DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to Applicant’s communication filed on 02/19/2026. Claims 1-9,21-31 have been examined. Claims 10-20 are cancelled. Claims 21-31 are new.
Response to Restriction
Applicant hereby elects to prosecute the claims of Group I (claims 1-9) without traverse, cancels claims 10-20 and adds claims 21 -30.
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 04/24/2024, 12/23/2024, 05/09/2025, 08/12/2025, 12/01/2025 The submissions are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Claim Objections
Claim 22 is objected to because of the following informalities:
With regards to claim 22, the claim recites “ the header of the second data packet”. Examiner suggests amending the claim to recite “ the second header of the second data packet” for consistency because claim 22 recites a second header of a second data packet.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 4 -5 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
With regards to claim 4, the claim recites “ such that the protocol header mimics the network traffic …” raises new issue as being indefinite because it does not capture the functions by which the intended results are accomplished. There is no structure in the claim limitation that provides details of how the protocol header mimics the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount. Therefore, the examiner is unable to determine the metes and bounds of the claim language.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim 1 is rejected under 35 U.S.C. 102 (a1) as being anticipated by Qiu et al.” Traffic Adaptor: An Adaptive Obfuscation Strategy for Vehicle Location Privacy Against Traffic Flow Aware Attacks” Publication date 11/22/2022 (Qiu hereinafter).
Regarding claim 1,
Qiu teaches a scatter network device, comprising:
a non-transitory memory; at least one processor; and a scatter application stored in the non-transitory memory that, when executed by the at least one processor (Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location. As a countermeasure, we then develop an adaptive strategy to obfuscate a vehicle’s location by a “fake” trajectory that follows a realistic traffic flow – Note: examiner interprets the scatter device that comprises a scatter application as any device that comprise a software application to perform the functions below);
receives a request to transmit source data to a destination device (Section 4- we introduce a new location obfuscation strategy, called FTraj, to ensure that the generated obfuscated locations follow realistic vehicle traffic flows. The basic idea of FTraj is to let the vehicle generate fake trajectories that follow realistic traffic flows when the vehicle is driving. Then, the vehicle report the current locations of fake trajectories when requested - we let the vehicle maintain a sufficiently large pool of fake trajectories, and select one to report when requested);
processes the source data via a predictive machine-learning model executed by the scatter application to packetize the source data into a data packet ( Section 1– Introduction - From the perspective of an attacker, the vehicle’s mobility can be modeled by a hidden Markov model (HMM) – vehicle uses FTraj to generate multiple “fake” trajectories by following traffic flow data, and then randomly selects a fake trajectory and reports its current location as required - Section 3.1 & Section 3.2 - From the perspective of an attacker, the vehicle’s mobility can be modeled by a hidden Markov model- From the attacker’s perspective, vehicles’ reported (obfuscated) locations are observable, while the vehicles’ true locations are hidden. Nevertheless, the vehicle’s obfuscated location is related to its true location by following a probability distribution determined by the obfuscation matrix Z𝑡𝑛 , which is also visible to the attacker);
the data packet having a format indicative of network traffic existing in a region in which the scatter network device is located and having a frequency of occurrence greater than a threshold amount (Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the
location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e.,𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) Also examiner interprets the scatter);
wherein the format indicative of network traffic existing in the region in which the scatter network device is located is different from a format of the source data; and transmits the data packet (Abstract - One of the most popular location privacy-preserving mechanisms applied in location-based services (LBS) is location obfuscation, where mobile users are allowed to report obfuscated locations instead of their real locations to services – Section 1- Introduction - Location privacy issues of LBS have been widely acknowledged in the recent years A large body of recent work has focused and developed protection mechanisms
by way of location obfuscation, wherein which mobile users are allowed to report obfuscated locations instead of true locations to servers - Based on this threat model, we design an advanced traffic-aware obfuscation strategy, called FTraj, in which the traffic flow data is taken in account when obfuscating vehicle’s real location. Particularly, instead of obfuscating the vehicle’s locations at different rounds independently, a vehicle uses FTraj to generate multiple “fake” trajectories by following traffic flow data, and then randomly selects a fake trajectory and reports its current location as required ).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke et al. Publication No.US 2011/0134920 ( Dyke hereinafter)
Regarding claim 2,
Qiu does not explicitly teach
wherein the data packet includes at least a source Internet Protocol (IP) address identifying the scatter network device, a destination IP address, and a payload, the payload including at least a protocol header and a portion of the source data.
However, Dyke teaches
data packet includes at least a source Internet Protocol (IP) address identifying the scatter network device, a destination IP address, and a payload, the payload including at least a protocol header and a portion of the source data (Figs.1 – 3, ¶ 0002 - The IPv4 data packet 100 comprises a variable length data 110 portion, also called payload, and a header 120. The header comprises many fields; for the purposes of the present description, important fields comprise a source address 122, a destination address 124 and a protocol 126
Claim 3 -forwarding of the data packet is made according to a destination address comprised in the first header – Claim 7 - forwarding of the data packet is made according to a destination address comprised in the second header – Claim 12 - the elements of the second header comprise source and destination addresses of a tunneled data packet – ¶ 0016 -an IP version 4 or an IP version 6packet comprising a header and a payload. It may be a tunneled IP packet comprising an outer header and an enlarged payload consisting of an inner header and of an
original payload).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Dyke. The motivation for doing so is to allow the system to efficiently handle data packets ( Dyke – ¶ 0004).
