Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Chang (US 2019/0182155 A1) in view of Howe (US 2012/0209971 A1). 

Regarding claim 1, Chang discloses a distributed network sharing and traffic isolation comprising the features:
a system for intelligent delivery of data packets within a secure transmission path, the system comprising:
a distributed computing network [Chang: see Figures 3 & 4 and sections 0044 – 0045 & section 0038; a plurality of VPNs may be connected/shared a network core; the network core comprises a multitude of dedicated standalone relay servers or constructed based on an overlay network deployed over the internet or a combination of both] including:
at least one source apparatus in communication with the distributed computing network and configured for transmitting a data set comprising a plurality of data packets [Chang: see Figures 3 – 4 & 7A and sections 0055 – 0056, sections 0070 – 0073, sections 0083 – 0086, sections 0088 – 0089, & sections 0091- 0092; for transporting a packet, the source VPN ID and destination VPN ID are usually ID; the source VPN sends the packets to the shared routing core, via it gateway; the packets travel though the different relays (a tunnel) within the shared routing core and arrive at the destination VPN via its gateway before being forwarded to the host/client],
at least one target apparatus comprising one or more target devices, wherein the target apparatus in communication with the distributed computing network and configured for receiving the data set via a secure transmission path established between the source apparatus and the target apparatus [Chang: see Figures 3 – 4 & 7A and sections 0055 – 0056, sections 0070 – 0073, sections 0083 – 0086, sections 0088 – 0089, & sections 0091- 0092; for transporting a packet, the source VPN ID and destination VPN ID are usually ID; the source VPN sends the packets to the shared routing core, via it gateway; the packets travel though the different relays (a tunnel) within the shared routing core and arrive at the destination VPN via its gateway before being forwarded to the host/client; and
a plurality of network nodes disposed along the secure transmission path [Chang: see Figures 3 – 4 & 7A and sections 0038, sections 0044 – 0046, & sections 0055 – 0056; the tunnel is made of a plurality of relays acting both as servers and an routers]; 
a plurality of logical switches stored in a memory associated with at least one of the network nodes, executable by one or more processing devices associated with at least one of the network nodes [Chang: see Figures 2A – 4 and section 0051, section 0062; see also Figures 7A-7D & 8A and sections 0081 – 0092, section 0099 & sections 0105 – 0110, & sections 0120 -0124; gateway of a host/VPN/subnet registers with an access relay and the access relay propagates the information to other relays; data/packets, between a source VPN and a destination VPN, may travel along the relays that the gateway has registered]; and
a controller stored in the memory associated with at least one of the network nodes, executable by one or more of the processing devices and configured to control at least one of (i) timing for delivery of the data packets to the target apparatus, and (ii) routing of the data packets by activating and deactivating the logical switches [Chang: see Figures 2A – 4 and section 0051, section 0062; see also Figures 7A-7D & 8A and sections 0081 – 0092, section 0099 & sections 0105 – 0110, & sections 0120 -0124; gateway of a host/VPN/subnet registers with an access relay and the access relay propagates the information to other relays; data/packets, between a source VPN and a destination VPN, may travel along the relays that the gateway has registered].


(i) timing for delivery of the data packets to the target apparatus.

Howe discloses a method for managing a network comprising the features:
 (i) timing for delivery of the data packets to the target apparatus [Howe: see Figure 16 and sections 0204 - 0207; Figure 18 and section 0212 – 0213; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s)]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang by incorporating techniques of Howe in order to provide a more robust system that ensures that the receiving node is available to receive the data [Howe: see section 0074]


5.	Claims 2 – 7 and 11 – 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chang (US 2019/0182155 A1) in view of Howe (US 2012/0209971 A1) and further in view of  AKIYOSHI (US 2013/0235869 A1).

