Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA ,

DETAILED ACTION
This office action is a response to a non-provisional application Number 17/044,999 filed on 10/02/2020. This application is a 35 USC §371 of International Application No. PCT/US2019/025666 filed on 04/03/2019, which claims benefit of provisional application No. 62/652,034 filed on 04/03/2018. A preliminary amendment with the application is entered. Claims 21-60 are cancelled. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/02/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 12-13 are objected to because of the following informalities:

Claim 12: should read, “…identify a first digit in the hash value based on [[the]]a prime number…” in order to avoid lack of antecedent basis.

Claim 13: should read, “…provide, to the second mobile device, the hash function and [[the]]a prime number …” in order to avoid lack of antecedent basis.

Appropriate correction/s is/are required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

The following is a quotation of pre-AIA  35 U.S.C. 112, second paragraph: 
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claim 7 and 8 are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claim 7, the feature “receive, from the first mobile device, a second timestamp generated by the first mobile device based on the first timestamp and the network latency” is unclear. What is intended by “generating a second timestamp generated…based on the network latency? Is a second data packet sent in response to the first data packet, and does the second data packet comprise a second timestamp similar to the way the first data packet comprise the first timestamp? Furthermore the feature “a gateway device to: synchronize, based on the second timestamp received from the first mobile device and a ping time, the first mobile device” is unclear, because neither the claim nor the specification indicate how “a ping time” is determined. 
For the purpose of examination, a broad reasonable interpretation of “a ping time” is assumed to be as “the difference between the time when a first data packet is transmitted (= the first timestamp) and the time when a second data packet (carrying the second timestamp) is received in response to the first data packet”, and the claim is assumed to read as follows:
“Claim 7: (Currently Amended) The system of claim 1, comprising the gateway device to: determine network latency based on the authentication process executed with the first mobile device; transmit, to the first mobile device responsive to authentication of the first mobile device, a first data packet comprising a first timestamp generated by the data processing system second data packet comprising a second timestamp generated by the first mobile device in response to the first data packet 

Regarding claim 8, the feature “receive, from the first mobile device, a second timestamp generated by the first mobile device based on the first timestamp and the network latency” is unclear. What is intended by “generating a second timestamp generated…based on the network latency? Is a second data packet sent in response to the first data packet, and does the second data packet comprise a second timestamp similar to the way the first data packet comprise the first timestamp?  
For the purpose of examination, the claim is assumed to read as follows:
Claim 8. (Currently Amended) The system of claim 1, comprising the data processing system to: determine a network latency based on the authentication process executed with the first mobile device; transmit, to the first mobile device responsive to authentication of the first mobile device, a data packet comprising a first timestamp generated by the data processing system and the network latency determined based on the authentication process executed with the first mobile device; receive, from the first mobile device, a second data packet comprising a second timestamp generated by the first mobile device in response to the first data packet 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

 Claims 1-3, 5, 7-10, 14-16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brand et al. (US 20050220017 A1; hereinafter “Brand”) in view of Eyada et al. (US 8953623 B1; hereinafter ”Eyada”), and further in view of Nichols et al. (US 20160315860 A1; hereinafter “Nichols”).