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Wei et al. Publication No. US 2024/0121328 (Wei hereinafter)
Regarding claim 3,
Qiu does not explicitly teach
wherein the protocol header has a format determined according to the predictive machine-learning model.
However, Wei teaches
wherein the protocol header has a format determined according to the predictive machine-learning model (¶0171 - wherein the determining the header format for the one or more protocol data units for each of the one or more protocol layers comprises using a model trained using machine learning – ¶ 0167 – ¶ 0168 - determining a value of one or more input parameters, determining a header format for each of the one or more protocol layers based on the value of each of the one or more input parameters, forming the one or more protocol data units for each of the one or more protocol layers in accordance with each of the determined header formats – ¶ 0099 - Based on the value(s) of the input parameter(s) indicated by the input parameter value indication 1232, the AI PDU format selector 1200 determines PDU formats for use by the respective one or more protocol entities. For example, the PDU format may define a header format for the respective one or more protocol entities. This determination may be made jointly in respect of two or more protocol entities – ¶ 0100 - The AI PDU format selector 1200 may operate in accordance with artificial intelligence/machine learning techniques. – See Also ¶ 0101).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Wei. The motivation for doing so is to allow the system to provide a dynamic adaptation of a format of the headers of protocol data units formed for transmitting data via one or more protocol layers using a machine learning technique to select the header format based on currently experienced values of one or more input parameters (Wei – ¶ 0010).
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Jiang et al. “Net Diffusion: Network Data Augmentation Through Protocol-Constrained Traffic Generation” Publication date 12/10/2023 (Jiang hereinafter)
Regarding claim 4,
Qiu further teaches
wherein the predictive machine-learning model is configured to determine [..] the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount(Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e., 𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) ).
However, Qiu does not explicitly teach predictive machine-learning model is configured to determine the protocol header such that the protocol header mimics the network traffic
Jiang teaches
predictive machine-learning model is configured to determine the protocol header such that the protocol header mimics the network traffic ( Page 1 - we apply diffusion models to generate high-resolution synthetic network traffic traces. We present NetDiffusion1, a tool that uses a finely-tuned, controlled variant of a Stable Diffusion model to generate synthetic network traffic that is high fidelity and conforms to protocol specifications. Our evaluation demonstrates that packet captures generated from Net Diffusion can achieve higher statistical similarity to real data and improved ML model performance than current state-of-the-art approaches (e.g., GAN-based approaches) – Page 2 - In this paper, we introduce Net Diffusion, an approach to synthetic raw network traffic generation for producing packet headers leveraging fine-tuned, controlled stable diffusion models. Our contributions are as follows: (1) Generation of synthetic network traces with high resemblance to real traffic. To improve resemblance to real network traffic, we employ controlled generation techniques to maintain fidelity to the protocol and header field value distributions observed in real data and, post generation, use domain knowledge-based heuristics to finely check and adjust the generated fields, ensuring their semantic correctness in terms of compliance with transport and network layer protocol rules).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Jiang. The motivation for doing so is to allow the system to provide synthetic raw network traffic generation for producing packet headers leveraging fine-tuned, controlled stable diffusion models (Jiang– Page 2).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Jiang further in view of Kanonakis et al. Publication No. US 2016/0105364 A1 (Kanonakis hereinafter) further in view of Okhravi et al. Publication No. US 2017/0118176 A1 ( Okhravi hereinafter)
Regarding claim 5,
Qiu does not explicitly teach
wherein the predictive machine-learning model is configured to: determine an IP address of a network device to which network traffic having the protocol header is transmitted at a frequency greater than a second threshold amount, the IP address not of the destination device; and provide the IP address of the network device as the destination IP address in the data packet.
However, Kanonakis teaches
predictive machine-learning model is configured to: determine an IP address of a network device to which network traffic having the protocol header is transmitted at a frequency greater than a second threshold amount, the IP address not of the destination device; and (¶ 0067 - may be employed to extract data from traffic flows in the network, and the data may be employed to identify one or more sets of “useful” values (e.g. IP addresses that exist in a particular network instance, TCP ports that are associated to particular applications, and are not randomly generated by end hosts), which may be generated by the predictor/classifier 508 according to some embodiments – ¶ 0045 - the present principles may be employed to identify one or more sets of “useful values, (e.g. IP addresses that appear frequently in a particular network instance, or TCP ports that are associated to particular applications, and are not randomly generated by end hosts). For example, considering a particular network where computer hosts have been assigned the IP addresses in the range, for example, 192.168.1.1 to 192.168.1.254, and only the HTTP application is running with HTTP servers listening to TCP port 80. In this embodiment, the classifier may consider only IP addresses 192.168.1.1 to 192.168.1.254 and TCP port 80 as “useful” (e.g., appearing either as source or destination addresses/ ports respectively) while all other values may be considered as “undefined according to the present principles – ¶ 0046 - For example, with respect to the TCP ports 214, a particular TCP port may be included in the set of useful values if a particular TCP port appears in flows more than a pre-defined number of times (e.g., above a pre-determined threshold), and each time (e.g., iteration) the particular TCP port may be associated with another IP source-destination pair according to an embodiment of the present principles – Note: the ML classifier model identifies useful values across the network which includes the intermediate nodes that are not intended destination) .
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Kanonakis. The motivation for doing so is to allow the system to provide management of network traffic flow for one or more networks of interconnected computing devices, including predicting one or more types of network traffic data flows using a Machine Learning (ML) classifier, and updating the ML classifier according to identified changes in the network traffic data flows (Kanonakis – Abstract).
