DETAILED ACTION
This is a non-final office action issued in response to a request for communications received on 3/02/2021 and amendments received 2/01/2021.  Claims 1, 4, 6, 10-14 and 18 were amended.  No new claims were added and no claims were cancelled.  Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/02/2021 has been entered.

Response to Arguments
Applicant’s arguments regarding the rejection of claims 1-20 under 103 have been considered, but are found unpersuasive.
Applicant argues on page 10 of the Remarks that Land does not teach the claim limitation “responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet” because “Land does not appear to disclose or suggest how the 
Applicant’s remaining arguments filed 3/02/2021, with respect to the rejection of claims 1-20 under 35 USC § 102 have been fully considered but are moot because newly added claim limitations requiring “responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet" require new grounds of rejection under 35 USC § 103 necessitated by amendments.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-7, 10-14 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Fountain (US 2014/0310354) and Zelle (US 4,942,574).
Land discloses the limitations of claim 1 substantially as follows:
	A network switch for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising at least a source address and a destination address (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets comprising a frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses); 
determine whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determine whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6, 10: determining whether destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link is reachable, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet)
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, compare an actual value for a characteristic of the data packet against a reference value for the characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission as permitted frame parameters for a data frame (i.e. characteristics of data packets) against a maximum frame size and prior sequence number (i.e. reference values) required for permitted frame parameters); and 
responsive to determining the characteristic corresponds to the reference value, transmit the data packet to the destination address  (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. characteristic) is within the maximum frame size (i.e. corresponds to the reference value) and the sequence numbers (i.e. characteristic) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 1 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value 
However, in the same field of endeavor Fountain discloses the limitations of claim 1 as follows:
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices on the deterministic network (paras. [0021], [0034], [0042]-[0044], [0052], [0057]: determining by a switch whether the source of the packets of critical data (i.e. source address) corresponds to one of the computing devices that is the sole authorized source of the data (i.e. first electronic device) on the deterministic network); 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network, the second electronic device being different than the first electronic device (paras. [0024], [0042]-[0044]: determining by a switch whether the destination of the VLAN tag identifies a computing device (i.e. second electronic device) as one of the sole computing devices 104 that is  a sole authorized destination (i.e. destination address) for the VC data),
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (paras. [0010], [0024], [0042]-[0044]: preventing any packets from being received (i.e. dropping the packets) responsive to determining that the packet does not have a source address or destination that corresponds to the authorized sole source and authorized sole destination (i.e. do not correspond to the plurality of electronic devices) on the deterministic network); 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value  (paras. [0026], [0042]-[0044], [0052], [0057], [0061] Fig. 2: comparing the MAC address (i.e. actual value) of the source of the VLAN tag (i.e. characteristic) and the MAC address (i.e. actual value) of the destination of the VLAN tag (i.e. characteristic) correspond to the permitted sole authorized source and destinations (i.e. reference values)); and 
transmit the data packet to the destination address when the actual value for the characteristic corresponds to the reference value for the characteristic (paras. [0026], [0042]-[0044], [0052], [0057], [0061] Fig. 2 : transmitting the frames to the computing device of the MAC destination when the MAC address for the destination (i.e. actual value for the characteristic) corresponds to the sole destination permitted (i.e. correspond to the reference values)).

	Neither Land or Fountain disclose the remaining limitations of claim 1 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 1 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Fountain and Land because all three are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the 

	Regarding claims 2, 12 and 19, Land, Fountain and Zelle disclose the limitations of the network switch of claim 1, the method of claim 10 and the aerial vehicle of claim 18.
Land and Fountain disclose the limitations of claims 2, 12 and 19 as follows:
wherein the characteristic comprises a preapproved destination address for the data packet (Land, pp. 3-4: all addresses for packets are predefined/preapproved), wherein the reference value includes one or more destination addresses approved to receive the data packet, wherein the actual value is equal to the destination address included in the data packet, and wherein the computing device(s) are configured to reject the data packet when the actual value does not match the one or more destination address approved to receive the data packet (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the authorized destination addresses (i.e. reference values) are authorized to receive the frame/packet and the MAC destination (i.e. actual value) is included in the frame/data packet and the computing devices does not route the frames (i.e. rejects the data packets) when the MAC address in the frame does not match the authorized destination addresses authorized to receive the frames).


	Regarding claim 3, Land, Fountain and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 3 as follows:
The network switch of either of claims 1, 
wherein the characteristic comprises how frequently the first electronic device transmits the data packet; and wherein the reference value includes a threshold value defining how frequently the first electronic device is permitted to transmit the data packet (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. describing characteristic) as part of determining how frequently data packet is transmitted) and comparing the time interval with a permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames) (see also Fountain, paras. [0026]-[0027], [0061]-[0062], [0070]: comparing time frames arrives with maximum bandwidth tolerated and determining frequency of transmission rates).