Regarding claim 1, Brand discloses a system for active network security in information technology infrastructure, comprising: 
a data processing system, comprising one or more processors to provide a hash function for storage in a block chain record ([0020] and Fig. 2: a communication device 104 may include a processor 204, memory 208; [0024] The data storage 224 may store any number of applications, including a port hopping application 232; [0008] a new port number may be selected using a predetermined progression (analogous to using a hash function) that is known to the endpoints (including the mobile device); indicates storing hash function related to port hopping in a storage that is equivalent to a block chain record),; 
a gateway device comprising one or more processors ([0016] and Fig. 1: communication devices 104a and 104b; [0017] a communication device 104 may comprise a network gateway) to: 
authenticate a first mobile device ([0005] An enhancement to standard RTP is secure RTP. Secure RTP provides privacy through payload encryption, and authentication through digital certificates. Accordingly, secure RTP allows a device to positively confirm the source of every received data packet.), and 
cause a client clock of the first mobile device to synchronize with the master clock ([0009] a communication device 104 may comprise an Internet protocol (IP) telephone…a process of synchronization may be performed to accommodate clock skew between devices); and 
the first mobile device to determine a port number based on application of the hash function a signal generated by the first mobile device synchronized with the gateway device, wherein the first mobile device hops ports based on a time interval during communication with one or more mobile devices connected to the gateway device ([0024] and Fig. 2: The data storage 224 may store any number of applications, including a port hopping application 232; [0008] a new port number may be selected using a predetermined progression (analogous to using a hash function) that is known to the endpoints (including the mobile device); [0009] a new port number may be generated or selected in response to a signal generated by a node participating in the communication. The period of time during which a port is open (or valid) may overlap with the period of time during which the next port is open (or valid). By providing overlap, jitter, clock skew and network delays can be accommodated. In accordance with embodiments of the present invention, a process of synchronization may be performed to accommodate clock skew between devices.).
But Brand does not disclose (a) a data processing system to provide a hash function and a routing table for storage in a block chain record; (b) a gateway device to: authenticate a first mobile device, and provide, responsive to authentication of the first mobile device, an indication of the block chain record to the first mobile device; and (c) the first mobile device to determine a port number based on application of the hash function to a current timestamp generated via the client clock of the first mobile device synchronized with the gateway device.
However, in the context of load balancing within a network device, Eyada discloses a data processing system to provide a hash function and a routing table for storage in a block chain record (Col. 6, Lines 22-24: The hash function generates a range of hash values, and each packet when hashed corresponds to exactly one of the hash values; (Col. 9, Lines 36-48: Packet forwarding engine 42 (= a data processing system) may apply a hash function to information extracted from received network traffic (e.g., received packets) to generate a result that corresponds to one of line cards 36. The extracted information may include a five-tuple, a three-tuple, a V-LAN tag, an M-LAN tag, a C-LAN tag, a source and/or destination media access control (MAC) address, or other information from the received packet (= a block chain record). A five-tuple typically includes a source IP address of the originating device, a destination IP address, a source port, a destination port, and a protocol identifier. A three-tuple typically includes a source IP address of the originating device, a destination IP address, and an Internet control message protocol (ICMP) identifier; Col. 14, Lines 15-18:  Applying the hash function to the extract tuple generates an index value that maps to a computing resource of NAD 30 (110). The mapping, in various instances, is stored in routing tables 46.); and
a gateway device to: authenticate a first mobile device, and responsive to authentication of the first mobile device, associate the first mobile device to a block chain record (Col. 4, Lines 40-46:  As shown in the example of FIG. 1, service provider network 12 includes an authentication device in the exemplary form of an authentication, authorization and accounting (AAA) server 18. AAA server 18 provides AAA services in accordance with AAA protocols. Other types of AAA protocols include a remote authentication dial-in user subscriber (RADIUS) protocol…Col. 4, Lines 51-57: Upon initially connecting to service provider network 12, one of customer devices 14, such as customer device 14A (= a mobile device), authenticates with the service provider in accordance with, in this example, the RADIUS protocol. Assuming successful authentication, network access device (NAD) 16A may associate the subscriber with a customer virtual local area network (C-VLAN) tag…; associating a VLAN tag to the mobile device is analogous to associating a block chain record to the first mobile device; Col. 5, Lines 4-6: one or more of NADs 16 may be a gateway device that, for example, provides network services to for mobile subscribers; Col. 19, Lines 21-23: forwarding unit 130A performs a lookup in routing tables and applies a hash function to a packet characteristic in parallel.).
Furthermore, in the same field of endeavor, Nichols discloses a data processing system, comprising one or more processors to provide a hash function and a routing table for storage in a block chain record ([0045] At 610 the arrival time at the monitoring point of the next usable packet is saved with a hash key. In one embodiment, the hash table key is formed by combining the packet source address, destination address and the timestamp from the host that last transmitted the packet; the storing of the source address and destination addresses is equivalent to storing a routing table in a block chain record);
a gateway device, to provide to the first mobile device, a timestamp generated by a master clock to cause a client clock of the first mobile device to synchronize with the master clock ([0026] and Fig. 5:  MP0 40 (a monitoring point equivalent to a gateway) is implemented in a network routing element that receives the data from Host A 20 (= a first mobile device). [0028] and Figs. 1 and 2: Host A 20 and Host B 30 illustrate such a communicating pair with causal Packet_j 180 carrying time stamp 120 and resulting in Packet_i 170 with time stamp 110; [0046] A scaling function is determined at 630 to align a frequency of a host protocol clock to a monitoring point clock. In another embodiment, one of a frequency and a frequency drift are aligned; [0047] A temporal offset is removed at 650. In another embodiment, one of temporal offset and a clock skew are removed; thus achieving synchronization); and 
a data processing system to provide a hash function and determine a port number based on application of the hash function to a current timestamp generated via the client clock of the first mobile device synchronized with the gateway device ([0045] At 610 the arrival time (= timestamp) at the monitoring point of the next usable packet is saved with a hash key. the hash key is formed by combining the Internet source and destination addresses of the packet, the protocol source and destination port numbers, and the timestamp from the host; [0050] and Fig. 8: the Hash Table 820 includes a Key (e.g. Hash Table Key) 840, a source address 850 of the packet, a destination address 860 of the packet, and an Identifier (ID) field 870. thus a hash key is associated with a port number and timestamp.).
Thus all the elements of claim 1 are known in Brand, Eyada, and Nichols. Brand teaches authenticating a first mobile device, synchronizing client clock with a master clock in the network, and port hopping based on a received signal. Eyada teaches upon authentication of a mobile device, providing a hash function and associated routing table in a storage record. Nichols teaches synchronizing client clock of a mobile device with a master clock of a gateway and using current timestamp as a hash key to determine a port number based on the application of a hash function. The only difference is the combination of “old elements” into a system for active network security in information technology infrastructure. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, based on the above teachings from Nichols and Eyada, to derive the limitations of claim 1, because the modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification in order to prevent unauthorized access to the network and efficiently avoid denial of service attacks.

