DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and rejected.

Claim Objections and Interpretations
Claim 15 objected to because of the following informalities:  the claim term “a circuit associate” has been considered as a typo and interpreted as “a circuit associated”.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1, 2, 4, 5, 7-9 and 11-20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over MUNGER et al. (U.S. PGPub 2013/0262587) in view of SULAIMAN et al. (U.S. PGPub 2015/0033347).
As per claims 1 and 11, 
MUNGER teaches a system for cyber secure communications, comprising: a source node (MUNGER see fig. 2 TARP terminal 100) configured to divide a message into a plurality of message fragments (MUNGER see para 0067, fig 3a, to construct a 
a destination node (fig. 2: "TARP terminal 110") configured to assemble the message fragments into the message based on the policy identification, the sequence number, and the fragment identifier (par. 48: "S44. If the packet is a decoy packet, the perishable decoy counter is incremented ... S47. Once all packets of an interleave window are received, the packets are deinterleaved ... S49. The decrypted block is then divided using the window sequence data and the IPT headers are converted into normal 
and a plurality of routes associated with the circuit identification, wherein the plurality of routes is each formed by a plurality of nodes that are connected directly or indirectly to the destination node, wherein different ones of the plurality of routes associated with the circuit identification are randomly selected for transmission of the plurality of message fragments from the source node to the destination node (MUNGER see para 0209, 0210, as shown in fig. 20, connection between ISPs is labeled to indicate a specific physical transmission path (AD is a physical path that links ISP A (element 2005) to ISP D) (element 2008), packets arriving at each edge router are selectively transmitted to one of the ISPs to which the router is attached on the basis of a randomly or quasi-randomly selected basis, as shown in fig. 21 computer 2001 or edge router 2003 incorporates a plurality of link transmission tables 2100 that identify, for each potential transmission path through the network, valid sets of IP addresses that can be used to transmit the packet, AD table 2101 contains a plurality of IP source/destination pairs that are randomly or quasi-randomly generated, When a packet is to be transmitted from first computer 2001 to second computer 2002, one of the link tables is randomly selected).
MUNGER fails to exclusively teach message fragment includes at least a circuit identification of a circuit and a plurality of routes associated with the circuit identification.
In a similar field of endeavor SULAIMAN teaches message fragment includes at least a circuit identification of a circuit and a plurality of routes associated with the circuit identification (SULAIMAN, see para 0041-0043 as shown in fig. 1, FIG. 1, in order for a 
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaches of MUNGER with the teaching of SULAIMAN, as doing so would provide an efficient method for client traffic identification in anonymous communication networks by guiding a network path selection algorithm to select from a set of relays (SULAIMAN see para 0012).

As per claims 2 and 12
MUNGER in view of SULAIMAN teaches the system of claim 1, wherein the destination node is configured to create a reply circuit for transmission of a reply 
As per claims 4 and 13
MUNGER in view of SULAIMAN teaches the system of claim 1, wherein only a part of the plurality message fragments includes message data (MUNGER see para 0017-0018, Decoy or dummy data can be added to a stream).

As per claims 5 and 14 
MUNGER in view of SULAIMAN teaches the system of claim 1, wherein the source node is configured to send a control message to each of the plurality of nodes along each of the plurality of routes to identify a sending node and a receiving node for each of the nodes along the associated route (SULAIMAN see para 0041, client OP tunnels through the circuit 15 to establish a session key 12 and extends the circuit (14, 15) to the middle node 9, or the middle onion router,  client OP further tunnels through the circuit 16 to reach the exit node 10, or the exit onion router, establishing a session key 13 and extends the circuit (14, 15, 16), the OP incrementally extends the circuit one 

As per claims 7 and 19 
MUNGER in view of SULAIMAN teaches the system of claim 1, wherein at least part of the plurality of message fragments include a message header containing the circuit identification, the sequence number, the fragment identifier, one or more flags, message content length, and message content (MUNGER see para 0078-0080 fig. 3b. All fields except for "message content length" are disclosed therein, the "message content length" is obvious to solve the problem of allowing variable length messages, TARP header IP.sub.T could be a completely custom header configuration which can include a message content length, "Decoy/Real" is a policy flag, )  

As per claims 8 and 20
MUNGER in view of SULAIMAN teaches the system of claim 7, wherein the one or more flags include at least one of a request flag, a reply flag, a checksum flag, a policy flag, and a cleanup flag (MUNGER see para 0078-0080, fig. 3b. All fields except for "message content length" are disclosed therein, the "message content length" is obvious to solve the problem of allowing variable length messages. "Decoy/Real" is a policy flag)


 	MUNGER in view of SULAIMAN teaches the system of claim 1, wherein each of the plurality of message fragments is validated according at least one of a policy flag and a checksum (MUNGER see para 0106-0116, The "decoy" flag impacts how the packet is reassembled, before handing it to the normal TCP/IP stack, which comprises checksum validation (IP header checksum)

