on the internal tag, that a security class of a key does not exceed the first security class and in response to verifying that the security class of the key does not exceed the first security class, restoring a field associated with the data packet (Akhtar, [0081]-[0083]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salinger with the teaching of Krishn, Smith, Akhtar by including the feature of verifying, in order for Salinger’s system for reducing the SIP message size has been to establish a standardized dictionary as discussed in RFC 3485 "The Session Initiation Protocol (SIP) and Session Description Protocol (SDP) Static Dictionary for Signaling Compression (SIGCOMP)." In the SIGCOMP approach, a finite dictionary defines many SIP parameters as 3-byte data substitutions. However, there are problems with the SIGCOMP approach. SIGCOMP is limited by the terms defined in the dictionary, which is static. The SIGCOMP dictionary does not evolve as SIP or SDP evolved and has remained static and unchanged. Attempts have been made to use event based state tables to build a dynamic extension to the SIGCOMP library, but under this approach the initial REGISTER message lacks enough pre-history traffic data to take advantage of this feature and memory limitations in the user equipment (UE) (e.g. cell phone, personal data assistant, computer, etc) restricts storage of long term history in the state tables to build an adequate library. There is a need for a flexible protocol to reduce the message size of SIP messages and improve service on networks.
8.1. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892).
8.2. a). US Patent Application No. 20090034734 to Owens et al., discloses a cryptographic device and method are disclosed for processing different levels of classified information. A memory caches keys for use in a cryptographic processor. The cryptographic processor requests a key associated with a particular classification level when processing a packet of the particular classification level. The cryptographic device confirms that the key and the packet are of the same classification level in a high-assurance manner. Checking header information of the keys one or more times is performed in one embodiment. Some embodiments authenticate the stored key in a high-assurance manner prior to providing the key to the cryptographic device.
b). US Patent Application No. 20080130889 to Qi et al., discloses an architecture and associated methods and devices are described that include a plurality of stages of cipher round logic, each stage configured to perform cryptographic processing of plaintext data in a counter mode and output ciphertext data, a plurality of multipliers, each multiplier configured to receive the ciphertext data output from at least one associated stage of the plurality of stages of cipher round logic and continue the cryptographic processing to output at least a portion of an integrity check value (ICV), and control logic configured to provide a selection between a first option of performing the cryptographic processing at a first data rate using a first number of the plurality of stages and a first number of the plurality of multipliers, and a second option of performing the cryptographic processing at a second data rate using a second number of the plurality of stages and a second number of the plurality of multipliers.
Conclusion
9. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
HARUNUR . RASHID
Primary Examiner
Art Unit 2497
/HARUNUR RASHID/Primary Examiner, Art Unit 2497