Regarding claim 4, Land, Fountain and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 4 as follows:
The network switch of claim 1, 
wherein the actual value is an amount of time lapsing since the network switch last received the data packet from the first electronic device, and wherein the computing device(s) are further configured to reject the data packet when the actual value is greater than a [[the]] threshold value (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. actual value) as part of determining how frequently data packet is transmitted (i.e. describing characteristic)) and comparing the time interval with a permitted minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein when the time interval for the frame exceeds the bandwidth allocation gap are dropped) (see also Fountain, paras. [0061]-[0062]).

Regarding claim 5, Land, Fountain and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 5 as follows:
The network switch of claim 1,
wherein when a protocol for the deterministic network defines a time-division scheme comprising a first time slot for the first electronic device and a second time slot for the second electronic device, the computing device(s) are be configured to determine whether the data packet was transmitted during the first time slot (pp. 4, 6: virtual links over the deterministic network are time-division multiplexed (i.e. time-division scheme) such that a transmission time slot is assigned for originating and terminating  AFDX Avionics End systems (i.e. for first and second electronic devices), where the transmission time slot is within an assigned bandwidth allocation gap and determining whether the data frame is transmitted within the time slot/allocation gap).

Regarding claims 6 and 20, Land, Fountain and Zelle disclose the network switch of claim 1 and the aerial vehicle of claim 18.
Land discloses the limitations of claims 6 and 20 as follows:
a payload of the data packet includes data comprising one or more entries, and wherein the characteristic comprises an approved range of values for the data (Land, pp. 3-4, Figs. 3-4: data frames/packets comprise payload comprising multiple entries and wherein the permitted parameters of the frames comprises a range of values for the bandwidth allocation gap time slot (i.e. an approved range of values for the data)).

Regarding claim 7, Land, Fountain and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 7 as follows:
The network switch of claim 6, wherein the computing device(s) are further configured to reject the data packet when the actual value falls outside the approved range of values (pp. 6-7: dropping/rejecting frames when the frame transmission time falls outside the range of values for the bandwidth allocation gap).

	Regarding claim 10, Land discloses the limitations substantially as follows:
A method for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the method comprising: 
receiving, at a network switch of the deterministic network, a data packet comprising at least a source address and a destination address (pp. 3-4, Figs. 3-4: receiving at a AFDX switch of a deterministic network a frame with a frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses); 
determining, by the network switch, whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determining, by the network switch, whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6: determining destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, comparing, by the network switch, an actual value for a characteristic of the data packet against a reference value for the characteristic (pp. 3, 5: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission as permitted frame parameters for a data frame (i.e. characteristics of data packets) against a maximum frame size and prior sequence number (i.e. reference values) required for permitted frame parameters); and 
responsive to determining the characteristic corresponds to the reference value, transmit the data packet to the destination address  (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 10 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value 
However, in the same field of endeavor Fountain discloses the limitations of claim 10 as follows:
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices on the deterministic network (paras. [0021], [0034], [0042]-[0044], [0052], [0057]: determining by a switch whether the source of the packets of critical data (i.e. source address) corresponds to one of the computing devices that is the sole authorized source of the data (i.e. first electronic device) on the deterministic network); 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network, the second electronic device being different than the first electronic device (paras. [0024], [0042]-[0044]: determining by a switch whether the destination of the VLAN tag identifies a computing device (i.e. second electronic device) as one of the sole computing devices 104 that is  a sole authorized destination (i.e. destination address) for the VC data),
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (paras. [0010], [0024], [0042]-[0044]: preventing any packets from being received (i.e. dropping the packets) responsive to determining that the packet does not have a source address or destination that corresponds to the authorized sole source and authorized sole destination (i.e. do not correspond to the plurality of electronic devices) on the deterministic network); 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value  (paras. [0026], [0042]-[0044], [0052], [0057], [0061] Fig. 2: comparing the MAC address (i.e. actual value) of the source of the VLAN tag (i.e. characteristic) and the MAC address (i.e. actual value) of the destination of the VLAN tag (i.e. characteristic) correspond to the permitted sole authorized source and destinations (i.e. reference values)); transmit the data packet to the destination address when the actual value for the characteristic corresponds to the reference value for the characteristic (paras. [0042]-[0044], [0052], [0057], Fig. 2 : transmitting the frames to the computing device of the MAC destination when the source/destination MACs from the frame correspond to the authorized source and destinations).
Fountain is combinable with Land because both are from the same field of endeavor of generating virtual links for transmitting packets over a deterministic network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of only transmitting data when the destination address matches a computing device designated as the sole destination with the system of Land in order to “avoid destinations receiving spurious data from other, faulty or malicious, destinations” (Fountain, para. [0024]) as well as to “avoid VLAN hopping attacks, e.g. double tagging and switch spoofing” (Fountain, para. [0043]).
Neither Land or Fountain disclose the remaining limitations of claim 10 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 10 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Fountain and Land because all three are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Fountain and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