However, Qiu in view of Kanonakis does not explicitly teach
provide the IP address of the network device as the destination IP address in the data packet
Okhravi teaches
provide the IP address of the network device as the destination IP address in the data packet (Abstract - A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header – Claim 5 - wherein the indication of validity comprises a number of times that the set of nonces may be used.Claim1 - replacing a source address and a destination address in the packet with a set of nonces prior to its transmission - providing the destination with the source address and destination address that correspond to the set of nonces).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui in view of Kanonakis to include the teachings of Okhravi. The motivation for doing so is to allow the system to create randomized packet headers, and for forwarding packets with randomized headers through a network (Okhravi – ¶ 0002).
Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Anderson et al. Publication No. US 2021/0160268 A1 ( Anderson hereinafter).
Regarding claim 6,
Qiu further teaches
wherein the predictive machine-learning model is configured to [..] mimic the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount (Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e., 𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) ).
However, Qiu does not explicitly teach predictive machine-learning model is configured to control an inter-packet timing of the transmitting to mimic the network traffic
Anderson teaches
predictive machine-learning model is configured to control an inter-packet timing of the transmitting to mimic the network traffic existing in the region (Abstract - receives traffic data regarding a plurality of observed traffic flows. The device maps one or more characteristics of the observed traffic flows from the traffic data to traffic characteristics associated with a targeted deployment environment. The device generates synthetic traffic data based on the mapped traffic characteristics associated with the targeted deployment environment. The device trains a machine learning based traffic classifier using the synthetic traffic data – ¶ 0067 – the traffic data may be considered "synthetic" as it does not require the sending of any actual traffic in the network. The synthetic traffic data may also be of a form similar to that of the observed traffic data from step 510. Example system dependent characteristics in the synthetic traffic data that may be varied based on the targeted environment may include, but are not limited to, TLS-related information of the flows ( e.g., the cipersuite used, the advertised TLS extensions, etc.), DNS-related information, HTTP header fields, inter-packet timing information, packet size/length information, a network MTU, a network MSS, or any other information that can be captured through analysis of the packets of the traffic flows.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Anderson. The motivation for doing so is to allow the system to leverage synthetic traffic data samples for flow classifier training (Anderson – ¶ 0002).
Regarding claim 7,
Qiu further teaches
wherein the predictive machine-learning model is configured to [..] mimic the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount ( Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e., 𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) ).
However, Qiu does not explicitly teach predictive machine-learning model is configured to control a size of the data packet to mimic the network traffic
Anderson teaches
wherein the predictive machine-learning model is configured to control a size of the data packet to mimic the network traffic existing in the region (Abstract - receives traffic data regarding a plurality of observed traffic flows. The device maps one or more characteristics of the observed traffic flows from the traffic data to traffic characteristics associated with a targeted deployment environment. The device generates synthetic traffic data based on the mapped traffic characteristics associated with the targeted deployment environment. The device trains a machine learning based traffic classifier using the synthetic traffic data – ¶ 0067 - the device may generate synthetic traffic data based on the mapped characteristics from step as described in greater detail above. Generally, the traffic data may be considered "synthetic" as it does not require the sending of any actual traffic in the network. The synthetic traffic data may also be of a form similar to that of the observed traffic data from step 510. Example system dependent characteristics in the synthetic traffic data that may be varied based on the targeted environment may include, but are not limited to, TLS-related information of the flows ( e.g., the cipersuite used, the advertised TLS extensions, etc.), DNS-related information, HTTP header fields, inter-packet timing information, packet size/length information, a network MTU, a network MSS, or any other information that can be captured through analysis of the packets of the traffic flows).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Anderson. The motivation for doing so is to allow the system to leverage synthetic traffic data samples for flow classifier training (Anderson – ¶ 0002).
Regarding claim 8,
Qiu further teaches
wherein the predictive machine-learning model is configured [...] to mimic the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount ( Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e., 𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) ).
However, Qiu does not explicitly teach predictive machine-learning model is configured to control a record type indicated in the protocol header to mimic the network traffic existing in the region, the record type not indicative of the source data.