Regarding claim 2, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Nichols further discloses wherein the master clock of the gateway device corresponds to a global positioning system clock ([0037] Compared to a global reference clock (= a global positioning system clock), the amount of time represented by each increment of the timeline clocks may differ. Further, the timeline clocks can skew and drift differently and can have different offset values. Thus, all timeline samples must be resolved to the same clock, with removed differences in the clock frequencies, frequency drift, offset values and offset skew.).

Regarding claim 3, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Brand further discloses the first mobile device to retrieve, from the block chain record, the hash function ([0024] and Fig. 2: The data storage 224 may store any number of applications, including a port hopping application 232; [0008] a new port number may be selected using a predetermined progression (analogous to a hash function in a block chain record) that is known to the endpoints (including the first mobile device); [0009] a new port number may be generated or selected in response to a signal generated by a node participating in the communication.).

Regarding claim 5, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Eyada further discloses the gateway device to: receive, from the first mobile device, a data packet configured for transmission to a second gateway device; determine, based on the routing table, an IP address for the second gateway device; and forward, to the second gateway device, the data packet (Col. 16, Lines 16-25:  Core network 125 of SP network 124 includes mobile gateway 128 logically connected to each of Serving Gateways 142 via S5 interfaces (or "reference points") operating over respective communication links 134A-134D… As a router, mobile gateway 128 also executes routing protocols to identify routes through SP network 124 or PDN 129 to various destinations; thus mobile gateway 128 (= a first gateway device) can route a data packet to another gateway 142 (= a second gateway device) based on the IP address of gateway 142 and a routing table.).

Regarding claim 7, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Nichols further discloses a method for a second device (= a gateway device) transmitting, to a first device (= a first mobile device), a data packet comprising a first timestamp generated by the second device, and receiving a second data packet with a second timestamp generated by the first device in response to the first data packet; determining network latency based on the arrival time of the second data packet and the second timestamp; and synchronizing with the first device based on the second timestamp and a ping time ([0023] the monitoring point (= a gateway device or a data processing system) provides a number of delay measurements between one or more hosts (= one or more mobile devices) or the monitoring point (= a gateway or a data processing device) aligned to, and with the accuracy of, the monitoring point clock. [0028] a packet arriving from one of a pair of communicating hosts causes the other host of the pair to send a packet and this response will include the time stamp (= a second timestamp) from the causal packet as well as the sending host's time stamp (= a first timestamp). In FIG. 1 and FIG. 2, HostA 20 and HostB 30 illustrate such a communicating pair with causal Packet_j 180 carrying time stamp 120 (= first timestamp) and resulting in Packet_i 170 with time stamp 110 (= second timestamp); [0029] [0029] In FIG. 2, Packet_i arriving at MP0 40 has two timestamps and a time measurement associated with it: tsi is on timeline 140 at HostA 20 at the time it sent Packet_i, tei 120 is on timeline 160 at HostB 30 at the time it sent Packet_j 180, and tmpi 130 is on timeline 150 at MP0 40… The final measurement is tmpi, which is the time that Packet_i 170 arrives at the monitoring point; [0031] To understand the information contained in the packet time stamps under realistic assumptions, the delay estimate (= ping time) can be broken into its component parts, transit, which is the minimum delay on a path segment (= latency), and queuing seen by the "i" numbered sample packet; [0036] The above allows delay variation estimates to be computed based on single packet samples and includes removing the potentially different clock offsets; [0037] Compared to a global reference clock, the amount of time represented by each increment of the timeline clocks may differ. Further, the timeline clocks can skew and drift differently and can have different offset values. Thus, all timeline samples must be resolved to the same clock, with removed differences in the clock frequencies, frequency drift, offset values and offset skew; indicates achieving synchronization between two devices by accounting for network latency, queuing time, and clock offsets included in determining a ping time.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above further teaching from Nichols to derive “the gateway device to: determine network latency based on the authentication process executed with the first mobile device; transmit, to the first mobile device responsive to authentication of the first mobile device, a first data packet comprising a first timestamp generated by the data processing system second data packet comprising a second timestamp generated by the first mobile device in response to the first data packet 

