PACKET PROCESSING METHOD AND APPARATUS

§101 §102 §103 §112

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-16, 18-21 are rejected in the Instant Application. Priority Examiner acknowledges Applicant’s claim to priority benefits of PCT application PCT/CN2022/125569 filed 10/17/2022. Information Disclosure Statement The information disclosure statement(s) (IDS) submitted on 5/30/24, 3/14/25 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered if signed and initialed by the Examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 19, 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. As per claim 19, the language is drawn to a computer program which is neither executed by a computer, nor stored on a physical structure. With regards to a forwarding chip, it is not a term of art and after reviewing the specification applicant describes the chip as being implemented wholly in hardware or software see page 29 paragraphs 3 and 4 see The forwarding chip can be NP (Network Processor), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA), or other hardware processing chips such as programmable logic devices, Digital Signal Processor (DSP), discrete gate or transistor logic devices, discrete hardware components or the like, or a combination of multiple chips, which is not limited. In the above examples, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. As per claim 20, the language is drawn to a computer program which is neither executed by a computer, nor stored on a physical structure. The network device comprises the forwarding chip as presented in rejection above and looking at Page 29 paragraphs 3 and 4 the device can be implemented wholly in software see the above examples, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. Dependent claim 21 provides a processor thus the rejection does not apply to claim 21. Claims not specifically mentioned are rejected by virtue of dependency and because they do not obviate the above-recited deficiencies. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: a first matching unit to match, a first permitting unit to permit in claim 10 and a second matching unit and a first discarding unit, a second permitting unit in claim 13, and a determining unit to determine and a second discarding unit to discard, a first matching subunit to match in claim 14 and a second matching subunit is to match in claim 15, and a learning unit to learn, a construction unit to construct in claim 18. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claims 10-16, 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. For a computer-implemented means-plus-function claim limitation that invokes 35 U.S.C. 112, sixth paragraph, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333 (Fed. Cir. 2008). The corresponding structure for a computer-implemented function must include the algorithm as well as the general purpose computer or microprocessor. See WMS Gaming, Inc., 184 F.3d 1339 (Fed. Cir. 1999). The written description of the specification must at least disclose the algorithm that transforms the general purpose microprocessor to a special purpose computer programmed to perform the disclosed algorithm that performs the claimed function. Aristocrat at 1338. Applicant may express the algorithm in any understandable terms including as a mathematical formula, in prose, in a flow chart, or in any other manner that provides sufficient structure. See Finisar Corp., 523 F.3d 1323, 1340 (Fed. Cir. 2008). A rejection under 35 U.S.C. 112, second paragraph, is appropriate if the written description of the specification discloses no corresponding algorithm. Aristocrat at 1337-1338. For example, merely referencing to a general purpose computer with appropriate programming without providing any detailed explanation of the appropriate programming, see Id. at 1334, or simply reciting software without providing some detail about the means to accomplish the function, would not be an adequate disclosure of the corresponding structure to satisfy the requirements of 35 U.S.C. 112, second paragraph, even when one of ordinary skill in the art is capable of writing the software to convert a general purpose computer to a special purpose computer to perform the claimed function. See Finisar, 523 F.3d at 1340-1341. *** Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. The terms execute blocks of the method in claim 19 is a relative term which renders the claim indefinite. The term "execute blocks" without defining blocks of the claim and which blocks are executed is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Examiner suggests applicant clarify the claim by adding the appropriate limitations. Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. The terms execute blocks of the method in claim 20 is a relative term which renders the claim indefinite. The term "execute blocks" without defining blocks of the claim and which blocks are executed is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Examiner suggests applicant clarify the claim by adding the appropriate limitations. Claims 5, 12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. Claims 5 and 12 discard on the same condition a packet is in the parent claim is permitted. As no exact order of the limitations is provided this ambiguity requires clarity as how a packet can both be permitted and discarded on the same rule. Complete Mode and Incomplete Mode are not defined as to how they are ascertained. The above cited rejections are merely exemplary. The Applicant(s) are respectfully requested to correct all similar errors. Claims not specifically mentioned are rejected by virtue of their dependency. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-2, 9-11, 18-21 rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bosshart et al. (US20190236103A1) hereinafter Bosshart. Regarding claims 1, 10, 19, 20: Bosshart teaches a packet processing method, which is applied to a network device (¶0043 an incoming packet is received at the router), comprising: matching an index of an input interface (port 81) for receiving a packet and a source address of the packet with a key field of a Source Address Validation, SAV, entry of a data plane (Fig. 9, Par. 48, FIG. 9 provides another example of the data structures used by process 700..."; Par. 49, input key 910 (e.g., a set of fields in a packet) is received at a firewall the input key includes fields that specify an Open Systems Interconnection (OSI) model layer 4 port and a source IP address. In this example, the layer 4 port is port 81 and the source IP address is a 32-bit IPv4 address 195.20.10.5..forwarding data messages implies a data plane), wherein the key field of the SAV entry of the data plane comprises an index of an input interface [port 81] and a legal source address prefix [195, 20/16] (Fig. 9, ¶0055, Rule 3 indicates that if the source IP is 195, 20/16 and the layer 4 port is 81, the packet is permitted); if a key field ("sub-table 943" in Fig. 9) of a target SAV entry ("sub-tables 615” in Fig. 9) matches the index of the input interface for receiving the packet and the source address of the packet, permitting the packet (Fig.9, ¶0059, The input key 910 in FIG. 9 is matched against the three entries of sub-table 943. The input key matches the lowest priority entry. The result 920 (i.e., "permit") is returned as the rule to be enforced by the firewall). Further regarding claim 10: Bossart further teaches a packet processing apparatus, which is applied to a network device (claim 36 see network switch) regarding the units Bossart teaches (¶0065 see read-only-memory 1130 stores static data and instructions that are needed by the processing unit(s) 1110 and other modules of the electronic system) Further regarding claim 19: Bossart further teaches a forwarding chip that can execute blocks of claim 1 above (¶0060 features and applications are implemented as software processes that are specified as a set of instructions recorded on a computer readable storage medium (also referred to as computer readable medium) … of computer readable media include, but are not limited to, CD-ROMs, flash drives, RAM chips, hard drives, EPROMs, etc. The computer readable media does not include carrier waves and electronic signals passing wirelessly or over wired connections) Further regarding claim 20: Bossart further teaches a network device, comprising a forwarding chip to execute blocks of claim 1 above (claim 36 see network switch) regarding the units Bossart teaches (¶0065 see the read-only-memory 1130 stores static data and instructions that are needed by the processing unit(s) 1110 and other modules of the electronic system. The permanent storage device 1135, on the other hand, is a read-and-write memory device. This device is a non-volatile memory unit that stores instructions and data even when the electronic system 1100 is off. Some embodiments of the invention use a mass-storage device (such as a magnetic or optical disk and its corresponding disk drive) as the permanent storage device 1135) Regarding claims 2, 11: The method according to claim 1, wherein the network device comprises at least one forwarding chip; each forwarding chip stores a SAV entry of the data plane whose key field comprises an index of an interface on the forwarding chip; and/or the SAV entry of the data plane is stored in a ternary content addressable memory, TCAM (¶0047 FIG. 8, an unmasked key 810 (e.g., a field specifying the destination IP address of a packet) is received at a router that uses tables 605 and 615 to implement an LPM table. As shown, the destination IP address is 11111010. The destination address is used by TCAM hardware to search in table 605, which is stored in TCAM. The search produces two matches, sub-table key 633 with value of 1111* and sub-table key 634 with value of *. Since sub-table key 633 has a higher priority, sub-table index 801 associated with sub-table key 633 is identified as the sub-table index. Sub-table index 801 has a value of 3. This value is used to identify sub-table 643 to search for an entry to match the input key 11111010 810). Regarding claims 9, 18, 21: The already combined references teach the method according to claim 1, wherein the method further comprises: learning a SAV entry of a control plane, wherein a key field of the SAV entry of the control plane comprises an index of an input interface, and a value field of the SAV entry of the control plane comprises at least one legal source address prefix; constructing the SAV entry of the data plane according to the SAV entry of the control plane (Bosshart ¶0055 see FIG. 9, the third sub-table 943 has three rules (Rules 1 to 3). Each rule has a set of criteria to match and an action to perform if there is a match. For instance, Rule 1 indicates that if the layer 4 port is port 80, the packet received at the firewall has to be dropped. Rule 2 indicates that if the source IP address is 198,10,200/24, the packet is permitted. Rule 3 indicates that if the source IP is 195,20/16 and the layer 4 port is 81, the packet is permitted ¶0056 see conceptually illustrates an example of storing the rules of sub-table 943 of FIG. 9. Rule 1 is stored in three entries 1041-1043, rule 2 is