	Regarding claim 11, Land, Fountain and Zelle disclose the limitations of claim 10.
Land discloses the limitations of claim 11 as follows:
The method of claim 10, 
wherein the characteristic comprises how frequently the first electronic device transmits the data packet; wherein the reference value includes a threshold value defining how frequently the first electronic device is allowed to transmit the data packet, wherein the actual value is equal to an amount of time lapsing since the network switch last received the data packet from the first electronic device, and wherein the method further comprises rejecting, by the network switch (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. actual value) as part of determining how frequently data packet is transmitted (i.e. describing characteristic)) and comparing the time interval of reception of the frame with a permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein the time interval equals the amount of time that has passed since the last transmission/frame received and dropping frames when the time interval exceeds the bandwidth allocation gap).

Regarding claim 13, Land, Fountain and Zelle disclose the limitations of claim 10.
Land discloses the limitations of claim 13 as follows:
The method of claim 12, a [[the]] payload includes data comprising one or more entries, and wherein the characteristic comprises a range of allowable values for the data (Land, pp. 3-4, Figs. 3-4: data frames/packets comprise payload comprising multiple entries and wherein the permitted parameters of the frames comprises a range of values for the bandwidth allocation gap time slot (i.e. an approved range of values for the data)).

Regarding claim 14, Land, Fountain, Zelle disclose the limitations of claim 10.
Land discloses the limitations of claim 14 as follows:
The method of claim 13, wherein the computing device(s) are further configured to reject the data packet when the actual value falls outside the range of allowable values (pp. 6-7: dropping/rejecting frames when the frame transmission time falls outside the range of values for the bandwidth allocation gap).

Regarding claim 18, Land discloses the limitations substantially as follows:
An aerial vehicle (p. 1: switch is part of an avionics system such as an airbus (i.e. aerial vehicle)) comprising: 
a deterministic communication network (p. 1: deterministic network); 
one or more electronic device communicatively coupled to the communication network (Figs. 1, 6: avionics endpoint systems); and 
a network switch communicatively coupled to the communication network, the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising at least a source address and a destination address (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets comprising a frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses); 
determine whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determine whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6: determining destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, compare an actual value for a characteristic of the data packet against a reference value for the characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission as permitted frame parameters for a data frame (i.e. characteristics of data packets) against a maximum frame size and prior sequence number (i.e. reference values) required for permitted frame parameters); and 
responsive to determining the characteristic corresponds to the reference value, transmit the data packet to the destination address  (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 18 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value 
However, in the same field of endeavor Fountain discloses the limitations of claim 18 as follows:
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices on the deterministic network (paras. [0021], [0034], [0042]-[0044], [0052], [0057]: determining by a switch whether the source of the packets of critical data (i.e. source address) corresponds to one of the computing devices that is the sole authorized source of the data (i.e. first electronic device) on the deterministic network); 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network, the second electronic device being different than the first electronic device (paras. [0024], [0042]-[0044]: determining by a switch whether the destination of the VLAN tag identifies a computing device (i.e. second electronic device) as one of the sole computing devices 104 that is  a sole authorized destination (i.e. destination address) for the VC data),
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (paras. [0010], [0024], [0042]-[0044]: preventing any packets from being received (i.e. dropping the packets) responsive to determining that the packet does not have a source address or destination that corresponds to the authorized sole source and authorized sole destination (i.e. do not correspond to the plurality of electronic devices) on the deterministic network); 
compare an actual value for a characteristic of the data packet against a reference value for the characteristic to determine whether the characteristic corresponds to the reference value  (paras. [0026], [0042]-[0044], [0052], [0057], [0061] Fig. 2: comparing the MAC address (i.e. actual value) of the source of the VLAN tag (i.e. characteristic) and the MAC address (i.e. actual value) of the destination of the VLAN tag (i.e. characteristic) correspond to the permitted sole authorized source and destinations (i.e. reference values)); and 
transmit the data packet to the destination address when the actual value for the characteristic corresponds to the reference value for the characteristic (paras. [0042]-[0044], [0052], [0057], Fig. 2 : transmitting the frames to the computing device of the MAC destination when the source/destination MACs from the frame correspond to the authorized source and destinations).
Fountain is combinable with Land because both are from the same field of endeavor of generating virtual links for transmitting packets over a deterministic network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of only transmitting data when the 
Neither Land or Fountain disclose the remaining limitations of claim 18 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 18 as follows:
determine whether the data packet is corrupted based, at least in part, on an error-detecting code included in a header of the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Fountain and Land because all three are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Fountain and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Fountain (US 2014/0310354) and Zelle (US 4,942,574), as applied to claims 1, 10 and 18, further in view of Pope (US 2014/0304803).
Regarding claim 20, Land, Fountain and Zelle disclose the aerial vehicle of claim 18.
Land discloses the limitations of claim 20 as follows:
wherein the payload includes data comprising one or more entries, and wherein the characteristic comprises an approved range of values for the data (Land, pp. 3-4, Figs. 3-4: data frames/packets comprise payload comprising multiple entries and wherein the permitted parameters of the frames comprises a range of values for the bandwidth allocation gap time slot (i.e. an approved range of values for the data)).
Neither Land, Fountain or Zelle discloses the remaining limitations of claim 20 as follows:
wherein the data packet comprises a header and a payload, wherein the header includes the source address and the destination address
However, in the same field of endeavor Pope discloses the remaining limitations of claim 20 as follows:
wherein the data packet comprises a header and a payload, wherein the header includes the source address and the destination address (paras. [0040]-[0041], [0078]: data packets include a header comprising source and destination endpoint addresses)
Pope is combinable with Land, Fountain and Zelle because all four are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Pope’s method of including a source and destination address in a header with the system of Land, Fountain and Zelle because locating the source/destination addresses in the header is typical (i.e. well-known) (see Pope, para. [0078] and in order to enable the system to lookup the corresponding rules/policies for the endpoints located at the corresponding addresses of the source and destination.