Regarding claim 2, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 1, wherein the data packets are tagged with a destination address associated with one or more of the target devices and a data packet type.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 1, wherein the data packets are tagged with a destination address associated with one or more of the target devices and a data packet type [AKIYOSHI: see Figure 5 and section 0061 & Figure 6 and sections 0062 – 0065; see also Figures 1 & 2 and sections 0045 – 0049;  packets contain source/destination and the type of packet information; identification rule can be set by suitably combining the source/destination of a packet and the type of a packet; the identification rule may be configured so as to recognize whether a received packet should be forwarded within a predetermined network domain or across a plurality of network domains].
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 3, Howe further discloses the features comprising:
the system of Claim 2, wherein the controller is further configured to:
determine availability of the one or more target devices associated with the identified destination address for processing data [Howe: see Figure 16 and sections 
However, Chang and Howe do not explicitly disclose the features comprising:
scan the data packets along the secure transmission path to identify the destination address and the data packet type, and
determine the one or more target devices associated with the identified destination address for processing data of the identified data packet type apparatus.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
scan the data packets along the secure transmission path to identify the destination address and the data packet type [AKIYOSHI: see Figures 1 – 3 and sections 0041 – 0054; each communication device along the path identifies a received packet based on an identification rule for identifying a packet, and determines whether to forward the received packet (section 0041); the identification rule can be set by combining the source/destination of a packet and the type of packet (section 0048)], and
determine the one or more target devices associated with the identified destination address for processing data of the identified data packet type apparatus [AKIYOSHI: see Figures 1 – 3 and sections 0041 – 0054; each communication device along the path identifies a received packet based on an identification rule for identifying a packet, and 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 4, Howe discloses the features comprising:
the system of Claim 3, wherein the controller is further configured to:
in response to determining that the one or more target devices are currently not available for processing data of the identified data packet type, activate one or more of the logical switches to block transmission of data packets of the identified data packet type [Howe: see Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each switch (along the path) and the destination are to receive the data, the switch 1312, which is for routing the data, is not enabled when it is not the proper scheduled time intervals (at the switch and at the and
determining that at least one of the one or more target devices are currently available for processing the data, deactivate the one or more of the logical switches to allow transmission of the data packets to the at least one of the one or more target devices [Howe: see Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each switch (along the path) and the destination are to receive the data, the switch 1312, which is for routing the data, is not enabled when it is not the proper scheduled time intervals (at the switch and at the destination); furthermore, another switch (e.g. 1306) are activated letting data to be routed through the another switch and blocking the switch 1312].

Regarding claim 5, Howe further discloses the features comprising:
the system of Claim 4, further comprising:
a target device availability database configured to store information that indicates time intervals for processing data of a specified data packet type for each of the one or more target devices [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; see also Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; the network management module request to reserve a time interval 

Regarding claim 6, Howe further discloses the features comprising:
the system of Claim 5, wherein the controller is further configured to access the target device availability database to determine availability of one or more target devices based on the time intervals in the target device availability database associated with (i) the one or more target devices associated with the destination address and (ii) the data packet type [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; see also Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s); the destination/target device agrees with the time interval the data is to arrive when the path is configured/reserved; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each switch (along the path) and the destination are to receive the data, the switch 1312, which is for routing the data, is not enabled when it is not the proper 

Regarding claim 7, Howe further discloses the features comprising:
the system of Claim 3, wherein the controller is further configured to, in response to identifying the destination address and data packet type, receive information from the one or more target devices associated with the identified destination address that indicates a current availability of the one or more target devices to process data of the data packet type [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; see also Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s); when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each switch (along the path) and the destination are to receive the data, the switch 1312, which is for routing the data, is not enabled when it is not the proper scheduled time intervals (at the switch and at the destination); furthermore, another switch (e.g. 1306) are 

Regarding claim 11, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 1, wherein the controller is further configured to determine an attempt to wrongfully access or intercept the data packet and, in response to determining the attempt to wrongfully access or intercept the data packets, perform at least one of (i) activate one or more of the logical switches to block further transmission of the data packets, and (ii) re-route the data packets away from an intended one of the target devices to a second one of the target devices.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 1, wherein the controller is further configured to determine an attempt to wrongfully access or intercept the data packet and, in response to determining the attempt to wrongfully access or intercept the data packets, perform at least one of (i) activate one or more of the logical switches to block further transmission of the data packets, and (ii) re-route the data packets away from an intended one of the target devices to a second one of the target devices [AKIYOSHI: see Figure 5 and section 0061 & Figure 6 and sections 0062 – 0065; see also Figures 1 & 2 and sections 0045 – 0049 & Figure 10 and sections 0095 - 0096; identification rule can be set by suitably combining the source/destination of a packet and the type of a packet; the identification rule may be configured so as to recognize whether a received packet should be forwarded within a 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 12, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 1, wherein the controller is further configured to determine that the secure transmission path comprises a physical area that the data packets are precluded from entering and, in response to determining that the secure transmission path comprises a physical location that the data packets are precluded from entering, perform at least one of (i) activate one or more of the logical switches to block further transmission of the data packets, and (ii) re-route the data packets away from the secure transmission path to a second secure transmission path that does not include the physical area.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 1, wherein the controller is further configured to determine that the secure transmission path comprises a physical area that the data packets are precluded from entering and, in response to determining that the secure transmission path comprises a physical location that the data packets are precluded from entering, perform at least one of (i) activate one or more of the logical switches to block further transmission of the data packets, and (ii) re-route the data packets away from the secure transmission path to a second secure transmission path that does not include the physical area [AKIYOSHI: see Figure 5 and section 0061 & Figure 6 and sections 0062 – 0065; see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0095 – 0097 & Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0045 – 0049; identification rule can be set by suitably combining the source/destination of a packet and the type of a packet; the identification rule may be configured so as to recognize whether a received packet should be forwarded within a predetermined network domain or across a plurality of network domains; according to the identification rule, the communication device may forward a received packet, discard a packet, rewrite a packet header, flood a packet].
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 13, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 1, wherein the controller is further configured to activate at least two of the logical switches to isolate data packets.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 1, wherein the controller is further configured to activate at least two of the logical switches to isolate data packets [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate Controller; the Intermediate Controller may set up forwarding rules for the switches within that region to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within that region (subnet) is enabled to stop/isolate the ingress packets]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 14, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 13, wherein the isolated data packets are subjected to one or more security processes prior to deactivating the at least two of the logical switches.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 13, wherein the isolated data packets are subjected to one or more security processes prior to deactivating the at least two of the logical switches. [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 -0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate Controller; the Intermediate Controller may set up forwarding rules for the switches within that region to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within that region (subnet) is enabled to stop/isolate the ingress packets]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].