Regarding claim 8, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Nichols further discloses Nichols further discloses a method for a second device (= a data processing system) transmitting, to a first device (= a first mobile device), a data packet comprising a first timestamp generated by the second device, and receiving a second data packet with a second timestamp generated by the first device in response to the first data packet; determining network latency based on the arrival time of the second data packet and the second timestamp; and synchronizing with the first device based on the second timestamp and a ping time ([0023] the monitoring point (= a gateway device or a data processing system) provides a number of delay measurements between one or more hosts (= one or more mobile devices) or the monitoring point (= a gateway device or a data processing system) aligned to, and with the accuracy of, the monitoring point clock. [0028] a packet arriving from one of a pair of communicating hosts causes the other host of the pair to send a packet and this response will include the time stamp (= a second timestamp) from the causal packet as well as the sending host's time stamp (= a first timestamp). In FIG. 1 and FIG. 2, HostA 20 and HostB 30 illustrate such a communicating pair with causal Packet_j 180 carrying time stamp 120 (= first timestamp) and resulting in Packet_i 170 with time stamp 110 (= second timestamp); [0029] [0029] In FIG. 2, Packet_i arriving at MP0 40 has two timestamps and a time measurement associated with it: tsi is on timeline 140 at HostA 20 at the time it sent Packet_i, tei 120 is on timeline 160 at HostB 30 at the time it sent Packet_j 180, and tmpi 130 is on timeline 150 at MP0 40… The final measurement is tmpi, which is the time that Packet_i 170 arrives at the monitoring point; [0031] To understand the information contained in the packet time stamps under realistic assumptions, the delay estimate (= ping time) can be broken into its component parts, transit, which is the minimum delay on a path segment (= latency), and queuing seen by the "i" numbered sample packet; [0036] The above allows delay variation estimates to be computed based on single packet samples and includes removing the potentially different clock offsets; [0037] Compared to a global reference clock, the amount of time represented by each increment of the timeline clocks may differ. Further, the timeline clocks can skew and drift differently and can have different offset values. Thus, all timeline samples must be resolved to the same clock, with removed differences in the clock frequencies, frequency drift, offset values and offset skew; indicates achieving synchronization between two devices by accounting for network latency, queuing time, and clock offsets included in determining a ping time.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above further teaching from Nichols to derive “the data processing system to: determine a network latency based on the authentication process executed with the first mobile device; transmit, to the first mobile device responsive to authentication of the first mobile device, a data packet comprising a first timestamp generated by the data processing system and the network latency determined based on the authentication process executed with the first mobile device; receive, from the first mobile device, a second data packet comprising a second timestamp generated by the first mobile device in response to the first data packet 

Regarding claim 9, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Eyada further discloses the data processing system to: store an updated hash function at a subsequent block chain record; and provide, to the gateway device, an indication of the subsequent block chain record (Col. 9, Lines 36-48: Packet forwarding engine 42 (= a data processing system) may apply a hash function to information extracted from received network traffic (e.g., received packets) to generate a result that corresponds to one of line cards 36. The extracted information may include a five-tuple, a three-tuple, a V-LAN tag, an M-LAN tag, a C-LAN tag, a source and/or destination media access control (MAC) address, or other information from the received packet (= a block chain record). A five-tuple typically includes a source IP address of the originating device, a destination IP address, a source port, a destination port, and a protocol identifier. A three-tuple typically includes a source IP address of the originating device, a destination IP address, and an Internet control message protocol (ICMP) identifier; Col. 14, Lines 15-18: Applying the hash function to the extract tuple generates an index value that maps to a computing resource of NAD 30 (110). The mapping, in various instances, is stored in routing tables 46; an updated block chain record includes an updated hash function and an updated routing table);

