DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 09/17/2024 has been considered by the Examiner. The submission is in compliance with the provisions of 37 CFR 1.97.
Examiner note
An election was made by the applicant’s Attorney (i.e., Glenn, Michael) in response to a restriction requirement set forth during the interview on 16 January 2026; the restriction requirement and election have been incorporated into this action. (See the explanation below under section 6, Election/Restriction).
Claim status
Claims 1-4, 12-19 have been withdrawn (i.e., Group I & II not elected). Claims 5-11 and 20-27 (i.e., Group III ) are presented for the examination and remain pending in the application.
Election/Restriction
Restriction to one of the following inventions is required under 35 U.S.C. 121:
Claims 1-2 and 12-19 drawn to a method moving IP-format packet replacing address protocol, wherein all said information is derived from said same visa identifier and binding each packet to the identity and permissions of a sender each time a node processes a packet, wherein said authenticated attribute comprises at least one immutable attribute of that which is being authenticated, classified in H04L63/20, G06F21/6218, G06F21/6209 and/or H04L63/0272 and U.S current class 1/1.
Claims 3-4 drawn to a method IP-format packets though a network, comprising: encapsulating IP-format packets into a compressed form by replacing any of addresses, ports, protocols, and other header fields of the IP packet with a visa identifier based on reserving bandwidth for a specific use by defining a special class of traffic that has a higher priority than other traffic, classified in H04L63/0435 and/or H04L63/102 and U.S class 709/207, 709/202, 709/203, 709/217 and/or 705/4.
Claims 5-11 and 20-27 drawn to a method for moving IP-format packets though a network, comprising: encapsulating IP-format packets into a compressed form by replacing any of addresses, ports, protocols, and other header fields of the IP packet with a visa identifier: tracking a number of messages transmitted and implementing a limit, providing one or more individual instances of said network; wherein each individual instance of said network comprises its own communication policies; and wherein every node of said network enforces said policies, authenticated attributes and a method for transmitting a packet across a packet-switched communications network consisting of multiple nodes, comprising: transmitting packets from a first communicator to a first node of the network which is associated with a source address; transmitting packets from a second node of the network to a second communicator which is associated with a destination address; wherein when a first packet is transmitted to the first node of the network, the first node communicates with the visa server information derived from the first packet to determine if the delivery of the first packet is compliant with the policies of the network; and wherein the first packet is delivered to the second node only if it is compliant with policies as determined by the visa service, classified in H04L9/3236, G06F21/64, G06F21/30 and/or H04L63/0876.
The inventions I, II and III are related as a sub-combination disclosed as usable together in a single combination. The sub-combinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one sub-combination is separately useable.
For example, group I is directed to a method of IP-format packets encapsulation into a compressed form by replacing address, protocol, port and other header fields and determining the identities of the sender and the receiver for binding each packet to provide a permission and wherein said authenticated attribute comprises at least one immutable attribute of that which is being authenticated (see Para. [0254], [0239] and [0212]).
Group II is directed to a method of IP-format packets with a visa identifier based on reserving bandwidth for a specific use by defining a special class of traffic that has a higher priority (see [0064], [0280], [0322] and [0381]-[0382]).
Group III is directed to a method of IP-format packets with a visa identifier for tracking a number of messages transmitted and implementing a limit, providing one or more individual instances of said network; wherein each individual instance of said network comprises its own communication policies (see [0262]).
Therefore, the three groups are directed to different inventions and are restrict-able. (MPEP § 802.01, § 806.06 and § 806.05 (d)).
Restriction for examination purposes as indicated is proper because all the inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because one or more of the following reasons apply:
The inventions have acquired a separate status in the art in view of their different classification.
The inventions have acquired a separate status in the art due to their recognized divergent subject matter.
The invention requires a different field of search (e.g., searching different classes/subclasses or electronic resources, or employing different search strategies or search queries).
The prior art applicable to one invention would not likely be applicable to another invention.
Applicant is advised that the reply to this requirement to be complete must include (i) an election of an invention to be examined even though the requirement may be traversed (37 CFR 1.143) and (ii) identification of the claims encompassing the elected invention.
The election of an invention may be made with or without traverse. To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA 35 U.S.C. 103(a) of the other invention.
During a telephone conversation the Examiner discussed about the election/restriction with Applicant’s Attorney (i.e., Glenn, Michael) on 01/16/2026 and elected Group III without traverse. Affirmation of election was made by Applicant’s Attorney that claims 1-4 and 12-19 (i.e., Groups I & II) to be withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.