Regarding claim 15, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 13, wherein the controller is further configured to activate the at least two of the logical switches to isolate data packets within one of a plurality of security zones within the secure transmission path.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 13, wherein the controller is further configured to activate the at least two of the logical switches to isolate data packets within one of a plurality of security zones within the secure transmission path [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate Controller; the Intermediate Controller may set up forwarding rules for the switches within that region to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within that region (subnet) is enabled to stop/isolate the ingress packets]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by incorporating techniques of AKIYOSHI in order to provide a more robust system that allows a communication device bear some part of the control load of a controller and reduce the load thereof [AKIYOSHI: see section 0019].


the system of Claim 15, wherein the controller is further configured to sequentially activate at least two of the logical switches to isolate data packets of the identified data packet type within at least two of a plurality of security zones within the secure transmission path.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 15, wherein the controller is further configured to sequentially activate at least two of the logical switches to isolate data packets of the identified data packet type within at least two of a plurality of security zones within the secure transmission path [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse multiple regions (e.g. subnets) that is controlled by an respective Intermediate Controllers; each Intermediate Controller may set up forwarding rules for the switches within that region/subnet to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within each region (subnet), along the transmission path, is enabled to stop/isolate the ingress packets]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by 

Regarding claim 17, Chang and Howe disclose all claimed limitations above. However, Chang and Howe do not explicitly disclose the features comprising:
the system of Claim 16, wherein the isolated data packets are subjected to one or more security processes in each of the at least two security zones.
AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 16, wherein the isolated data packets are subjected to one or more security processes in each of the at least two security zones [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse multiple regions (e.g. subnets) that is controlled by an respective Intermediate Controllers; each Intermediate Controller may set up forwarding rules for the switches within that region/subnet to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within each region (subnet), along the transmission path, is enabled to stop/isolate the ingress packets]. 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang with Howe by .

6.	Claims 8 - 10 are rejected under 35 U.S.C. 103 as being unpatentable over Chang (US 2019/0182155 A1) in view of Howe (US 2012/0209971 A1) with AKIYOSHI (US 2013/0235869 A1) and further in view of MATSUI et al. (US 2015/0347246 A1).

Regarding claim 8, Chang, Howe, and AKIYOSHI disclose all claimed limitations above. However, Chang, Howe, and AKIYOSHI do not explicitly disclose the features comprising:
the system of Claim 3, wherein the controller is further configured to, in response to determining availability of the one or more target devices associated with the identified destination address for processing data of the identified data packet type, reroute the data packets away from a first target device currently determined to be not available to a second target device currently determined to be available
MATSUI discloses an automatic-fault-handling cache system comprising the features:
the system of Claim 3, wherein the controller is further configured to, in response to determining availability of the one or more target devices associated with the identified destination address for processing data of the identified data packet type, reroute the data packets away from a first target device currently determined to be not available to a second target device currently determined to be available [MATSUI: see 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang, Howe, and AKIYOSHI by incorporating techniques of MATSUI in order to provide a more robust system that reduces facility costs and operating costs [MATSUI: see section 00160].

