PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov












BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/884,534
Filing Date: 31 Jan 2018
Appellant(s): Steve D. Millman



__________________
Jonathan N. Geld
Reg. No. 44,702
For Appellant


EXAMINER’S ANSWER



This is in response to the appeal brief filed on 03/31/2021 appealing from the office action mailed 12/08/2020.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 12/08/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
The following ground(s) of rejection are applicable to the appealed claims.
Claims 1, 3-11, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Khanna et al. (US 8,191,133; hereinafter "Khanna") in view of Gadde et al. (US 8,646,090; hereinafter "Gadde").

(2) Response to Argument
Issue #1:
Appellant’s assertion:
On pages 14-16 of the Appeal Brief, Appellant asserts that the purported combination of embodiments of Khanna with Gadde fails to teach a two-stage anti-replay check on packets in which the equivalent to the claimed scorecard is only updated on the second check of the two stage check [since] the cited portions of the references provide for updating the cited equivalent to the packet tracking scorecard both during the initial anti-replay check and the final anti-replay check. As a basis of the assertion, Appellant asserts that since Khanna’s “maintain single global anti-replay window” (see Block 310 in Khanna’s FIG. 3 below) and “advance global anti-replay window (see Block 440 in Khanna’s FIG. 4 below)” correspond to the “update scorecard” of claims 1 and 11 (hereinafter, “the claim”), Khanna updates the global anti-replay window at the time of packet receipt and prior to packet processing.
[AltContent: rect][AltContent: rect][AltContent: rect][AltContent: rect][AltContent: rect]
    PNG
    media_image2.png
    200
    301
    media_image2.png
    Greyscale
	
    PNG
    media_image3.png
    200
    384
    media_image3.png
    Greyscale

	           Khanna’s FIG. 3	      			        Khanna’s FIG. 4

Examiner’s Answer:
Khanna teaches a two-stage anti-replay check on packets
As cited in the Final Action, Khanna describes that 
Next, the process 300 pre-processes a received packet having a sequence number before packet processing using the single global anti-replay window (Block 320). Then, the process 300 processes the received packet (Block 330). This may include standard operations such as decrypting. Next, the process 300 post-processes the received packet after packet processing using the individual per-DSCP anti-replay windows (Block 340). (See col. 4, l. 62- col. 5, l. 2, emphasis added)

That is, the process 300 pre-processes a received packet (Block 320) before processing the received packet (Block 330), and then the process 300 post-processes the received packet after packet processing (Block 340). Here, pre-processing (Block 320) teaches an initial check of the claim; processing the received packet (Block 330) teaches packet processing of the 
[AltContent: textbox (◄ corresponding to packet processing of the claim)][AltContent: textbox (◄ corresponding to an initial check of the claim)][AltContent: textbox (◄ corresponding to a final check of the claim)]
    PNG
    media_image2.png
    200
    301
    media_image2.png
    Greyscale

				     Khanna’s FIG. 3

Interpretation of the limitation “update the scorecard” 
With respect to the limitation “update the scorecard”, the claim recites:  
… the scorecard representing packet sequence numbers for received packets … wherein the final check … determine if the current packet represents a replay packet based upon the packet sequence number for the current packet, and update the scorecard… (Emphasis added)

Also, the specification describes that 
During operation, the shared anti-replay unit 106 accesses and updates packet sequence numbers stored within a scorecard 110 that is managed by the shared anti-replay unit 106 for that packet flow. (See para. [0028], emphasis added)

Thus, the “update the scorecard” is interpreted as updating the scorecard for a (current) packet sequence number such that the current packet sequence number can be checked for a next packet. 

The “update the scorecard” is taught by “the sequence number is marked as received in the list 225” disclosed in Khanna

Based on the claim interpretation above, the “update the scorecard” is taught by “the sequence number is marked as received in the list 225” disclosed in Khanna.
In this regard, Khanna describes that 
The list 225 contains all the sequence numbers of packets that have been accepted with the global anti-replay window 210. Each time a packet is received, the QoS anti-replay 205 perform operations including pre-processing, processing (e.g., decrypting), and post-processing. The result of these operations is a decision to discard or accept the received packet. If it is accepted, its sequence number is stored in the list 225. (See col. 4, ll. 38-45, emphasis added)

If the sequence number SN is within the individual lowest and highest sequence numbers (ILSN and IHSN), the process 340 accepts the received packet (Block 650). Then, the process 340 marks the sequence number as received in the received sequence numbers (e.g., the list 225 shown in FIG. 2) (Block 655), and is then terminated. If the sequence number is higher than the individual highest sequence number, the process 340 accepts the received packet (Block 660). Then, the process 340 marks the sequence number as received in the received sequence numbers (e.g., the list 225 shown in FIG. 2) (Block 665). Next, the process 340 advances the individual per-DSCP window (Block 670) and is then terminated. (See col. 5, ll. 55-67, emphasis added)