Applicant is reminded that upon the cancellation of claims to a non-elected invention, the inventor ship must be corrected in compliance with 37 CFR 1.48(a) if one or more of the currently named inventors is no longer an inventor of at least one claim remaining in the application. A request to correct inventor ship under 37 CFR 1.48(a) must be accompanied by an application data sheet in accordance with 37 CFR 1.76 that identifies each inventor by his or her legal name and by the processing fee required under 37 CFR 1.17(i).
The examiner has required restriction between product or apparatus claims and process claims. Where applicant elects claims directed to the product/apparatus, and all product/apparatus claims are subsequently found allowable, withdrawn process claims that include all the limitations of the allowable product/apparatus claims should be considered for rejoinder. All claims directed to a nonelected process invention must include all the limitations of an allowable product/apparatus claim for that process invention to be rejoined.
In the event of rejoinder, the requirement for restriction between the product/apparatus claims and the rejoined process claims will be withdrawn, and the rejoined process claims will be fully examined for patentability in accordance with 37 CFR 1.104. Thus, to be allowable, the rejoined claims must meet all criteria for patentability including the requirements of 35 U.S.C. 101, 102, 103 and 112. Until all claims to the elected product/apparatus are found allowable, an otherwise proper restriction requirement between product/apparatus claims and process claims may be maintained. Withdrawn process claims that are not commensurate in scope with an allowable product/apparatus claim will not be rejoined. See MPEP § 821.04. Additionally, in order for rejoinder to occur, applicant is advised that the process claims should be amended during prosecution to require the limitations of the product/apparatus claims. Failure to do so may result in no rejoinder. Further, note that the prohibition against double patenting rejections of 35 U.S.C. 121 does not apply where the restriction requirement is withdrawn by the examiner before the patent issues. See MPEP § 804.01.
Claim Objections
Claims 5, 10 and 21 are objected to because these claims do not recite the term “and” before their last limitations. For example, in claim 5 they should recite “and” after the end of the last limitation “based on…permission”; in claim 10 after the end of the last limitation “wherein…node”; and in claim 21 after the end of the last limitation “the visa…communicators”. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Hillis et al. U.S. Pub. No. 2021/0058369 A1, (hereinafter Hillis the first) in view of Houchen U.S. Pat. No. 7,272,116 B1 , (hereinafter Houchen).
Regarding claim 5. Hillis the first teaches a method for moving IP-format packets though a network (Hillis the first teaches in Fig. 6 and Para. [0162] agent packet which is an IP-packet received from an adaptor into a transit packet for transmission through a SNN and subsequent conversion to an agent packet by an egress dock), comprising:
encapsulating IP-format packets into a compressed form by replacing any of addresses, ports, protocols, and other header fields of the IP packet with a visa identifier (Hillis the first teaches in Fig. 6 element 6275 encapsulated agent packet (i.e., IP-packet) and Para. [0163] encapsulated agent packet (i.e., IP-packet) 6275 in its payload 6250 which, in combination with the associated visa's visa egress data, is sufficient to reconstruct the agent packet and further Hillis the first teaches in Para. [0164] the transit packet header, the encrypted packet checksum is a checksum encrypted by the visa key associated with the packet's visa…, the visa identifier can potentially change each time the packet is transmitted and further a forwarder may change the visa identifier of a packet header before transmitting it through a link as narrated in Para. [0171]. Here, the claim lists features in the alternative. While the claim lists a number of optional limitations only one limitation from the list is required and needs to be met by the prior art and thus, the prior art of record Hillis the first addressed the limitation of change (i.e., replacing) of header field);
tracking a number and size of messages that have been transmitted (Hillis the first teaches in Para. [0127] packet processing unit (PPU) state includes the state information (i.e., messages) that the PPU requires to process packets,... This associated information (i.e., messages) includes the information required to track the rate and volume of information (i.e., number and size of the information which is the message is tracked) that is transmitted in association with those visas);
implementing limits on an amount of information that can be transmitted under a particular permission (Hillis the first teaches in Para. [0143] the processing bandwidth limit may be used to limit the rate of information transmitted over links under the permission of the visa); and
based on said visa identifier, a visa service using reserving bandwidth based on permission (Hillis the first teaches in Para. [0152] the visa service generates a visa endorsement which is associated with the visa identifier and further Hillis the first teaches in Para. [0151] the visa services uses this maximum duration, in conjunction with the bandwidth limits set by the communication policies…, and Hillis the first also teaches in Para. [0109] that the communication policies may also specify how much bandwidth should be reserved through PPUs to carry the packets associated with a visa and in what circumstances that bandwidth is reserved and further Hillis the first teaches in Para. [0152] that the ).