Regarding claim 9, AKIYOSHI further discloses a method for controlling forwarding path of packet flow comprising the features:
the system of Claim 8, wherein the controller is further configured to create a secure transmission path [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 - 0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate Controller; the Intermediate Controller may set up forwarding rules for the switches within that region to examine the ingress packet; if no forwarding rules is matched to the packet (based on the header information (e.g. source, destination, type of packet)), the Intermediate Controller may discard the ingress packet; in other words, the switches within that region (subnet) is enabled to stop/isolate the ingress packets]. 
However, Chang, Howe, and AKIYOSHI do not explicitly discloses the features:
the system of Claim 8, wherein the controller is further configured to create a second transmission path for transmitting the data packets to the second target device.

the system of Claim 8, wherein the controller is further configured to create a second transmission path for transmitting the data packets to the second target device [MATSUI: see Figure 8 and section 0086 & Figure 9 and sections 0087 – 0089; if the first server fails (i.e. not available), the manager alters the traffic forwarding destination of the router to the specified second server].
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang, Howe, and AKIYOSHI by incorporating techniques of MATSUI in order to provide a more robust system that reduces facility costs and operating costs [MATSUI: see section 00160].

Regarding claim 10, Chang, Howe, and AKIYOSHI disclose all claimed limitations above. However, Chang, Howe, and AKIYOSHI do not explicitly disclose the features comprising:
the system of Claim 8, wherein the controller is further configured to re-tag the data packets with a second destination address associated with the second target device.
MATSUI discloses an automatic-fault-handling cache system comprising the features:
the system of Claim 8, wherein the controller is further configured to re-tag the data packets with a second destination address associated with the second target device [MATSUI: see Figure 8 and section 0086 & Figure 9 and sections 0087 – 0089; if 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of Chang, Howe, and AKIYOSHI by incorporating techniques of MATSUI in order to provide a more robust system that reduces facility costs and operating costs [MATSUI: see section 00160].

7.	Claims 18 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over AKIYOSHI (US 2013/0235869 A1) in view of Howe (US 2012/0209971 A1).

Regarding claim 18, AKIYOSHI discloses a method for controlling forwarding path of packet flow comprising the features:
a computer-implemented method for intelligent delivery of data packets within a secure transmission path, the method executed by one or more computing processing device and comprising:
tagging data packets with a destination address associated with one or more of the target devices and a data packet type [AKIYOSHI: see Figure 5 and section 0061 & Figure 6 and sections 0062 – 0065; see also Figures 1 & 2 and sections 0045 – 0049; packets contain source/destination and the type of packet information; identification rule can be set by suitably combining the source/destination of a packet and the type of a packet; the identification rule may be configured so as to recognize whether a received packet should be forwarded within a predetermined network domain or across a plurality of network domains];
during transmission of the data packets from a source apparatus to the one or more target devices:
scanning the data packets to identify the destination address and the data packet type [AKIYOSHI: see Figures 1 – 3 and sections 0041 – 0054; each communication device along the path identifies a received packet based on an identification rule for identifying a packet, and determines whether to forward the received packet (section 0041); the identification rule can be set by combining the source/destination of a packet and the type of packet (section 0048)];
determining the one or more target devices associated with the identified destination address for processing data of the identified data packet type [AKIYOSHI: see Figures 1 – 3 and sections 0041 – 0054; each communication device along the path identifies a received packet based on an identification rule for identifying a packet, and determines whether to forward the received packet (section 0041); the identification rule can be set by combining the source/destination of a packet and the type of packet (section 0048)].

However, AKIYOSHI does not explicitly disclose the features comprising:
determining availability of the one or more target devices associated with the identified destination address,
in response to determining that the one or more target devices are currently not available for processing data of the identified data packet type, activating one or more logical switches disposed along the secure transmission path to block transmission of data packets of the identified data packet type; and
in response to determining that at least one of the one or more target devices are currently available for processing the data, deactivating the one or more of the logical switches to allow transmission of the data packets to the at least one of the one or more target devices.