Anderson teaches
predictive machine-learning model is configured to control a record type indicated in the protocol header to mimic the network traffic existing in the region, the record type not indicative of the source data(Abstract - receives traffic data regarding a plurality of observed traffic flows. The device maps one or more characteristics of the observed traffic flows from the traffic data to traffic characteristics associated with a targeted deployment environment. The device generates synthetic traffic data based on the mapped traffic characteristics associated with the targeted deployment environment. The device trains a machine learning based traffic classifier using the synthetic traffic data – ¶ 0067 - the device may generate synthetic traffic data based on the mapped characteristics from step as described in greater detail above. Generally, the traffic data may be considered "synthetic" as it does not require the sending of any actual traffic in the network. The synthetic traffic data may also be of a form similar to that of the observed traffic data from step 510. Example system dependent characteristics in the synthetic traffic data that may be varied based on the targeted environment may include, but are not limited to, TLS-related information of the flows ( e.g., the cipersuite used, the advertised TLS extensions, etc.), DNS-related information, HTTP header fields, inter-packet timing information, packet size/length information, a network MTU, a network MSS, or any other information that can be captured through analysis of the packets of the traffic flows).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Anderson. The motivation for doing so is to allow the system to leverage synthetic traffic data samples for flow classifier training (Anderson – ¶ 0002).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Kolar et al. Publication No. US 2020/0382402 A1 ( Kolar hereinafter)
Regarding claim 9,
Qiu further teaches
wherein the predictive machine-learning model is configured [..] to mimic the network traffic existing in the region in which the scatter network device is located and having a frequency of occurrence greater than the threshold amount ( Abstract - we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location – Section 2.1 - before reporting the location to the server, each privacy-aware vehicle needs to conceal its actual location, via an obfuscation function. The obfuscation function takes the vehicle’s current true location as input, and returns the probability distribution of the obfuscated location, based on which the vehicle can select an obfuscated location to report. Considering that the server will use the vehicle’s obfuscated location to assign a service, in parallel to protecting vehicles’ location privacy, the obfuscation function also aims to limit service quality loss (QL) caused by obfuscation –Section 4.1 - When the vehicle starts its trip, the vehicle selects a single location as the starting point of all the fake trajectories. Like [23, 30], the location is selected in a probabilistic manner via an obfuscation matrix Z1, generated by the server and downloaded by the vehicle. Subsequently, the vehicle needs to generate/update a fake trajectory pool during each consecutive location reports. Section 3.2 - Traffic datasets usually record the vehicles’ coordinates along with timestamps, where time is (or can be) discretized into slots (e.g., seconds [18]). The attacker can then calculate the vehicle’s transition probability from location 𝑠𝑖 to location 𝑠 𝑗 during the time slot 𝑡 -Section 4.1 - Reproduction (see Figure 6(a)). We let F [𝑡𝑎,𝑡 ] denote the fake trajectory pool during [𝑡𝑎, 𝑡] (𝑡𝑎 ≤ 𝑡 ≤ 𝑡𝑏). For each fake trajectory [𝑡𝑎,𝑡−1] 𝑓 = 𝑠𝑡𝑎 𝑓 , ..., 𝑠𝑡−1 𝑓 ∈ F[𝑡𝑎,𝑡−1] , the vehicle extends [𝑡𝑎,𝑡−1] 𝑓 by adding a new location 𝑠𝑡 𝑓 that is reachable by 𝑠𝑡−1 𝑓 , i.e., 𝑝𝑡−1,𝑡 𝑠𝑡−1 𝑓 ,𝑠𝑡 𝑓 > 0. The newly generated fake trajectory is called an offspring of s Given the transition matrix P𝑡−1,𝑡 and the constant Γ, we can find the set of possible locations to generate an offspring of [𝑡𝑎,𝑡−1] [𝑡𝑎,𝑡−1] = ..> 0, -Note: the frequency of occurrence is defined as the count of vehicle transitioning between specific road segments in a specific region (Shenzhen) This frequency is translated into transition probability matrix, the only probabilities that are accepted are the ones are greater than zero (threshold) ).
However, Qiu does not explicitly teach predictive machine-learning model is configured to control a communication channel, from among a plurality of available communication channels, on which the transmitting is performed to mimic the network traffic.
Kolar teaches
predictive machine-learning model is configured to control a communication channel, from among a plurality of available communication channels, on which the transmitting is performed to mimic the network traffic (¶ 0084 - The techniques herein introduce a machine learning- based approach that is used to construct and transmit active probes that mimic application traffic with high fidelity. In one aspect, the system may identify the current pattern of the application traffic being sent using machine learning and pattern detection techniques, and then create a probe signature that will most realistically match the possible application performance. In another aspect, the system may analyze the application performance/telemetry data over multiple tunnels at different times and extract the predominant patterns of traffic. In tum, application traffic profiles may be created that can be reused to send probe traffic over other tunnels that currently do not convey traffic for the application, but could be predicted to do so. In a further aspect, the techniques herein can also identify (in real-time). ¶ 0111 - the device may generate, based on the cluster, packets that mimic the application traffic, as described in greater detail above. Notably, through the behavioral clustering, the device is able to devise a template for packets that will exhibit the same behavioral characteristics as that of the application traffic (e.g., in terms of
timing, packet size, protocols, etc.) – See ¶ 0112).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Kolar. The motivation for doing so is to allow the system to provide an active probe construction using machine learning for measuring software - defined wide area network ( SD - WAN ) tunnel metrics (Kolar – ¶ 0001).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Alton et al. Publication No. US 2017/0149812 A1 ( Alton hereinafter)
Regarding claim 21 ,
Qiu further teaches
wherein the predictive machine-learning model is trained for the region according to a process that comprises: receiving a training data set, the training data set including network traffic for the region (Abstract - In this paper, we propose a vehicle traffic flow aware attack that leverages public traffic flow information to recover a vehicle’s real location from obfuscated location. As a countermeasure, we then develop an adaptive strategy to obfuscate a vehicle’s location by a “fake” trajectory that follows a realistic traffic flow -Section I - The HMM transition matrix, which can be learnt using the traffic flow information, describes the probabilities of the vehicle traveling between the locations over the map. Given the HMM matrix, the vehicle’s real locations can be estimated with a high accuracy using well-developed hidden state inference algorithms - We let 𝑣𝑡𝑛
𝑗 represent the probability that the vehicle’s 𝑛th hidden state is at 𝑠 𝑗 given the
first 𝑛−1 observations , and passing through the most probable state sequence s, i ) ;
training the predictive machine-learning model by characterizing, via a machine-learning analysis, the region based on the training data set to determine first network traffic characteristics occurring in the region at a frequency greater than second network characteristics (Section 5.1 - We first test the accuracy of our trajectory inference algorithm TFA. In what follows, we set the parameters 𝜖 = 100/km, Γ = 1𝑘𝑚, and 𝑀 = 100 in TFA. Using the vehicles’ historical traffic records in Shenzhen [18], we can train the HMM transition matrices of TFA over time by Equ. (5). Figure 4 shows a heat map of the transition probabilities between the adjacent road segments in Shenzhen) ;
receiving a data packet packetized according to the predictive machine- learning model (Section I - When a vehicle obfuscates its location independently the trajectory looks “impossible” as the transition between the many adjacent reported locations in the trajectory is improbable (see the trajectory {𝐴, 𝐵,𝐶, 𝐷, 𝐸, 𝐹,𝐺} in Figure ; Based on this threat model, we design an advanced traffic-aware obfuscation strategy, called FTraj, in which the traffic flow data is taken in account when obfuscating vehicle’s real location. Particularly, instead of obfuscating the vehicle’s locations at different rounds independently, a vehicle uses FTraj to generate multiple “fake” trajectories by following traffic flow data, and then randomly selects a fake trajectory and reports its current location as required)
However, Qiu does not explicitly teach
analyzing the data packet to determine whether the data packet exhibits suspicious characteristics, the analysis resulting in data packet feedback; and refining the predictive machine-learning model based on the data packet feedback.