Regarding claim 10, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Eyada further discloses determining a hash value based on the hash function and the current timestamp; and select the port number as the hash value (Col. 6, Lines 22-24: The hash function generates a range of hash values, and each packet when hashed corresponds to exactly one of the hash values; Col. 9, Lines 36-48: Packet forwarding engine 42 may apply a hash function to information extracted from received network traffic (e.g., received packets) to generate a result that corresponds to one of line cards 36. The extracted information may include a five-tuple, a three-tuple, a V-LAN tag, an M-LAN tag, a C-LAN tag, a source and/or destination media access control (MAC) address, or other information from the received packet. A five-tuple typically includes a source IP address of the originating device, a destination IP address, a source port, a destination port, and a protocol identifier. A three-tuple typically includes a source IP address of the originating device, a destination IP address, and an Internet control message protocol (ICMP) identifier.).
Furthermore Brand discloses port selection by a mobile device based on a known hash function ([0024] and Fig. 2: The data storage 224 may store any number of applications, including a port hopping application 232; [0008] a new port number may be selected using a predetermined progression (analogous to a hash function) that is known to the endpoints (including the mobile device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above further teachings from Eyada and Brand to derive “the first mobile device to: determine a hash value based on the hash function and the current timestamp; and select the port number as the hash value”, because the modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification in order to prevent unauthorized access to the network, and efficiently avoid denial of service attacks.

Claims 14-16, 18, and 20 are rejected on the same grounds set forth in the rejection of claims 1-3, 5, and 7, respectively. Claims 14-16, 18, and 20 recite similar features as in claims 1-3, 5, and 7, respectively, from the perspective of a method.

Claims 4 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Brand in view of Eyada, in view of Nichols, and further in view of Oran et al. (US 20070070996 A1; hereinafter “Oran”).

Regarding claim 4, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth. But Brand, Eyada, and Nichols do not disclose the first mobile device to: detect that the gateway device entered an offline mode; synchronize, responsive to the detection, the client clock with a remote master clock different from the master clock of the gateway device; establish a mesh network with the one or more mobile device based on application of the hash function to a timestamp generated by the client clock synchronized with the remote master clock; and communicate, via the mesh network absent the gateway device, with the one or more mobile devices, wherein the first mobile device and the one or more mobile devices hop ports based on the time interval during communication with one or more mobile devices connected to the gateway device.
However, in the same filed of endeavor, Oran discloses a synchronized port hopping method among peer to peer devices (absent a gateway) that applies hash function to a TCP sequence number for a next packet and then applies a port hopping algorithm to determine a port within a port range ([0013] Referring to FIG. 1, peer devices 12 and 22 conduct a synchronized port hopping scheme that uses different variable port numbers 24 to transfer packets 14A during a same Transmission Control Protocol (TCP) connection 15. The peer devices 12 and 22 can be any type of endpoint that establishes a TCP connection 15 with another endpoint. For example, peers 12 and 22 may be computer terminals, Personal Computers (PCs), Personal Digital Assistants (PDAs), smart cellular phones, or any other type of wired or wireless device that initiates or receives Internet communications; [0020] In operation 53, the peers 12 and 22 (FIG. 1) synchronize port hopping schemes by agreeing on a port-range, the initial sequence number, and a port hopping algorithm or sequence... the sending peer generates the pseudo-random port address values by hashing a TCP sequence number for a next packet into a range equal in size to the port-hopping space for this connection, and then applying the agreed upon port hopping algorithm or sequence within that port range; [0023] The peer receiving the TCP packet generates port numbers in the same manner as the sender. The receiving peer reads the sequence number for a received packet and hashes or maps the sequence number for the packet using the previously agreed upon port hopping scheme.). Based on this teaching, a skilled person would be able to derive a synchronized port hopping method among peer-to-peer devices (in case the gateway is offline) that applies hash function to a timestamp for a next packet and then applies a port hopping algorithm to determine a port within a port range.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above teaching from Oran to derive the limitations of claim 4, because the modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification in order to prevent unauthorized access to the network even when the gateway is offline, and efficiently avoid denial of service attacks.