Hillis the first does not explicitly teach wherein additional bandwidth is not made available once a reserved bandwidth is exhausted.
However, Houchen teaches wherein additional bandwidth is not made available once a reserved bandwidth is exhausted (Houchen teaches [Col. 12, lines 15-19] note that if a node times out, it implies that it was somehow isolated from the other nodes during the signaling process. The action in this case is to simply remove the local data structure and free up (i.e., not available) any reserved bandwidth associated with the expired (i.e., exhausted) request (i.e., the reserved bandwidth is not made available since it is freed up and related to the expired request)).
Therefore, Hillis the first and Houchen are analogues arts and they are in the same field of endeavor as they both are directed to the encapsulation of agent packets (i.e., IP-format packets) a bandwidth reservation process in order to the request packet is provided with a value indicating a number of nodes provided in a route, and the value indicating the number of rings provided in the route and representing a bandwidth required to establish cross-connects along the route.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of simply remove and free up any reserved bandwidth associated with the expired request ([Col. 12, lines 15-19]) as taught, by Houchen into the teachings of Hillis the first. One would have been motivated to do so in order to the configuration of the node automatically provisions the traffic paths from the source node to the destination node across the synchronous optical network (SONET) multiplexers in the bi-directional line-switched ring network. The source node establishes a traffic route in a simple manner while reducing memory consumption at the source node.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Houchen further in view of Ferstay et al. U.S. Pub. No. 2021/0149751 A1, (hereinafter Ferstay).
Regarding claim 6. Hillis the first in view of Houchen teaches the method of claim 5.
Hillis the first in view of Houchen does not explicitly teach implementing permissions that limit large-scale data exfiltration.
However, Ferstay teaches implementing permissions that limit large-scale data exfiltration (Ferstay teaches in Para. [0242] data-collecting functionality prevents access to restricted resources in connection with a data-collection system… For example, a malicious third-party developer can generate code designed to attempt exfiltration of data from the data-collection system…, which may have been built without concern for data collection on a large scale).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of generating a code designed to attempt exfiltration of data from the data-collection system and building a data collection on a large scale ([0242]) as taught, by Ferstay into the teachings of Hillis in view of Houchen invention. One would have been motivated to do so in order to the computing system improves the time-based searching to facilitate the faster retrieval. The search head can perform the field-extraction operations on the superset to produce the reduced set of search results. The set of messages is processed more efficiently and result in a less expensive recovery from processing failure as redundant message processing is reduced or avoided.
Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Baukes et al. 2017/0244761 A1, (hereinafter Baukes).
Regarding claim 7.
Hillis the first teaches in a network consisting of a set of communicating nodes and internal services, including a visa service and an administrative service (Hillis the first teaches in Para. [0117] policies determine any internal and external communication system of the hardware units (i.e., a set of communication nodes) in a reliable, secure channels to services such as the visa service), a method comprising:
encapsulating IP-format packets into a compressed form by replacing any of addresses, ports, protocols, and other header fields of the IP packet with a visa identifier providing one or more individual instances of said network (Hillis the first teaches in Fig. 6 element 6275 encapsulated agent packet (i.e., IP-packet) and Para. [0163] encapsulated agent packet 6275 in its payload 6250 which, in combination with the associated visa's visa egress data, is sufficient to reconstruct the agent packet and further Hillis the first teaches in Para. [0164] the transit packet header, the encrypted packet checksum is a checksum encrypted by the visa key associated with the packet's visa…, the visa identifier can potentially change each time the packet is transmitted and further a forwarder may change the visa identifier of a packet header before transmitting it through a link as narrated in Para. [0171]. Here, the claim lists features in the alternative. While the claim lists a number of optional limitations only one limitation from the list is required and needs to be met by the prior art and thus, the prior art of record Hillis the first addressed the limitation of change (i.e., replacing) of header field);
wherein each individual instance of said network comprises its own communication policies (Hillis the first teaches in Para. [0036] the policy defines multiple categories of policy that govern the activity of a SNS, including communication policies, authentication policies, connection policies, and reporting policies. Communication policies define which agents can communicate and under what circumstances and what resources they are allocated to do so). Hillis the first teaches about the policies for the hardware units as indicated above in Para. [0117]. Hillis the first does not explicitly teach wherein every node of said network enforces said policies.