stored in three entries 1051-1053, and Rule 3 is stored in three entries 1061-1063. The first entry for each rule conceptually shows 5 decimal values separated by commas). Claim Rejections - 35 USC § 103 A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 4, 6-8, 13, 15-16, rejected under 35 U.S.C. 103 as being unpatentable over Bosshart et al. (US20190236103A1) hereinafter Bosshart in view of Sweeney (US20210392167A1) hereinafter Sweeney. Regarding claims 4, 13: The already combined references teach the method according to claim 1, wherein the method further comprises: if none of key fields of all SAV entries of the data plane matches the index of the input interface for receiving the packet and the source address of the packet, and a SAV flag comprised in a result field of the target forwarding entry indicates that an address prefix comprised in the target forwarding entry is a legal source address prefix of an input interface, discarding the packet (Bosshart ¶0055 see Each rule has a set of criteria to match and an action to perform if there is a match. For instance, Rule 1 indicates that if the layer 4 port is port 80, the packet received at the firewall has to be dropped); if none of key fields of all SAV entries of the data plane matches the index of the input interface for receiving the packet and the source address of the packet, and the SAV flag comprised in the result field of the target forwarding entry does not indicate that the address prefix comprised in the target forwarding entry is a legal source address prefix of an input interface, permitting the packet (Bosshart ¶0055 see Rule 2 indicates that if the source IP address is 198,10,200/24, the packet is permitted. Rule 3 indicates that if the source IP is 195,20/16 and the layer 4 port is 81, the packet is permitted). Bosshart does not explicitly teach matching the source address of the packet with a key field of a forwarding entry to obtain a target forwarding entry with a key field matching the source address of the packet, wherein the key field of the forwarding entry comprises an address prefix, and a result field of the forwarding entry comprises a SAV flag Sweeney however in the same field of computer networking teaches matching the source address of the packet with a key field of a forwarding entry to obtain a target forwarding entry with a key field matching the source address of the packet, wherein the key field of the forwarding entry comprises an address prefix, and a result field of the forwarding entry comprises a SAV flag (¶0034 see configuration may be arranged as follows, including a section with a set of structured “match lists” that specify associated prefixes and hosts. A “definition” section specifies a match list holding the prefixes that define the security segment. A “policies” section specifies the action to take when a packet is being forwarded from the given security segment to another security segment) Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given the index matching of Bosshart and the teachings of matching source address and forwarding entry of prefixes for of Sweeney to combine the teachings such that Bosshart utilizes the matching as part of its own matching function. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so provides a more efficient and effective methods are needed for securely processing network communication (Sweeney ¶0003). Regarding claims 6, 15. The already combined references teach the method according to claim 4, wherein matching the source address of the packet with a key field of a forwarding entry to obtain a target forwarding entry with a key field matching the source address of the packet () comprises: Bosshart however does not explicitly teach matching the source address of the packet with address prefixes comprised in the key fields of the forwarding entries to obtain at least one candidate entry with an address prefix matching the source address of the packet; determining a candidate entry to which a longest address prefix belongs from the at least one candidate entry as the target forwarding entry with a key field matching the source address of the packet. Sweeney however in the same field of computer networking teaches matching the source address of the packet with address prefixes comprised in the key fields of the forwarding entries to obtain at least one candidate entry with an address prefix matching the source address of the packet; determining a candidate entry to which a longest address prefix belongs from the at least one candidate entry as the target forwarding entry with a key field matching the source address of the packet (¶0025 the types of “large” tables designated for assigning security segments may depend on their then-present use at the time of allocation and the underlying network conditions/topology. As indicated earlier, tables used for “longest prefix match” or “exact match” lookups may also be utilized for security segment assignments ¶0050-56 see match prefix matching from policies) Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given the index matching of Bosshart and the teachings of Sweeney for matching the source address of the packet with address prefixes to combine the teachings such that Bosshart utilizes the matching as part of its own matching function. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so provides a more efficient and effective methods are needed for securely processing network communication (Sweeney ¶0003). Regarding claims 7, 16: The already combined references teach the method according to claim 4, Bosshart does not explicitly teach wherein the network device comprises at least one forwarding chip; each forwarding chip stores a forwarding entry learned by the network device; and/or the forwarding entry is stored in a ternary content addressable memory, TCAM. Sweeney however in the same field of computer networking teaches wherein the network device comprises at least one forwarding chip; each forwarding chip stores a forwarding entry learned by the network device; and/or the forwarding entry is stored in a ternary content addressable memory, TCAM (¶0084 see processing circuitry should be understood to mean circuitry based on one or more microprocessors, microcontrollers, digital signal processors, programmable logic devices, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), etc., and may include a multi-core processor (e.g., dual-core, quad-core, hexa-core, octa-core, or any suitable number of cores ¶0031-32 see Lookup table sections 200 and 220 include entries for a source IP address in column 210 and a destination IP address in column 230. The source and destination IP addresses may be obtained from an incoming packet (e.g., received at input port 160 of FIG. 1). A match with source and destination IP entries in columns 210 and 220 results in an assignment to source and destination security segments designated in columns 215 and 235, respectively. Lookup table sections 200 and 230 may be standalone tables or components of larger lookup tables, for example, a forwarding information base residing in RAM or in a combination of RAM and a dedicated table memory (e.g., CAM/TCAM)….A security segment table 240 is configured to perform lookups based upon security segment assignments. Table 240 may be located in dedicated memory (e.g., TCAM memory 140 of FIG. 1). Table 240 may also include entries for additional parameters such as a network protocol parameter 260 and port parameter 265. These parameters may be obtained from associated packets and/or as a result of lookups performed in large tables (e.g., including tables 200 and 220). In some embodiments, lookups in table 240 are performed to confirm, deny, or advance packet processing tasks initiated from lookups in tables 200 and 220.) Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given the memory of Bosshart and the teachings of Sweeney for forwarding entry is stored in a ternary content addressable memory, TCAM to combine the teachings such that Bosshart utilize the TCAM. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so provides a more efficient and effective methods are needed for securely processing network communication (Sweeney ¶0003). Regarding claim 8: The already combined references teach the method according to claim 4, wherein a bit width of the SAV flag is 1 bit (Bosshart Fig 9 ¶0055 SAV Flag indicates permitting or dropping a packet ie a binary choice representing a bit) Claims 3, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Bosshart-Sweeney further in view of Lin Qiu “Intra-Domain SAVNET” [IDS element C3 filed 3/14/2025] hereinafter Lin. Regarding claims 3, 12: Bosshart-Sweeney teach the method according to claim 1, wherein a result field of the SAV entry of the data plane is empty (¶0038 see root node 505 is associated with empty a Null value and each node in the tree is associated with an extra 0 or 1 bit than the parent); Bosshart-Sweeney does not explicitly teach wherein a result field of the SAV entry of the data plane is empty and the index of the input interface and the legal source address prefix are filled in the key field of the SAV entry of the data plane in an order of the index of the input interface and then the legal source address prefix; or the legal source address prefix and the index of the input interface are filled in the key field of the SAV entry in an order of the legal source address prefix and then the index of the input interface. Lin however in the same field of computer networking teaches wherein a result field of the SAV entry of the data plane is empty and the index of the input interface and the legal source address prefix are filled in the key field of the SAV entry of the data plane in an order of the index of the input interface and then the legal source address prefix; or the legal source address prefix and the index of the input interface are filled in the key field of the SAV entry in an order of the legal source address prefix and then the index of the input interface (Page 8, 9 see prefix-SAV sub-TLV can beused to identify the prefix see the table on page 9) Accordingly, it would have been obvious to one of ordinary skill in the art of computer networking at the effective filing date of the claimed invention given the SAV entries of Bosshart and the teachings of Lin for filling the prefix fields to combine the teachings such that Bosshart utilize the extension for protected prefixes of Lin. One of ordinary skill in the art would recognize that the results of the combination are predictable because each element in the combination is merely performing the same function it would perform separately. One would be motivated to combine these teachings because doing so provides each node the ability to calculate independently SAV information (Lin Page 3). Conclusion References are cited not only for their quoted language but for all that they teach. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Atta Khan whose telephone number is 571-270-7364. The examiner can normally be reached on M-F 09:00-6:00. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571) 272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ATTA KHAN/ Examiner, Art Unit 2449