As per claims 15
MUNGER in view of SULAIMAN teaches the method of claim 11, further comprising configuring a circuit associate with the circuit identification by randomly selecting a number of routes for the circuit from a specified range and selecting a random number of nodes and a sequence of nodes for each route in the circuit (SULAIMAN, see para 0041-0043 as shown in fig. 1, FIG. 1, in order for a client 5 to communicate with a server 6 anonymously over a Tor network 100, the client's 5 onion proxy (OP) obtains a list of Tor relays 7 from the directory server and randomly selects a pathway through the Tor relays 7, starting with the selection of an exit node 10, and ensuring that the exit policy is met, the client proxy establishes a session key 11 and a circuit 14 with the first node, also referred to as the entry node 8, the client OP tunnels through the circuit 15 to establish a session key 12 and extends the circuit (14, 15) to the middle node 9, or the middle onion router, the client OP further tunnels through the circuit 16 to reach the exit node 10, or the exit onion router, establishing a session key 

6.	Claim 3 is rejected under AIA  35 U.S.C. 103 as being unpatentable over MUNGER et al. (U.S. PGPub 2013/0262587) in view of SULAIMAN et al. (U.S. PGPub 2015/0033347) in view of Nainar et al. (U.S. PGPub 2017/0250908).
As per claim 3
MUNGER in view of SULAIMAN teaches the system of claim 1, yet fails to teach wherein the source node is configured to send a cleanup message to the destination node and the plurality of nodes along the plurality of routes remove routing information therefrom in response to the cleanup message.
In a similar field of endeavor Nainar teaches wherein the source node is configured to send a cleanup message to the destination node and the plurality of nodes along the plurality of routes remove routing information therefrom in response to the cleanup message (Nainar, see para 0055, The "Flag" field 212 is a 16-bit flag that includes a clean-up flag 220, a protected flag 222, and policy flags 224, which defines bits 4-6 as a type of first element after the segment list, bits 7-9 as a type of second element after the segment list, bits 10-12 as a type of third element after the segment list, and bits 13-15 as a type of fourth element after the segment list).


7	Claim 6 is rejected under AIA  35 U.S.C. 103 as being unpatentable over MUNGER et al. (U.S. PGPub 2013/0262587) in view of SULAIMAN et al. (U.S. PGPub 2015/0033347) in view of GOPALAN et al. (U.S. PGPub 2017/0093705).
As per claim 6
MUNGER in view of SULAIMAN teaches the system of claim 1, yet fails to teach wherein, in response to a deviation from a baseline latency in node-to-node communication involving at least one of the plurality of nodes, the at least one of the plurality of nodes is removed from the plurality of routes.
In a similar field of endeavor GOPALAN teaches wherein, in response to a deviation from a baseline latency in node-to-node communication involving at least one of the plurality of nodes, the at least one of the plurality of nodes is removed from the plurality of routes (GOPALAN, see para 0068, in step 418, the partial process continues with selecting the third path as one of the work path or the protect path if the first latency differential is less than the second latency differential. Next in step 420, the partial process concludes with selecting the fourth path as one of the work path or the protect path if the first latency differential is greater than the second latency differential).


As per claims 10
MUNGER in view of SULAIMAN teaches the system of claim 1, yet fails to exclusively teach wherein the source node, the destination node, and the plurality of nodes are different parts of a communications network for an electric power system.
In a similar field of endeavor Phatak teaches wherein the source node, the destination node, and the plurality of nodes are different parts of a communications network for an electric power system (Phatak, see para 0196, the routers, DNS servers, etc., form the control-plane of the Internet. The phrase "real-time systems" refers to the entities that control the electrical grid, (natural) gas distribution network, water supply network, etc. The critical commands to initiate high-impact actions (such as open/close flood gates of a dam or a valve in a high-pressure gas pipeline, etc.) must be run only from pre-authorized and secure locations. The system, method and apparatus of the present invention described above may be used to provide safeguards against subversion of critical infrastructures from remote site).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaches of MUNGER in view of SULAIMAN with the teaching of GOPALAN, as doing so would provide an efficient method for determining a first and second path from a first device to a second device based on path latency, removing from further consideration the first or the second path based on which has the highest path latency of the first and second path, 
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the teaches of MUNGER in view of SULAIMAN with the teaching of Phatak, as doing so would provide an efficient method for substantially harder for an adversary to bring-down an electrical grid by remotely hacking into the control plane (Phatak see para 0196).

Conclusion
9.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. This includes:
U.S. PGPub 2015/0172168 which teaches a method for path selection in an anonymity network;
U.S. PGPub 2020/0204522 which describes a method for routing based internet security;
U.S. PGPub 2017/0012942 which describes a method for Fabric-based anonymity management;
Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner Sanjoy Roy, whose telephone number is 571- 270-0675.   The examiner can normally be reached on Mon-Fri, 8am.-5pm. (EST). 	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SANJOY ROY/
Examiner, Art Unit 2457

/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2457