DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 2021-01-04 has been entered.


Response to Amendment
The amendment filed 2021-01-04 has been entered and fully considered.

In light of applicant’s amendment, filed 2021-01-04, the drawings objection has been withdrawn.

In light of applicant’s amendment, filed 2021-01-04, the claim objections have been withdrawn.

In light of applicant’s amendment, filed 2021-01-04, the 35 U.S.C. § 112(a) rejection has been withdrawn.

Applicant’s arguments, see pp. 11-13, filed 2021-01-04, with respect to the claim amendments overcoming the prior art of claims 1-22 under 35 U.S.C. § 103 have been fully considered and are persuasive. 


Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Jingyuan (Jing) Huang (Reg. 74962) on 2021-04-27.

Please replace the Claims as follows:
1.	(Currently Amended) A secure network enabling secure transmission of information comprising:
a passbuilder computing device configured to: 
	generate a pass authorizing data transmission on said secure network;
determine a configuration for the secure network, the configuration including 
a sender computing node configured to: 
perform a transmission of a first packet, wherein the first packet includes a pass identifier identifying the pass authorizing the transmission of the first packet, a configuration identifier identifying the configuration associated with the first packet, and a timestamp indicating a time at which the first packet is transmitted in the associated configuration; [[and]]
a receiver computing node configured to receive said first packet from the sender computing device; and
one or more switching nodes configured to handle all packets on the secure network along links comprising communication routes communicatively coupling said sender computing device and said receiver computing device with one another, wherein the one or more switching nodes are configured to:
determine, based on the pass identifier in the first packet, that the transmission of the first packet is authorized, [[and]]
examine, upon determining that the configuration identified by the configuration identifier is currently active, whether the timestamp of the first packet satisfies the time period associated with the configuration,
forward, based on the examined timestamp of the first packet, the first packet, and
reject any packet that does not have a currently valid pass.
2.	(Previously Presented) The secure network of Claim 1, wherein said passbuilder computing device is configured to issue said pass to said sender computing device based on receiving matching requests from said sender computing device and said receiver computing device.

4.	(Previously Presented) The secure network of Claim 1, wherein said passbuilder computing device is configured to issue said pass to said sender computing device based on said sender computing device and said receiver computing device having been authenticated by demonstrating possession of or access to required credentials.
5.	(Original) The secure network of Claim 1, wherein said packet references said pass via a unique pass ID.
6.	(Previously Presented) The secure network of Claim 1, wherein said pass is revocable by said passbuilder computing device.
7.	(Previously Presented) The secure network of Claim 6, wherein said pass is a valid pass based on a determination that said pass has not been revoked by said passbuilder computing device.
8.	(Original) The secure network of Claim 1, wherein said pass is a valid pass based on a determination that said pass has not expired.
9.	(Previously Presented) The secure network of Claim 1,
wherein said packet comprises a network address of said sender computing device,
wherein said pass comprises permissions specifying a set of network addresses that are allowed to send packets under said pass, and
wherein said pass is a valid pass based on said network address of said sender computing device being within said set of network addresses.
10.	(Previously Presented) The secure network of Claim 1,
wherein said packet comprises a network address of said receiver computing device,
wherein said pass comprises permissions specifying a set of network addresses that may 
wherein said pass is a valid pass based on said network address of said receiver computing device being within said set of network addresses.
11.	(Original) The secure network of Claim 1,
wherein said pass comprises permissions, and
wherein said pass is a valid pass based on said packet complying with said permissions.
12.	(Previously Presented) The secure network of Claim 11, wherein said permissions limit one or more of:
a time of sending of said packet by said sender computing device, 
a point of entry of said packet into said secure network,
a rate at which said node may send packets under said pass, or
a number of packets that may be transmitted under said pass.
13.-14. (Canceled). 
15.	(Previously Presented) The secure network of Claim 1, 
wherein said network comprise communication routes communicatively coupling said sender computing device, said receiver computing device, and said passbuilder computing device with one another, 
wherein said communication routes comprise links implemented using the Internet Protocol, and 
wherein said packet is an IP6-compliant packet.
16.	(Currently Amended) A secure network enabling secure transmission of packets of information between a plurality of computing devices, the secure network comprising:
a passbuilder computing device configured to:
	generate a pass authorizing data transmission on said secure network;
determine a configuration for the secure network, the configuration including parameters that identify at least the pass, a time period associated with the configuration in which data transmission is allowed between 
a plurality of switching computing devices configured to handle all packets on the secure network, the plurality of switching computing devices including at least a sender computing device and a receiver computing device configured to: 
generate, by the sender computing device, a first packet, wherein the first packet includes a pass identifier (ID) identifying the pass authorizing a transmission of the first packet, a configuration ID identifying the configuration associated with the first packet, and a timestamp indicating a time at which the first packet is transmitted in the associated configuration, 
determine, based on the pass identifier in the first packet, that the transmission of the first packet is authorized,
examine, by at least one of the plurality of switching computing devices upon determining that the configuration identified by the configuration identifier is currently active, whether the timestamp of the first packet satisfies the time period associated with the configuration, [[and]] 
forward the first packet based on the examined timestamp of the first packet, and
reject any packet that does not have a currently valid pass.
17.	(Previously Presented) The secure network of Claim 16, wherein said configuration is defined within a machine-readable format.
18.	(Canceled)  
19.	(Previously Presented) The secure network of Claim 16,
wherein said passbuilder computing device concurrently designates two or more network configurations as active network configurations.