Alton teaches
analyzing the data packet to determine whether the data packet exhibits suspicious characteristics, the analysis resulting in data packet feedback; and refining the predictive machine-learning model based on the data packet feedback (¶ 0041 – identifying suspicious network connections, comprising: one or more processor; and an analysis function to be operated by the one or more processors to receive a collection of network data records, and apply a latent factor model to the data to identify a subset of the network data records as suspicious network connections – ¶ 0044 - wherein to identify a subset of the network data records as suspicious network connections, the analysis function may further use the latent factor model to generate a probabilistic model for network traffic and assign a likelihood score to each connection indicating a likelihood of a particular device sending or receiving a given connection from/to another device on the network – ¶ 0027 - Feedback from analysts in the form of scored records can be incorporated back into the model. Connections labelled as false positives are duplicated many times in the training data in order to help the model learn that these connections are a part of the normal behavior of the devices involved. Additionally, connections labelled as true positives may be down sampled in future trainings. The model is then refit on the original training data plus the duplicated records minus any down sampled records if any. In this way, the model is able to improve and adapt over time through periodic refitting).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Alton. The motivation for doing so is to allow the system to identify suspicious network connection (Alton – Abstract).
Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Alton further in view of USCUMLIC et al. Publication No. US 2023/0224244 A1 ( USCUMLIC hereinafter) .
Regarding claim 22 ,
Qiu does not explicitly teach
wherein when executed, the scatter application generates a second header of a second data packet according to the predictive machine-learning model after the refining, wherein the refining causes the header of the second data packet to include different network characteristics than included in the protocol header
USCUMLIC teaches
wherein when executed, the scatter application generates a second header of a second data packet according to the predictive machine-learning model after the refining, wherein the refining causes the header of the second data packet to include different network characteristics than included in the protocol header(Abstract, ¶ 0004 -The transceiver is configured to receive an input packet having an input header and forward an output packet having an output header. The processing circuitry is configured to parse the input header, determine recommendations for forwarding a payload of the input packet using a trained neural network and based on the parsed input header, and process the input packet and generate the output packet with the output header based on the recommendations and available resources - ¶ 0036 - Example embodiments utilize machine learning based on available information and past results to more dynamically determine or infer a recommended route for a data packet. Example embodiments may reduce routing times (time from the data packet being sent by a source device to a destination device), reduce transmission errors, improve network performance, or the like. ¶ 0052 -a trained machine learning algorithm receives the DL input data extracted from the input data packet at 310. The trained machine learning algorithm may be a deep learning Boltzmann Machine (BM)-Using the P4 format/language, the BM may process information for various
communication methods and protocols. ¶ 0060 -the format of the header may be changed for the type of network device or location in the network architecture of the forwarding device to which the first data packet is being sent. See Also ¶ 0065).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of USCUMLIC. The motivation for doing so is to allow the system to improve routing performance of the network and/or reduce transit time of data packets in the network (USCUMLIC – ¶ 0003).
Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Alton further in view of Anderson
Regarding claim 23 ,
Qiu does not explicitly teach
wherein the characterizing includes at least data packet size, inter-packet timing, data packet record type, data packet request-reply pairs, timing between data packet request-reply pairs, bandwidth, time of network traffic transmission, destination of network traffic transmission, and communication session length
However, Anderson teaches
wherein the characterizing includes at least data packet size, inter-packet timing, data packet record type, data packet request-reply pairs, timing between data packet request-reply pairs, bandwidth, time of network traffic transmission, destination of network traffic transmission, and communication session length (¶ 0051 - Captured traffic data 402 may generally include information obtained from analysis of the observed traffic flows. For example, captured traffic data 402 may include traffic characteristics such as, but not limited to, TLS-related information of the flows (e.g., the ciper suite used, the advertised TLS extensions, etc.), DNS-related information, HTTP header fields (e.g., proxy, user agent, etc.), an advertised security extension, a proxy-related header field, packet length information (e.g., a network maximum transmission unit (MTIJ) in use by the flow packets, a network maximum segment size (MSS) in use by the flow, etc.), inter-packet timing information, a Hypertext Transfer Protocol (HTTP) header field, or any other information that can be captured through analysis of the packets of the traffic flows (e.g., through analysis of the packet headers, the payloads of unencrypted packets, etc.) -¶ 0040 - The networking device that captures the traffic data may also compute any number of statistics or metrics regarding the traffic flow. For example, CE-2 may determine the start time, end time, duration, packet size(s), the distribution of bytes within a flow, etc., associated with the traffic flow by observing packets 302. In turn, the capturing device may itself perform analysis of the traffic flows (e.g., to detect malicious/malware-related flows) - ¶ 0039 - a networking device may analyze packet headers, to capture information about the traffic flow. For example, router CE-2 may capture the source address and/or port of host node 10, the destination
address and/or port of server 154, the protocol(s) used by packet 302, or other header information by analyzing the header of a packet 302 – ¶ 0014 - Data packets 140 (e.g., traffic/messages) may be exchanged among the nodes/devices of the computer network 100 over links using predefined network communication protocols such as the Transmission Control Protocol/Internet Protocol (TCP/IP)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Anderson. The motivation for doing so is to allow the system to leverage synthetic traffic data samples for flow classifier training. (Anderson – ¶ 0002).
Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja et al. Publication No. US 2024/0179123 A1 ( Nagaraja hereinafter)
Regarding claim 24,
Qiu does not explicitly teach
wherein the destination IP address is a deceptive destination IP address that identifies a network destination determined to receive a volume of communication greater than a threshold amount from the region
However, Nagaraja teaches
wherein the destination IP address is a deceptive destination IP address that identifies a network destination determined to receive a volume of communication greater than a threshold amount from the region (¶ 0102 - transaction service provider system 502 may provide an IP address ( e.g., an IP address associated with a physical address, an IP address associated with an area ( e.g., a town, a state, a country, and/or the like), and/or the like) to a database of IP addresses correlated to malicious data transmissions to query the database and receive from the database an indication of whether the IP address is blocked or not blocked. In some non-limiting embodiments or aspects, transaction service provider system 502 may derive data from the network layer data and/or the transport layer data that is associated with a history of authorization requests involving an IP address. For example, transaction service provider system 502 may query a database of IP addresses correlated to authorization requests and/or authorization responses and receive from the database an indication of whether an IP address is associated with a volume of authorization requests that exceeds a threshold ( e.g., a predetermined threshold of authorization requests permitted within a time period).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Nagaraja. The motivation for doing so is to allow the system to prevent transmission of malicious data (Nagaraja – Abstract).
Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Thubert et al. Publication No. US 2023/0275868 A1 ( Thubert hereinafter) further in view of Zhang et al. Publication No. US 2025/0193109 A1 ( Zhang hereinafter).
Regarding claim 25,
Qiu does not explicitly teach
wherein transmitting the data packet is configured to cause: receiving, in the network, the data packet at a scatter relay node; determining, based on the payload of the data packet, an actual destination IP address of the destination device; replacing the deceptive destination IP address in the data packet with the actual destination IP address; and transmitting the data packet having the actual destination IP address in the network.
Thubert teaches
wherein transmitting the data packet is configured to cause: receiving, in the network, the data packet at a scatter relay node; determining[..] an actual destination IP address of the destination device; replacing the deceptive destination IP address in the data packet with the actual destination IP address; and transmitting the data packet having the actual destination IP address in the network (¶ 0015 - the first method may further include receiving a packet having a destination address that is the first VIP address, determining that a source address of the packet is a source IP address of the client device sent the packet, performing Network Address Translation (NAT) by changing the destination address of the packet from the first VIP address to the IP address of the endpoint, and sending the packet to a next hop associated with the IP address of the endpoint – ¶ 0020 -This disclosure describes techniques for using NAT, MIP, and/or other techniques in conjunction with DNS to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server – Note examiner interprets the scatter relay device as any relay device that perform the function ).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Thubert. The motivation for doing so is to allow the system to convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server(Thubert– Abstract).
QUI in view of Thubert does not explicitly teach determining, based on the payload of the data packet, an actual destination IP address of the destination device;
Zhang teaches
determining, based on the payload of the data packet, an actual destination IP address of the destination device ( ¶0328 – the PEGCl performs address translation to convert a target IP into the PIN server. The PEGCl needs to carry the IP (that is, IP #3, Port #3) of the real target PIN device in the payload. ¶0253 -¶0256 - the second communication device sets target address information of the first message as the first type address, and load of the first message carries the first type address of a real source PIN device. For another example: in some cases, the second communication device sets target address information as the second type address, and load of the first message carries the first type address of the real source PIN device - the second communication device obtains the target address carried in the first message, determines the fourth communication device corresponding to the target address based on the second mapping relationship, and transmits the first message to the fourth communication device).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui in view of Thubert to include the teachings of Zhang. The motivation for doing so is to allow the system to prevent the external network from directly seeing the address, further enhancing the security.
Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Thubert further in view of Zhang further in view of Yadav et al. Publication No. US 2023/0100395 A1 ( Yadav hereinafter)
Regarding claim 26,
Qiu does not explicitly teach
wherein the scatter network device transmits the data packed in a cellular communication network to cause the scatter relay node to receive the data packet from a mobile network operator in the cellular communication network.