Howe discloses a method for managing a network comprising the features:
determining availability of the one or more target devices associated with the identified destination address of [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s); therefore, the time for delivering the packet to the destination/target is pre-configured and that the destination/target node is expecting/available to receive the packet],
in response to determining that the one or more target devices are currently not available for processing data of the identified data packet type, activating one or more logical switches disposed along the secure transmission path to block transmission of data packets of the identified data packet type [Howe: see Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when and
in response to determining that at least one of the one or more target devices are currently available for processing the data, deactivating the one or more of the logical switches to allow transmission of the data packets to the at least one of the one or more target devices [Howe: see Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each switch (along the path) and the destination are to receive the data, the switch 1312, which is for routing the data, is not enabled when it is not the proper scheduled time intervals (at the switch and at the destination); furthermore, another switch (e.g. 1306) are activated letting data to be routed through the another switch and blocking the switch 1312].
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of AKIYOSHI by incorporating techniques of Howe in order to provide a more robust system that ensures that the receiving node is available to receive the data [Howe: see section 0074].


the computer-implemented method of Claim 18, wherein determining availability of the one or more target devices further comprises:
accessing a target device availability database that stores information that indicates time intervals for processing data of a specified data packet type for each of the one or more target devices; and
determining availability of one or more target devices based on the time intervals in the target device availability database associated with (i) the one or more target devices associated with the destination address and (ii) the data packet type.

Howe discloses a method for managing a network comprising the features:
the computer-implemented method of Claim 18, wherein determining availability of the one or more target devices further comprises:
accessing a target device availability database that stores information that indicates time intervals for processing data of a specified data packet type for each of the one or more target devices [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; see also Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s); the destination/target device agrees with the time interval the data is to arrive when the path is configured/reserved; when it is the scheduled time and
determining availability of one or more target devices based on the time intervals in the target device availability database associated with (i) the one or more target devices associated with the destination address and (ii) the data packet type [Howe: see Figure 16 and sections 0204 – 0207 & Figure 18 and section 0212 – 0213; see also Figure 13 and sections 0192 – 0193 & Figure 14 and sections 0194 – 0200; the network management module request to reserve a time interval at each node along a path from the source to the destination; if the reservation process is successful, the data from the source may then be encrypted and sent along the path at the determined time interval(s); the destination/target device agrees with the time interval the data is to arrive when the path is configured/reserved; when it is the scheduled time intervals to transfer an incoming timed-scheduled packet, the network reservation system (e.g. 1310) switches input buffers 1302 and output buffers 1304 to be connected to switch 1312 (identified by a flag or other identifier in the data/packet; the switch 1312 receives the data and sends the data to the next node; since the time scheduled set the time intervals when each 
It would have been obvious to one of the ordinary skill in the art before the effective filling date of the claimed invention to modify the system of AKIYOSHI by incorporating techniques of Howe in order to provide a more robust system that ensures that the receiving node is available to receive the data [Howe: see section 0074].

8.	Claim 20 is rejected under 35 U.S.C. 102(a(2)) as anticipated by or, in the alternative, under 35 U.S.C. 103 as obvious over AKIYOSHI (US 2013/0235869 A1).

Regarding claim 20, AKIYOSHI discloses all claimed limitations above. However, AKIYOSHI does not explicitly disclose the features comprising:
a computer-implemented method for intelligent delivery of data packets within a secure transmission path, the method executed by one or more computing processing device and comprising:
providing a plurality of logical switches within each of a plurality of security zones disposed within the secure transmission path [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 -0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate 
activating at least two of the logical switches within at least one of the security zones to isolate a plurality of data packets within the at least one of the security zones [AKIYOSHI: see Figure 5 and section 0061 & Figure 6 and sections 0062 – 0065; see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 -0093 & sections 0095 – 0097 & Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0045 – 0049; identification rule can be set by suitably combining the source/destination of a packet and the type of a packet; the identification rule may be configured so as to recognize whether a received packet should be forwarded within a predetermined network domain or across a plurality of network domains; according to the identification rule, the communication device may forward a received packet, discard a packet, rewrite a packet header, flood a packet]; and
conducting one or more security processes on the isolated data packets prior to deactivating the at least two logical switches [AKIYOSHI: see Figures 7 - 9 and sections 0067 - 0080; see also Figure 10 and sections 0083 -0093 & sections 0096 – 0097; Figure 11 and sections 0100 – 0108; see also Figures 1 & 2 and sections 0047 – 0049; the packet may transverse a region (e.g. subnet) that is controlled by an Intermediate Controller; the Intermediate Controller may set up forwarding rules for the switches within that region to examine the ingress packet; if no forwarding rules is matched to the packet 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUVENA LOO whose telephone number is (571)270-1974.  The examiner can normally be reached on M-F 8:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kwang Yao can be reached on (571) 272-3182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 






/JUVENA W LOO/Examiner, Art Unit 2473                                                                                                                                                                                                        

/KWANG B YAO/Supervisory Patent Examiner, Art Unit 2473