Claim 17 is rejected on the same grounds set forth in the rejection of claim 4. Claim 17 recites similar features as in claim 4, from the perspective of a method.

Claims 6 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Brand in view of Eyada, in view of Nichols, and further in view of Ahrenholz et al. (US 10069726 B1; hereinafter “Ahrenholz”).

Regarding claim 6, Brand, Eyada, and Nichols disclose the limitations of claim 5 as set forth. But Brand, Eyada, and Nichols do not disclose wherein the gateway device forwards the data packet to the second gateway device via an anonymous overlay network comprising a plurality of relays.
However, in the same field of endeavor, Ahrenholz discloses a method for managing communication over a network, wherein a gateway device forwards a received data packet to a second gateway device via an anonymous overlay network comprising a plurality of relays (Col. 4, Lines 57-59: a relay engine may be instantiated to perform one or more actions for overlay network identity based relays; Col. 19, Lines 19-29: a gateway computer, such as, gateway computer 418, or the like, may broadcast requests to establish a connection to a target gateway computer to multiple relays… the relay computer selected by the gateway computer may be the first relay computer to complete the handshake process; Col. 25, Lines 25-27 and Figs. 1 and 9: the source gateway computer may attempt to employ a relay computer to facilitate communication [with] the target gateway computer; Col. 27, Lines 8-12: once a management platform server has published a policy allowing an overlay network connection between two gateway computers, network address information (e.g., IP addresses and ports) need to be determined for both gateway computers.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 5 based on the above teaching from Ahrenholz to derive the limitations of claim 6, because the modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification by forwarding data packets to a second gateway via relays in order to manage communication over a network in which host identity is distinct from its topological location on a network.

Claim 19 is rejected on the same grounds set forth in the rejection of claim 6. Claim 19 recites similar features as in claim 6, from the perspective of a method.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Brand in view of Eyada, in view of Nichols, and further in view of Inoue et al. (US 20060023662 A1; hereinafter “Inoue”).

Regarding claim 11, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Nichols further discloses providing a hash function and determine a port number based on application of the hash function to a current timestamp as a hash value ([0045] At 610 the arrival time (= timestamp) at the monitoring point of the next usable packet is saved with a hash key. the hash key is formed by combining the Internet source and destination addresses of the packet, the protocol source and destination port numbers, and the timestamp from the host; [0050] and Fig. 8: the Hash Table 820 includes a Key (e.g. Hash Table Key) 840, a source address 850 of the packet, a destination address 860 of the packet, and an Identifier (ID) field 870. thus a hash key is associated with a port number and timestamp.).
But Brand, Eyada, and Nichols do not disclose the first mobile device to: determine a message authentication code based on a message authentication process; select the port number based on inputting the message authentication code into the hash function.
However, in the same filed of endeavor, Inoue discloses determining a message authentication code based on a message authentication process; and using this authentication code as a hash value into a hash function, which is communicated to a mobile terminal ([0124] and Figs. 1 and 10: In the case where the device 2 accesses the cellular phone network 6, the device 2 attaches a message authentication code based on a one way hash function such as MD5, for example, by using this authentication key, to a message in a prescribed format, and transmits this message to the mobile terminal device 20.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above teaching from Inoue and the further teaching from Nichols, to derive the limitations of claim 11, because the modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification in order to prevent unauthorized access to the network and efficiently avoid denial of service attacks.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Brand in view of Eyada, in view of Nichols, and further in view of Bhullar et al. (2016 2nd International Conference on Next Generation Computing Technologies (NGCT-2016), Dehradun, India 14-16 October 2016; hereinafter “Bhullar”).

Regarding claim 12, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth. But Brand, Eyada, and Nichols do not disclose the first mobile device to: determine a hash value based on the hash function and the current timestamp; identify a first digit in the hash value based on [[the]]a prime number; identify a predetermined number of digits in the hash value adjacent to the first digit; and select the port number based on a combination of the first digit and the predetermined number of digits.
However, in the context of developing an efficient hashing algorithm, Bhullar discloses distributing hash values using prime numbers to avoid clustering (P. 1, Sec. 1: Since the prime numbers have some sure difference among one another so, this fact can be utilized to make input uniformly distributed thus resolving the problem of collisions and clustering up to very large extent. During performance testing the proposed algorithm shows considerable improvements over other hashing techniques). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above teaching from Bhullar to derive the limitations of claim 12, because the claimed approach is simply a design implementation choice that can be selected by a person of ordinary skill in the art based on the above teaching from Bhullar. Furthermore, this modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification by implementing a hash function with hash values distributed based on prime numbers to avoid clustering and collisions in order to prevent unauthorized access to the network and efficiently avoid denial of service attacks.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Brand in view of Eyada, in view of Nichols, and further in view of Young et al.( KR 20190033251 A; hereinafter “Young”).