However, Baukes teaches wherein every node of said network enforces said policies (Baukes teaches in Para. [0002] there is a need for individual nodes of a network to enforce the policy of neighboring nodes as part of a consensus-based enforcement scheme).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the
claimed invention to modify the teachings of enforcing the policy of neighboring nodes ([0002]) as taught, by Baukes into the teachings of Hillis in view of Houchen invention. One would have been motivated to do so in order to provide configuration information and/or information associated with node objects installed at the node and the scan engine performs the scan at the node. Enable nodes to determine if a target node is misconfigured by determining if the target node is able to perform or participate in a restriction communication or interaction. In order to ensure that restrictions in communication, interaction, or resource access are property affected between nodes, an enforcement mechanism of negative checking is implemented in a network.
Regarding claim 8.
Hillis the first in view of Baukes teaches wherein a single node is configurable to implement any combination of functions of docks, forwarders, and node endpoints, as long said node enforces the policies on all packets that pass through it (Hillis the first teaches in Para. [0134] two types of communication PEPs are compiled from communication policies; one type is used by docks and the other by forwarders…,in a packet processing available on the hardware unit (i.e., a single node) and further Baukes in Para. [0002] enforce the policy of neighboring nodes as part of a consensus-based enforcement scheme).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of enforcing the policy of neighboring nodes ([0002]) as taught, by Baukes into the teachings of applying policies that can be used by docks and the other by forwarders in a packet processing available on the hardware unit (i.e., a single node) ([0134]) a taught, by Hillis the first. One would have been motivated to do so in order to the system has a secure network comprising the packet processing units (PPUs) communicatively coupled by an internal communication system. Multiple internal packets are provided with which the secure network transports the information. A visa is associated with each of the internal packets. The visa references the policies. The PPU among the PPUs transmits an internal packet of the information only when allowed by the policies as referenced by the visa.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Baukes further in view of Chanak et al. U.S. Pub. No. 2021/0314301 A1, (hereinafter Chanak).
Regarding claim 9. Hillis the first in view of Baukes teaches the method of claim 7.
Hillis the first in view of Baukes does not explicitly teach wherein an entire private cloud, real or virtual, comprises a single node.
However, Chanak teaches wherein an entire private cloud, real or virtual, comprises a single node (Chanak teaches in Fig. 1 element 100 private cloud system and Para. [0081] provide virtual private access through the cloud-based system 100 and further Chanak teaches in Para. [0085] the policy engine delivers connection information to the application 350 and app-side enforcement nodes 150, which includes the location of a single enforcement nodes 150).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using a private cloud system and a single enforcement node ([0081] and [0085]) as taught, by Chanak into the teachings of Hillis the first in view of Baukes invention. One would have been motivated to do so in order to the method enables utilizing a cloud-based system to allow a user to connect to a private service edge node in an enterprise network, so that the user can access the private application in an efficient manner. The method allows the user to access the application in a secure manner, thus reducing the risk for the enterprise data residing on unsecured and unmanaged devices as well as the security risks in access to the Internet, and hence providing seamless, zero trust access to private applications running on the public cloud, within the data center and within the enterprise network in an effective manner.
Claims 20-25 are rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Soliman et al. 2009/0119770 A1, (hereinafter Soliman).
Regarding claim 20.