wherein said two or more network configurations comprise a current network configuration and a next network configuration, 
wherein said passbuilder computing device verifies operation of said next network configuration by operating said next configuration in a test mode, and
wherein if said next network configuration is functional, said passbuilder computing device retires said current network configuration and designates said next configuration as said current configuration. 
21.	(Currently Amended) A secure network enabling secure transmission of packets of information comprising:
a passbuilder computing device configured to: 
	generate a pass authorizing data transmission on said secure network;
determine a configuration for the secure network, the configuration including parameters that identify at least the pass, a time period associated with the configuration in which data transmission is allowed between authorized nodes and a listing of nodes authorized to perform data transmission on the secure network; and
a plurality of computing devices connected via a plurality of links, the plurality of computing devices comprising one or more switching nodes configured to handle all packets on the secure network, and a sender computing device and a receiver computing device configured to:  
generate, by the sender computing device, a first packet, wherein the first packet includes a pass identifier (ID) identifying the pass authorizing a transmission of the first packet, a configuration ID identifying the configuration associated with the first packet, and a timestamp indicating a time at which the first packet is transmitted in the associated configuration; [[and]] 
determine, based on the pass identifier in the first packet, that the transmission of the first packet is authorized,

forward the first packet based on the examined timestamp of the first packet; and
reject any packet that does not have a currently valid pass. 
22.	(Previously Presented) The secure network of Claim 21, wherein said time horizon for a new network configuration is set to zero when said new configuration becomes active.
23.	(Previously Presented) The secure network of Claim 21, wherein each of the plurality of computing devices is configured to track a time horizon for each network configuration for each of the plurality of links to corresponding computing devices, and wherein the receiver computing device is configured to accept the first packet over one of the plurality of links based on the timestamp of the first packet being later than the time horizon tracked for the one of the plurality of links. 


Allowable Subject Matter
Claims 1-12, 15-17, and 19-23 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments 
Based on an updated search, the Examiner located US 20180109554 A1 (Reddy et al.), which discloses a Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) mitigator that protects an IoT device by requiring that incoming data packets have a corresponding valid token, otherwise they’re discarded.  However, Reddy does not disclose “one or more switching nodes configured to handle all packets on the secure network along links comprising communication routes”, wherein the “reject any packet that does not have a currently valid pass” and wherein the pass is generated by “a passbuilder computing device” that is separate from the sender and receiver, i.e. rejecting every packet on the network that does not have a currently valid pass generated by a passbuilder computing device in the context of the claimed invention as a whole.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious the claimed invention as a whole, without the usage of impermissible hindsight reasoning.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491