Regarding claim 13, Brand, Eyada, and Nichols disclose the limitations of claim 1 as set forth, and Nichols further discloses a gateway device, to provide to the second mobile device, a timestamp generated by a master clock to cause a client clock of the second mobile device to synchronize with the master clock ([0026]and Fig. 5:  MP0 40 (a monitoring point equivalent to a gateway) is implemented in a network routing element that receives the data from Host A 20 (= a first mobile device). [0028] and Figs. 1 and 2: Host A 20 and Host B 30 illustrate such a communicating pair with causal Packet_j 180 carrying time stamp 120 and resulting in Packet_i 170 with time stamp 110; [0046] A scaling function is determined at 630 to align a frequency of a host protocol clock to a monitoring point clock. In another embodiment, one of a frequency and a frequency drift are aligned; [0047] A temporal offset is removed at 650. In another embodiment, one of temporal offset and a clock skew are removed; thus achieving synchronization); and 
a data processing system to provide a hash function and determine a port number based on application of the hash function to a current timestamp generated via the client clock of the first mobile device synchronized with the gateway device ([0045] At 610 the arrival time (= timestamp) at the monitoring point of the next usable packet is saved with a hash key. the hash key is formed by combining the Internet source and destination addresses of the packet, the protocol source and destination port numbers, and the timestamp from the host; [0050] and Fig. 8: the Hash Table 820 includes a Key (e.g. Hash Table Key) 840, a source address 850 of the packet, a destination address 860 of the packet, and an Identifier (ID) field 870. thus a hash key is associated with a port number and timestamp.). A skilled person can apply these further teachings to derive the data processing system to: synchronize a clock of the second mobile device with the clock of the data processing system, and enable the second mobile device to use a hash function using timestamp as the hash value to select a port number.
But Brand, Eyada, and Nichols do not explicitly disclose the data processing system to: provide, to the second mobile device, the hash function and [[the]]a prime number to cause the second mobile device to select the same port number selected by the first mobile device to establish a communication between the first mobile device and the second mobile device.
However, in the context of enhancing successive interference cancellation (SIC) algorithm security in Non-orthogonal multiple access (NOMA), Young discloses a method of  communication between a first terminal and a second terminal, and providing, to the second mobile device, the same hash function in order to cause the second mobile device to decrypt the signal sent by the first terminal through the forwarded hash key value used by the first terminal (Abstract: The device comprises: a first terminal (10) for requesting a session to a packet gateway (20) through a base station (30) and transmitting a hash key value; a packet gateway (20) for collating the received hash key value, encrypting the corresponding hash key value, a MAC address and IMEI information through a hash function, and transmitting the same to the base station (30); the base station (30) which transmits information received at the packet gateway (20) to a second terminal (40) using the SIC; and the second terminal (40) for identifying the SIC to find a signal suitable for a user and decrypting the signal through the hash key value to receive the signal.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to apply this teaching to modify the system of Brand, Eyada, and Nichols as applied to claim 1 based on the above teaching from Young to derive “the data processing system to: provide, to the second mobile device, the hash function and [[the]]a prime number to cause the second mobile device to select the same port number selected by the first mobile device to establish a communication between the first mobile device and the second mobile device”, by using a hash value distributed using a prime number, which is simply a design implementation choice (e.g., see claim 12 rejection above). Furthermore, this modification uses prior art elements according to their established functions to produce a predictable result. This method of improving was well within the ability of one of ordinary skill in the art, who would have been motivated to perform this modification to facilitate secure communication between two terminals via a network.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Cifelli et al. (US 10291607 B1) – Authenticating a first mobile device and providing a hash function and a routing table for storage.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAILENDRA KUMAR whose telephone number is (571)270-1606.  The examiner can normally be reached on IFP M-F 8:00 am to 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chi Pham can be reached on 571-272-3179.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SHAILENDRA KUMAR/Primary Examiner, Art Unit 2471