However, Yadav teaches
wherein the scatter network device transmits the data packed in a cellular communication network to cause the scatter relay node to receive the data packet from a mobile network operator in the cellular communication network ( Fig.1, ¶ 0010 – ¶ 0013 - the wireless device is connected to the MNO via a radio access network (RAN) and wherein traffic is received at a SASE gateway of the SASE domain – ¶ 0012 - the SASE APN carriers traffic for multiple different tenants from the MNO to the SASE gateway via a SASE Access Point Name (APN). the SASE APN carriers traffic for multiple different tenants from the MNO to the SASE gateway in at least one of a GRE tunnel, an IPsec tunnel, and a Software Defined-WAN (SD-WAN) – ¶ 0050 - the MNO gateways are configured to direct traffic to the SASE gateway 132 via a tunnel that corresponds to an Access Point (APN) – ¶ 0064 - Once the device 324 is connected to the network of the MNO, the device can send and receive data. For example, the device can send/receive data to/from the Internet 310 and the enterprise domain 306. Traffic, which is identified at the MNO as traffic that should be handled by the SASE domain, is passed via a tunnel 334 to the SASE domain using a SASE APN When the MNO gateway (e.g., SAE gateway) receives network traffic corresponding to the APN, the MNO gateway forwards the traffic to the corresponding SASE gateway).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Yadav. The motivation for doing so is to allow the system to forward traffic received at the SASE domain from the wireless device via the MNO according to the IP address-to-tenant mapping (Yadav – ¶ 0002).
Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Thubert further in view of Zhang further in view of Davis et al. Publication No. US 2017/0041830 A1 ( Davis hereinafter).
Regarding claim 27,
Qiu does not explicitly teach
wherein the scatter network device transmits the data packed in a satellite communication network to cause the scatter relay node to receive the data packet from a ground handoff station in the satellite communication
However, Davis teaches
wherein the scatter network device transmits the data packed in a satellite communication network to cause the scatter relay node to receive the data packet from a ground handoff station in the satellite communication (¶ 0038 - the signal path from the gateway 200 to the satellite 300 is labeled "Forward Feeder Link" (FFL) – ¶ 0120 - As the time for the handoff arrives, the gateway 200 may transmit the last forward link packet 814 to the user terminal 400 via the source satellite 300. – ¶ 0103 - The gateway 200 may then transmit these handoff parameters to the UT 408 in a handoff message 808 via the first satellite 300. ¶ 160 - the gateway 200 may resume transmission of the forward link 1218 to the UT 400 via the target satellite 301- Note: the gateway 200 ( network device) pass data packet over FFL to satellite 300 (scatter relay) . This will cause the relay receive packet from ground hand off station).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Davis. The motivation for doing so is to allow the system to coordinate and schedule a satellite-to-satellite handoff in such a way that there are no messaging round-trip delays between the last return service link (RSL) packet transmitted from the user terminal to the source satellite and the first RSL packet transmitted from the user terminal to the target satellite (Davis – Abstract).
Claim 28 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Thubert further in view of Zhang further in view of Buckingham et al. Patent No. US 11,615,210 B1 ( Buckingham hereinafter)
Regarding claim 28,
Qiu does not explicitly teach
wherein transmitting the data packet is configured to cause the scatter relay node to determine the actual destination IP address based on an endpoint validation token included in the payload and identifying the destination device.
However, Buckingham teaches
wherein transmitting the data packet is configured to cause the scatter relay node to determine the actual destination IP address based on an endpoint validation token included in the payload and identifying the destination device (Col.8, lines 10- 30 - The data tokenization service 202 can receive the packets from the network switch 302. The data tokenization service 302 can analyze the packet to determine if the packet includes any private information. If the packet include private information, the data tokenization service can sanitize the payload of the data packet. The data tokenization service 202 sends the sanitized packet to the network switch 302. The network switch 302, in tum, sends the sanitized packet to the data target 230. Col.9, lines 5-15-A task master 504 reads information from the packet 5 intercept 502 and from user-defined configuration database 514 to determine whether to tokenize, de-tokenize or ignore The user-defined configuration database 514 may include for example, source and destination IP addresses along with an instruction that identifies how to process packets to and/or from the address. For example, a user may define that all packets from a particular source or directed to a particular destination needs to be sanitized or desanitized. Col.7, lines 1-10 -The detokenization component 220 then interacts with the security component 216. The security component 216 identifies an authorization level associated with the detokenization. The authorization level may be based on the IP address or identity of the user who is to receive the unsanitized data).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Buckingham. The motivation for doing so is to allow the system to obfuscate the private data by adding a reference to the location of the encrypted private data in the payload (Buckingham – Col.1, lines 45-50).
Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Aune et al. Publication No.US 2002/0010683 A1 ( Aune hereinafter) further in view of Chandramouli et al. Publication No.US 2020/0053685 A1 ( Chandramouli hereinafter)
Regarding claim 29,
Qiu does not explicitly teach
wherein when executed, the scatter application registers, with a network relay node in a network in which the data packet is transmitted, an association between the source IP address and a unique identifier of the scatter network device, the registration indicating that network traffic originating in the network at the scatter network device should be handled according to Access Point Name (APN) redirection.
However , Aune teaches
wherein when executed, the scatter application registers, with a network relay node in a network in which the data packet is transmitted, an association between the source IP address and a unique identifier of the scatter network device, the registration indicating that network traffic originating in the network at the scatter network device should be handled according to Access Point Name (APN) [..] (¶ 00019 - providing from said RADIUS server to said GGSN upon such request a subscriber IP (Internet Protocol) address to be stored in said GGSN (Gate way GPRS Support Node), said subscriber IP address being unique for the respective APN external network defined in said GGSN, Abstract - said subscriber IP address being unique for the respective APN external network defined in said GGSN, using said GGSN for combining the APN gateway address and the subscriber IP address, to form a unique subscriber identifier, and sending from said GGSN said identifier to the RADIUS server for accounting, e.g. in the form of an ASCII String - The method includes the steps of connecting one or more external networks to the GPRS system and identifying the or each network with an APN (Access Point Name), and assigning to an or each APN external network a gateway address).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Aune. The motivation for doing so is to allow the system to assign unique identifiers for allowing communication between a GPRS system and a server (Aune – ¶ 0001).