When a packet is being post-processed, against the individual per-DSCP anti-replay windows, the sequence number is marked as received and the window is advanced according to normal mechanisms. (see col. 6, ll. 8-11, emphasis added)

Otherwise, the process 320 compares the sequence number with received sequence numbers in the single global anti-replay window (Block 530). Then, the process 320 determines if the sequence number matches with one of the received sequence numbers (Block 540). If so, the process 320 discards the packet (Block 550) and is then terminated. Otherwise, the process 320 is terminated. (See col. 5, ll. 32-39, emphasis added)

That is, Khanna describes that when the received (current) packet is acceptable, the process 340 marks (i.e., stores) the sequence number as received in the list 225 (within the 
Therefore, as stated in the Final action issued 12/08/2020, Khanna teaches “updating the scorecard is only performed during the final check” of the claim. 

Khanna’s “maintain” and “advance” have nothing to do with “update the scorecard” of the claim

Appellant asserts on pages 14-15 that Khanna’s description that single global anti-replay window is maintained prior to pre-processing, and the process 310 advances the single global anti-replay window by truncating the single global anti-replay window from a side toward the global lowest sequence number, means that Khanna updates its anti-replay check window when packages arrive, as well as subsequent to processing. 
In this regard, Khanna describes that 
A single global anti-replay window is maintained to have global lowest and highest sequence numbers for an Internet Protocol security (IPSec) security association (SA). … A received packet having a sequence number is pre-processed before packet processing using the single global anti-replay window. This is because the DSCP in the outer IP header of the received packet may not be trusted. (See col. 2, ll. 1-14, emphasis added)

Upon START, the process 310 maintains an individual per-DSCP anti-replay window for which at least one packet has been received for the IPSec SA (Block 410). (See col. 5, ll. 6-8, emphasis added)

Each of the N individual per-DSCP anti-replay windows 2201 to 220N may be constructed and maintained in the normal manner for the traditional anti-replay windows. An individual per-DSCP anti-replay window 220k (k=1, ... N) k and an individual highest sequence number (IHSN) 255k. (See col. 4, ll. 27-37, emphasis added)

If the sequence number SN is within the individual lowest and highest sequence numbers (ILSN and IHSN), the process 340 accepts the received packet (Block 650). Then, the process 340 marks the sequence number as received in the received sequence numbers (e.g., the list 225 shown in FIG. 2) (Block 655). (See col. 5, ll. 55-61, emphasis added)

That is, Khanna describes that the single global anti-replay window is maintained to have global lowest and highest sequence numbers, but does not describe that the process 310 marks a (current) sequence number as received in the list 225. In addition, the global lowest number (see 260 in Khanna’s FIG. 2) means a sequence number that has previously arrived, thus maintaining single global anti-replay window prior to pre-processing has nothing to do with marking the (current) packet sequence number in the list 225 as received. As such, the “single global anti-replay window is maintained” does not mean that “the sequence number is marked as received in the list 225” and therefore has nothing to do with the “update the scorecard” of the claim.
Also, Khanna describes that each of the N individual per-DSCP anti-replay windows may be constructed and maintained in the normal manner, and the process 310 maintains an individual per-DSCP anti-replay window for which at least one packet has been received for the IPSec SA. Thus, the “maintains an individual per-DSCP anti-replay window” should be understood as an individual per-DSCP anti-replay window is maintained as constructed for a service for which at least one packet has been received, but should not be construed to update a scorecard. Furthermore, Khanna describes that the process 340 (i.e., post-process) marks the sequence number as received in the received sequence numbers (e.g., the list 225) even when the sequence number SN is within the individual lowest and highest sequence numbers (ILSN and IHSN) thereby accepting the received packet (Block 650). Thus, maintaining an individual per-DSCP anti-replay window also has nothing to do with marking the (current) packet 
Khanna further describes that 
Otherwise, the process 310 advances the single global anti-replay window by truncating the single global anti-replay window from a side toward the global lowest sequence number (Block 440). (See col. 5, ll. 17-20, emphasis added)

That is, Khanna describes that the process 310 advances the single global anti-replay window toward the global lowest sequence number. Here, as stated above, the global lowest number is a sequence number that has previously arrived, thus, the global lowest number does not mean the current sequence number (to be marked as received).  Thus, the “advances the single global anti-replay window” should be understood as moving (i.e., advancing) the window by changing pointers or boundaries indicating a starting point and an end point of the window with leaving sequence numbers stored therein as are. As such, the “advances the single global anti-replay window” also does not mean “the sequence number is marked as received in the list 225”, and therefore, has nothing to do with the “updating the scorecard” for (current) packet sequence numbers.