Hillis the first teaches a method for transmitting a packet across a packet-switched communications network consisting of multiple nodes (Hillis the first teaches in Para. [0039] physical or virtual and either is a complete hardware unit (i.e., multiple nodes) or has an associated hardware unit that contains it,…, optionally augmented with specialized PPU components and other specialized packet switching hardware), comprising:
transmitting packets from a first communicator to a first node of the network which is associated with a source address (Hillis the first teaches I Para. [0072] transmitted an agent packet through a tether using a particular agent address as a source agent address, the visa service records that source agent address (i.e., source address) as associated with the tether, allowing other agents to transmit packets to that agent through that tether);
transmitting packets from a second node of the network to a second communicator which is associated with a destination address (Hillis the first teaches in Para. [0034] the packet is transmitted within the SNN (i.e., selective node network); back through a tie-in to an adaptor (i.e., a second communicator) and finally, to a destination agent);
each node communicating bidirectionally with a visa service (Hillis the first teaches in Para. [0221] each of the hardware units (i.e., each node) implementing a visa service sub-server has a similar instance of sub-server software that can communicate through a secure channel to docks to issue a visa. All sub-servers store all communication policies);
the visa service determining communications policies of the network (Hillis the first teaches in Para. [0132] receive information over the internal communication system or method of adaptor-SNN communication, invoke reporting procedures, invoke authentication procedures, communicate with the visa service, and establish docks and links);
the visa service determining when the transmission of a first packet is compliant with the policies of the network (Hillis the first teaches in [Abstract] the visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Also, see Para. [0137]); and
wherein when a first packet is transmitted to the first node of the network, the first node communicates with the visa server information derived from the first packet to determine if the delivery of the first packet is compliant with the policies of the network (Hillis the first teaches in Para. [0084] sends agent packets destined for the server through an adaptor. When issuing a visa for the first of these agent packets, the visa service,…, and further Hillis the first teaches in Para. [0141] endorsement can be validated by using the public key or keys of the visa server, the visa may also specify a visa identifier that is uniquely associated with the visa, and an internal packet may specify this visa identifier to establish an association with the visa). Hillis the first does not explicitly teach wherein the first packet is delivered to the second node only if it is compliant with policies as determined by the visa service.
However, Soliman teaches wherein the first packet is delivered to the second node only if it is compliant with policies as determined by the visa service (Soliman teaches in Para. [0046] a connection state may be created between the first node 130, which may be a host, and the second node 132 when the two exchange data compliant with the set policies of the PDP 120 and further the PDP 120 of its intention to send (i.e., delivered) packets to the second node as narrated in Para. [0048]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of sending packet when the two exchange data compliant with the set policies of the PDP 120 ([0046]) as taught, by Soliman into the teachings of Hillis the first invention. One would have been motivated to do so in order to the policy decision point is located at the edge of the network, and communicates with reduced number of nodes or users, thus reducing bottleneck in the network. The interior node defers processing digital signatures on receiving policy decision point responses to determine whether a digital signature is to be processed, thus reducing denial of service replies.
Regarding claim 21.
Hillis the first teaches the visa service determining attributes of the communicators (Hillis the first teaches in [0149] determining the identity of the addressed agents, the visa service attempts to identify communication policies of the active configuration that would allow those agents to communicate... Also, see Para. [0050]);
wherein the policies of the network are dependent on the attributes of communicators (Hillis the first teaches in Para. [0050] determine when attributes of the identity of an agent need to be authenticated and how they may be authenticated. Depending on the attributes within the identity,...).
Regarding claim 22.
Hillis the first teaches the first packet providing a communication to prove its identity to a node (Hillis the first teaches in Para. [0233] device is a hardware unit, called an adaptor device, that implements the functionality of an adaptor and interaction interfaces for communicating with an agent or assisting in determining and authenticating the identity of an agent).
Regarding claim 23.
Hillis the first teaches a communicator demonstrating to a node that it has access to credentials that prove its identity (Hillis the first teaches in Para. [0030] each of the agents has an identity and access to a set of credentials that can be used to authenticate attributes of that identity and further Hillis the first teaches that the adaptor may prove its access to the tie-in by transmitting the agent packets through the tie-in and demonstrate its access to the credentials by facilitating the authentication of the identity attributes as narrated in Para. [0114]).
Regarding claim 24.
Hillis the first teaches wherein the policies of the network depend on the destination address of the second node (Hillis the first teaches in Para. [0034] the packet is transmitted within the SNN (i.e., selective node network); back through a tie-in to an adaptor (i.e., a second communicator) and finally, to a destination agent); and
wherein the information transmitted by the first node to the visa service includes the destination address associated with the second node (Hillis the first teaches in Para. [0136] the associated parameters of the visa (described later) include the tether address of the destination, although in some cases, such as a broadcast visa, the destination tether address may be implied by the algorithm encoded into the forwarder PEP).
Regarding claim 25.
Hillis the first teaches wherein the policies of the network depend on the source address of the first node (Hillis the first teaches I Para. [0072] transmitted an agent packet through a tether using a particular agent address as a source agent address, the visa service records that source agent address (i.e., source address) as associated with the tether, allowing other agents to transmit packets to that agent through that tether); and
wherein the information transmitted by the first node to the visa service includes the source address associated with the first node (Hillis the first teaches in Para. [0034] communication packets travel from a source agent to its adaptor; through a tie-in to the SNN, where policies specified by the associated visa are enforced each time the packet is transmitted within the SNN).
Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Soliman further in view of Apostolopouos U.S. Pub. No. 2006/0005031 A1, (hereinafter Apostolopouos).
Regarding claim 26. Hillis the first in view of Soliman teaches the method of claim 20.
Hillis the first in view of Soliman does not explicitly teach the visa service communicating to the first and second node a cryptographic key used for computing a message integrity check value (MICV).
However, Apostolopouos teaches the visa service communicating to the first and second node a cryptographic key used for computing a message integrity check value (MICV) (Apostolopouos teaches in Para. [0007] A cryptographic checksum (CCS) is created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) that translates the data in the file and the key into a fixed string of digits…, an integrity check without a key allows anyone to compute the integrity check (for verification or for replacement of the original integrity check value (i.e., MICV)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using an integrity check value ([0007]) as taught, by Apostolopouos into the teachings of Hillis the first in view of Soliman invention. One would have been motivated to do so in order to a cryptographic integrity check value for one of the components of trans codable content is recorded when integrity check for the component is completed. The cryptographic integrity check is completed to generate a cryptographic integrity check value for the component of trans codable content and this method helps to perform the integrity check cost effectively and without much computational complexity.
Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Hillis the first in view of Soliman further in view of Hillis the first et al. U.S. Pub. No. 2023/0171228 A1, (hereinafter Hillis the second).
Regarding claim 27. Hillis the first in view of Soliman teaches the method of claim 20.
Hillis the first further teaches the visa service providing the first node with a visa ID when the packet is policy compliant (Hillis the first teaches in Para. [0155] visa service maintains state information about the identity, tether address, and the authentication status of the identity attributes of each agent using the SNN). Hillis the first in view of Soliman does not explicitly teach the visa service communicating the visa ID and associated forwarding information to a set of nodes along a path the connects the first and second node; the visa service communicating the visa ID and associated forwarding information to a set of nodes along a path the connects the first and second node; the first node creating a second packet that includes the visa ID and transmitting it to the first node on the connecting path; and the set of nodes along the connecting path forwarding the packet with the visa ID along the path.
However, Hillis the second teaches the visa service communicating the visa ID and associated forwarding information to a set of nodes along a path the connects the first and second node (Hillis the second teaches in Para. [0089] all packets associated with a visa associated with the configuration ID and further teaches in Para. [0142] the visa service determines agent identities and authenticates agent identity attributes based on its state information and further visa distribution may be initiated by an ingress dock that has accepted a visa issued by the visa service to distribute the visa to an initial sequence of nodes that can transmit it to its destination as narrated in Para. [0172]);
the visa service communicating the visa ID and associated forwarding information to a set of nodes along a path the connects the first and second node (Hillis the second teaches in Para. [0089] all packets associated with a visa associated with the configuration ID and further teaches in Para. [0172] visa distribution may also be initiated by a forwarder to distribute the visa to a new sequence of nodes (i.e., note that here sequence of nodes include the claimed a set of nodes which is “the first and the second node”) that can transmit it to its destination. By decrementing the herald packet's hop count each time it is forwarded, the length of these potential paths can be limited, for example, to the maximum allowed path length of the associated configuration);
the first node creating a second packet that includes the visa ID and transmitting it to the first node on the connecting path (Hillis the second teaches in Para. [0172] distribution may also be initiated by a forwarder to distribute the visa to a new sequence of nodes (i.e., the first and the second nodes are included in the sequence of nodes) that can transmit it to its destination. By decrementing the herald packet's hop count each time it is forwarded); and
the set of nodes along the connecting path forwarding the packet with the visa ID along the path (Hillis the second teaches in Para. [0089] all packets associated with a visa associated with the configuration ID and further Hillis the second teaches in Para. [0172] a new sequence of nodes that can transmit it to its destination).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of using a visa ID along with the forwarder to distribute the visa to a new sequence of nodes (i.e., a set of nodes) in different paths ([0089] and [0172]) as taught, by Hillis the second into the teachings of Hillis the first in view of Soliman invention. One would have been motivated to do so in order to the method eliminates the requirement that the packets do not require a hop count field that is changed each time the packet is forwarded.
Allowable Subject Matter
Claims 10-11 are objected to as being dependent upon a rejected base claim, but would be allowable if claim 10 is overcome the outstanding objection above under section 10 and if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BERHANU SHITAYEWOLDETSADIK whose telephone number is (571)270-7142. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 5712723865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BERHANU SHITAYEWOLDETADIK/Examiner, Art Unit 2455