Qiu in view of Aune does not explicitly teach the network traffic should be handled according to access point Name (APN) redirection
However, Chandramouli teaches
network traffic should be handled according to access point Name (APN) redirection (¶ 0047 - during an ongoing session, the network determines that the LTE/5G subscription/authorization for the UE 204 expires either for a certain session/service or for any session (i.e., the UE cannot remain registered in the network). If the UE 204 is not authorized to remain registered in the network, then the network may deregister the UE 204 and redirect the UE 204 towards a HTTP portal that provides access to the subscription server 210 to provide an opportunity to extend the registration. If the UE 204 is not authorized to obtain a specific service, the network may deactivate the corresponding PDU session (unauthorized APN) with a “redirection” indication, and may redirect the UE 204 towards a HTTP portal that provides access to the subscription server 210 to provide an opportunity to extend the specific session/service. Correspondingly, the network may install routing policies in a user plane function (e.g., 5G UPF 205) to indicate that traffic destined for the requested (unauthorized) APN or any APN from the UE 204 should be redirected towards the PDN targeted for subscription by providing the corresponding destination IP address(es)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui in view of Aune to include the teachings of Chandramouli. The motivation for doing so is to allow the system to deactivate the corresponding PDU session (unauthorized APN) with a “redirection” indication, and redirect the UE towards a HTTP portal that provides access to the subscription server to provide an opportunity to extend the specific session/service (Chandramouli – ¶ 0047).
Claims 30-31 are rejected under 35 U.S.C. 103 as being unpatentable over Qiu in view of Dyke further in view of Nagaraja further in view of Chandler et al. Patent No. US 10,498,762 B1 ( Chandler hereinafter).
Regarding claim 30,
Qiu further teaches
wherein the predictive machine-learning model determined deceptive content based on the network traffic existing in the region (Section 1– Introduction - From the perspective of an attacker, the vehicle’s mobility can be modeled by a hidden Markov model (HMM) – vehicle uses FTraj to generate multiple “fake” trajectories by following traffic flow data, and then randomly selects a fake trajectory and reports its current location as required - Section 3.1 & Section 3.2 - From the perspective of an attacker, the vehicle’s mobility can be modeled by a hidden Markov model - From the attacker’s perspective, vehicles’ reported (obfuscated) locations are observable, while the vehicles’ true locations are hidden. Nevertheless, the vehicle’s obfuscated location is related to its true location by following a probability distribution determined by the obfuscation matrix Z𝑡𝑛 , which is also visible to the attacker).
However, Qiu does not explicitly teach
wherein the data packet comprises identifying information that includes the deceptive content
Chandler teaches
wherein the data packet comprises identifying information that includes the deceptive content (Abstract - An HTTP message is received from the client device following submission of data via the input field. The message comprises the data, the encrypted attribute of the input field, and an attribute of each of the decoy input fields . The HTTP message is modified by decrypting the encrypted attribute, replacing the encrypted attribute with the decrypted attribute, and removing the decoy input field attributes. The modified HTTP message is sent to the web server device – Col.8, lines 55-70- As described and illustrated in more detail later, the security management apparatus 12 can optionally use a key that is used by the script to encrypt the name(s) of the protected input field(s) in order to decrypt the encrypted input field name(s) in the HTTP message. the security management apparatus 12 can receive a cookie identifying the encrypted input field name(s) and/or the names of any decoy input field(s). Accordingly, the security management apparatus 12 can remove any name/value pairs from the HTTP message that include a name matching one of the names identified in the cookie as corresponding to a decoy input field name. Other methods for facilitating encryption of the input field name(s) and/or communicating the decoy input field names can also be used).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Chandler. The motivation for doing so is to allow the system to facilitate significantly increased security for web applications and web page that require the submission of sensitive data by users via forms and input fields (Chandler - Col. 2, lines 55-65).
Regarding claim 31,
Qiu does not explicitly teach
wherein the data packet comprises data usable to decode the deceptive content to obtain non-deceptive content.
Chandler teaches
wherein the data packet comprises data usable to decode the deceptive content to obtain non-deceptive content (Abstract - An HTTP message is received from the client device following submission of data via the input field. The message comprises the data, the encrypted attribute of the input field, and an attribute of each of the decoy input fields . The HTTP message is modified by decrypting the encrypted attribute, replacing the encrypted attribute with the decrypted attribute, and removing the decoy input field attributes. The modified HTTP message is sent to the web server device – Col.8, lines 55-70- As described and illustrated in more detail later, the security management apparatus 12 can optionally use a key that is used by the script to encrypt the name(s) of the protected input field(s) in order to decrypt the encrypted input field name(s) in the HTTP message. the security management apparatus 12 can receive a cookie identifying the encrypted input field name(s) and/or the names of any decoy input field(s). Accordingly, the security management apparatus 12 can remove any name/value pairs from the HTTP message that include a name matching one of the names identified in the cookie as corresponding to a decoy input field name. Other methods for facilitating encryption of the input field name(s) and/or communicating the decoy input field names can also be used).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Qui to include the teachings of Chandler. The motivation for doing so is to allow the system to facilitate significantly increased security for web applications and web page that require the submission of sensitive data by users via forms and input fields (Chandler - Col. 2, lines 55-65).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/Primary Examiner, Art Unit 2445