Khanna does not explicitly describe that a (current) packet arrives at the process 310 

Appellant further asserts on page 15 that Khanna updates the global anti-replay window at the time of packet receipt and prior to packet processing. 
In this regard, Khanna does not explicitly describe that a (current) packet arrives at the process 310 (i.e., Block 310). In addition, Appellant also does not show a concrete basis that the (current) packet arrives at the process 310 (i.e., Block 310). Thus, Appellant’s assertion that Khanna updates the global anti-replay window at the time of packet receipt does not have a basis. Rather, Khanna describes that 
Each time a packet is received, the QoS anti-replay 205 perform operations including pre-processing, processing (e.g., decrypting), and post-processing. (See col. 4, ll. 40-42, emphasis added)

[AltContent: textbox (A current packet arrives at this time point ► )]
    PNG
    media_image2.png
    200
    301
    media_image2.png
    Greyscale

		       Khanna’s FIG. 3
In other words, Khanna describes that each time a packet is received, the QoS anti-replay 205 perform pre-processing, processing, and post-processing, which means that the (current) packet arrives either after Block 310 or at Block 320 as illustrated in the figure above. Thus, since the Block 310 (i.e., maintain and advance windows) is not related to the current packet, the Block 310 should be understood as a step for initializing or constructing the windows, or holding or maintaining a previous state relating to packets that have previously arrived. In other words, because the process 310 occurs prior to any (current) packet being received, the maintaining and advancing windows (i.e., the Block 310) has nothing to do with the “updating the scorecard” for (current) packet sequence numbers.
Therefore the examiner contends that the rejection of the claim under Khanna in view of Gadde should be sustained for the same reasons shown above with respect to Issue #1.

Issue #2:
Appellant’s assertion:
On pages 16-18 of the Appeal Brief, Appellant asserts that the purported combination of embodiments of Khanna with Gadde fails to teach the second window of packet sequence numbers within the scorecard being larger than and including the first window. As a detailed reason, Appellant asserts that the suggested combination of the windows of Khanna and the extended window of Gadde is contrary to the Khanna’s definition of the windows that the single global anti-replay window is larger than or equal to the size of each DSCP group window.

Examiner’s Answer:
Khanna’s single global anti-replay window would be modified to have an extended window as taught by Gadde

The claim recites, in part:
access the scorecard for an initial check, wherein the initial check … 
determine … a late packet, and 
determine … a replay packet …; and 
access the scorecard for a final check, wherein the final check … 
	determine … a replay packet;
…
wherein the initial check is based upon a first window of packet sequence numbers within the scorecard; 
wherein the final check is based upon a second window of packet sequence numbers within the scorecard; and 
wherein the second window is larger than and includes the first window. (Emphasis added)

[AltContent: textbox ( ◄ a first window for the initial check)][AltContent: textbox ( ◄ a second window the final check)] 	
    PNG
    media_image4.png
    184
    256
    media_image4.png
    Greyscale

				FIG. 2 of the claimed invention 

In this regard, Khanna describes that 
the process 300 pre-processes a received packet having a sequence number before packet processing using the single global anti-replay window (Block 320). (See col. 4. ll. 54-66, emphasis added) 

the process 320 determines if the sequence number of the received packet is lower than the global lowest sequence number (Block 520). …  Otherwise, the process 320 compares the sequence number with received sequence numbers in the single global anti-replay window (Block 530). Then, the process 320 determines if the sequence number matches with one of the received sequence numbers (Block 540). (See col. 5, ll. 26-39, emphasis added)

Here, Khanna’s pre-processing teaches an initial check of the claim; Khanna’s the single global anti-replay window teaches a first window of the claim; determining if the sequence number of the received packet is lower than the global lowest sequence number (Block 520) teaches determining a late packet of the claim; and determining if the sequence number 
[AltContent: textbox (◄ corresponding to a first window for the initial check)][AltContent: rect][AltContent: rect]
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale

Khanna’s FIG. 2 	
Khanna also describes that
the process 300 post-processes the received packet after packet processing using the individual per-DSCP anti-replay windows (Block 340). (See col. 4. l. 59 – col. 5, l. 2, emphasis added)
Here, Khanna’s post-processing teaches a final check of the claim; and Khanna’s individual per-DSCP anti-replay windows corresponds to a second window. However, Khanna is silent about a replay packet in the post-processing. 
[AltContent: textbox (◄ corresponding to a second window for the initial check)][AltContent: arrow][AltContent: rect][AltContent: rect]       
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale

Khanna’s FIG. 2 	
Meanwhile, Gadde describes that 
If the IPSec sequence number of the packet falls to the left of IPSec anti-replay check window 504, the packet may be discarded (block 706). To determine whether the IPSec sequence number falls to the left of IPSec anti-replay check window 504, the lowest number in the range of the IPSec anti-replay check window 504 may be compared to the IPSec sequence number of the packet. … If the IPSec sequence number of the packet falls in original window 618 and the original window indicates that the IPSec sequence number of the packet has not been detected previously, the packet may be accepted (block 708). (See col. 7, ll. 44-57, emphasis added)
That is, Gadde determines if the packet falls to the left of IPSec anti-replay check window 504 in Block 706 (i.e., a late check) and determines if the packet falls in original window 618 in Block 708 (i.e., a replay check), which respectively corresponds to determining a late packet and determining a replay packet performed in the initial check of the claim. Here, the original window 618 corresponds to the first window of the claim.
[AltContent: rect][AltContent: rect][AltContent: rect][AltContent: rect][AltContent: rect][AltContent: rect]
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
    
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale

   Gadde’s FIG. 6 					Gadde’s FIG. 7 
Gadde also describes that
At block 712, if the IPSec sequence number of the packet falls within extended window 620, the corresponding bit in the extended window 620 may be examined to determine if the packet is a replay packet. If the bit in IPSec anti-replay check window 504 is set to a value (“1”) that indicates that the IPSec sequence number of the packet has been detected previously, the packet may be identified as a replay packet. (See col. 8, ll. 22-30, emphasis added)

That is, Gadde determines if the packet falls within the extended window 620 in Block 710 (i.e., a replay check), which corresponds to determining a replay packet performed in the final check of the claim. Here, the IPSec anti-replay check window 504 which includes the original window 618 and the extended window 620 corresponds to the second window of the claim.
size of the single global anti-replay window 210 may be configurable.” (See col. 4, ll. 19-20, emphasis added)
Gadde also describes that
In order to avoid dropping packets unnecessarily during anti-replay checks, process 700 may employ extended window 620 and ASN register 506. With extended window 620, even if a processor finishes an anti-replay check on packet 165 and advances IPSec anti-replay check window 504 from range [100, 163] to new range [102, 165], packet 100 may still fall within extended window 620. If the packet does fall within extended window 620, packet 100's ASN may be checked to determine if packet 100 has arrived at security device 104 before packet 165. If packet 100 has arrived before packet 165, packet 100 may be accepted. This would make the SMP system behavior as same as that for a single-processor system. (Gadde, col. 1, ll. 26-48).
That is, Gadde describes that the extended window 620 is employed in order to avoid dropping packets unnecessarily during anti-replay checks. Thus, as stated in the Final Action, Khanna’s single global anti-replay window can be modified to adopt the extended window (as either a second window instead of the individual per-DSCP anti-replay windows, or additional second window in addition to the individual per-DSCP anti-replay windows), as taught by Gadde, in order to retain valid packets by determining if the sequence number of the received packet falls within the extended window (i.e., for a replay check).
Khanna in view of Gadde teaches the claimed feature “wherein the second window is larger than and includes the first window” 
As illustrated in the figure below, Khanna’s single global anti-replay window would be modified to have the extended window, as taught by Gadde, such that the extended window of Gadde is contiguously extended to the single global anti-replay window of Khanna either instead of the individual per-DSCP anti-replay windows or in addition to the individual per-DSCP anti-replay windows. By the suggested modification, Khanna’s single global anti-replay window teaches the first window of the claim; and the combined single global anti-replay window and extended window teaches the second window of the claim. As such, “the single global anti-single global anti-replay window” (i.e., first window), which teaches “the second window is larger than and includes the first window” of the claim.
[AltContent: ][AltContent: rect][AltContent: ][AltContent: ][AltContent: rect]
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
    
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale


   Khanna’s FIG. 2 				    Gadde’s FIG. 6

The combination is not contrary to the Khanna’s definition of the windows
For example, assuming that Khanna’s single global anti-replay window is be modified to have the extended window in addition to the individual per-DSCP anti-replay windows as illustrated in the figure above, the individual per-DSCP anti-replay windows is still within the single global anti-replay window. Thus, the combination is not contrary to the Khanna’s definition of the windows. Also, Khanna’s process 340 can perform the post-process (in addition to or instead of checking the sequence number of the received packet in the individual per-DSCP window) to determine if the sequence number of the received packet falls within the extended window (i.e., for a replay check). Thus, Appellant’s assertion that the suggested 
For the above reasons, it is believed that the rejections of claims 1 and 11 should be sustained.

Respectfully submitted,
/WANSIK YOU/
Examiner, Art Unit 2491

Conferees:

/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491                                                                                                                                                                                                        

Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.