Claims 8-9 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Fountain (US 2014/0310354) and Zelle (US 4,942,574), as applied to claims 1 and 10, further in view of Barron (US 2002/0210754) and Frattura (US 2010/0268933).
Regarding claims 8 and 15, Land, Fountain and Zelle disclose the network switch of claim 1 and the aerial vehicle of claim 18.
Land discloses the limitations of claims 8 and 15 as follows:
wherein the first electronic device is included within a first subnetwork of the deterministic network and the second electronic device is included within a second subnetwork of the deterministic network (Figs. 1, 6: originating AFDX End System is part of avionics subsystem on one side of the AFDX switch while the receiving AFDX End Systems are part of a different/second Avionics subsystem on the other side of the switch),
Neither Land, Fountain and Zelle discloses the limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, and wherein a portion of the data included in the payload of the data packet is classified as secret data.
However, in the same field of endeavor Barron discloses the remaining limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, (paras. [0017]-[0018]: communications with security transform device (i.e. first subnetwork) are for encrypted (i.e. data classified as secret) and unencrypted/non-secret data, while communications with nodes 102-104 (i.e. second subnetwork) are for unencrypted/non-secret data, while packets over the network with the security transform device are encrypted (i.e. portion of payload of packets is secret).
Barron is combinable with Land, Fountain and Zelle because all four are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Barron’s method of handling non-secret/unencrypted and secret/encrypted data with the system of Land, Fountain and 
Neither Land, Fountain, Zelle or Barron disclose the remaining limitations of claims 8 and 15 as follows:
and wherein a portion of the data included in the payload of the data packet is classified as secret data (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
Frattura is combinable with Land, Fountain, Zelle and Barron because all five are from the same field of providing security features for securely transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of determining portions of a payload that are secret or confidential with the system of Land, Fountain, Zelle and Barron in order to distinguish between secret data requiring additional security measures and non-secret data.

Regarding claim 9, Land, Fountain, Zelle, Barron and Frattura disclose the network switch of claim 1.
Frattura discloses the limitations of claim 9 as follows:
The network switch of claim 8, wherein the computing device(s) are configured to redact or obfuscate the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Fountain, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Regarding claim 16, Land, Fountain, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 16 as follows:
The method of claim 15, wherein the method further comprises redacting, by the one or more computing device(s) the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions comprise data considered to be secret, classified, confidential, privileged or private). 


Regarding claim 17, Land, Fountain, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 17 as follows:
The method of either of claim 15 or 16, wherein the method further comprises obfuscating, by the one or more computing device(s), the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Fountain, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against 

Conclusion 
For the above reasons, claims 1-20 are rejected.
Prior art not relied upon but applied/considered includes:
1) Dull (Us 2005/0018693) discloses filtering and discarding packets based upon destination address of packets.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.