DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 08/26/2021.
Status of claims in the instant application as of 08/26/2021:
Claims 1-12, 14-17 and 19-20 are pending.
Claims 13 and 18 have been canceled.
No new claim has been added.
Claims 1, 15 and 20 have been amended.
EXAMINER’S AMENDMENT
Authorization for the following examiner’s amendment was given in an interview with Kelly G. Swartz (Attorney, Reg. No. 62,394) on 09/03/2021 and subsequent email communication. This amends claims filed by the Applicant on 08/26/2021.
---------------------------------- Start of Examiner’s Amendment -----------------------------------
The claims of the instant application are amended as follows:
Claim 1.	(Currently Amended)  A multi-level secure switch comprising:
a security enforcer logic chip configured to receive and transmit a plurality of data packets, each of the plurality of data packets having an associated security level, wherein the security enforcer logic chip comprises:
a plurality of data paths, wherein each of the plurality of data paths connects a single port of a plurality of ports of a switch chip to a single physical port of a plurality of physical ports;

a management processor configured to provide security parameters to the security enforcer logic chip; and
the plurality of physical ports, wherein each of the physical ports of the plurality of physical ports has an associated security threshold, wherein the plurality of physical ports are configured to send the plurality of data packets to and receive the plurality of data packets from the security enforcer logic chip; and
wherein the security enforcer logic chip is configured to prevent transmission of one of the plurality of data packets to one of the plurality of physical ports when the security level associated with the one of the plurality of data packets is incompatible with the security threshold associated with the one of the plurality of physical ports;
wherein the switch chip and the management processor are not in direct electronic communication with one another;
wherein the management processor comprises a rules engine adapted to provide security parameters to the security enforcer logic chip;
wherein the security enforcer logic chip is adapted to append a security tag, indicative of the security level, to each of the plurality of data packets;
wherein the security enforcer logic chip examines the security tag appended to each of the plurality of data packets received from the switch chip and provides each of the plurality of data packets to one of the plurality of physical ports only when the security tag of the data packet meets the security threshold associated with the physical port; 
wherein the security enforcer logic chip examines the security tag appended to each of the plurality of data packets received from the switch chip and drops each of the plurality of data packets when the security tag appended to the data packet does not meet the security threshold of the physical port to which the data packet is to be transmitted;
wherein the security enforcer chip is physically separate from the management processor; and
wherein each of the plurality of data paths of the security enforcer logic chip is isolated from every other data path of the plurality of data paths of the security enforcer logic chip.
Claim 2.	(Original)	The multi-level secure switch according to claim 0 further comprising a plurality of magnetic isolation transformers; and
wherein each of the plurality of magnetic isolation transformers is in electrical communication with only one of the plurality of physical ports.
Claim 3.	(Original)	The multi-level secure switch according to claim 0 wherein the switch chip is further configured to receive one of the plurality of data packets from the security enforcer logic chip and transmit the one of the plurality of data packets to a data path of the security enforcer logic chip associated with one of the plurality of physical ports.
Claim 4.	(Previously Presented)	The multi-level secure switch according to claim 0 wherein security enforcer logic chip verifies the security level of the one of the plurality of data packets is compatible with the security threshold associated with the one of the plurality of physical ports and wherein the security enforcer logic chip drops the one of the plurality of data packets when the security level of the one of the plurality of data packets is incompatible with the security threshold associated with the one of the plurality of physical ports.
Claim 5.	(Canceled)	
Claim 6.	(Canceled)	
Claim 7.	(Canceled)	
Claim 8.	(Currently amended) The multi-level secure switch according to claim  1 wherein the security threshold may be defined as accepting data packets associated with a single security level; and 
wherein the single security level may be configured by the rules engine.
Claim 9.	(Currently amended) The multi-level secure switch according to claim  1 wherein the security threshold may be defined as accepting data packets associated with a plurality of security levels; and 
wherein the single security level may be configured by the rules engine.
Claim 10.	(Canceled)
Claim 11.	(Currently amended) The multi-level secure switch according to claim  1 wherein the security enforcer logic chip strips the security tag appended to each of the plurality of data packets received from the switch chip prior to transmitting the data packet to the physical port. 
Claim 12.	(Currently amended) The multi-level secure switch according to claim  1 wherein the security enforcer logic chip retains the security tag appended to each of the plurality of data packets and transmits the security tag and the data packet to the physical port.
Claim 13.	(Canceled) 
Claim 14.	(Original) The multi-level secure switch according to claim 1 wherein the management processor is configured to receive one of the plurality of data packets only when the data packet is specifically designated for the management processor. 
Claim 15.	(Canceled) 
Claim 16.	(Currently Amended) The method for multi-level secure switching according to claim  21 wherein the switch further comprises a plurality of magnetic isolation transformers; and 
wherein each of the plurality of magnetic isolation transformers is in electrical communication with only one of the plurality of physical ports.
Claim 17.	(Currently Amended) The method for multi-level secure switching according to claim  21 wherein the management processor comprises a rules engine adapted to provide security parameters to the security enforcer logic chip.
Claim 18.	(Canceled)
Claim 19.	(Currently Amended) The method for multi-level secure switching according to claim  21 wherein the management processor is configured to receive one of the plurality of data packets only when the data packet is specifically designated for the management processor.
Claim 20.	(Previously Presented)	A multi-level secure switch comprising:
a security enforcer logic chip configured to receive a plurality of data packets, each having an associated security level, and to append a security tag, indicative of the security level, to each of the plurality of data packets, wherein the security enforcer logic chip comprises:
a plurality of data paths, wherein each of the plurality of data paths connects a single port of a plurality of ports of a switch chip to a single physical port of a plurality of physical ports;
the switch chip configured to interface with the security enforcer logic chip to receive one of the plurality of data packets and transmit the one of the plurality of data packets to one of a plurality of data paths of the security enforcer logic chip, wherein the switch chip dynamically routes each of the plurality of data packets received from the security enforcer logic chip to the associated data path of the security enforcer logic chip and the switch chip comprises the plurality of ports of the switch chip;
a management processor, having a rules engine adapted to provide security parameters to the security enforcer logic chip, configured to interface with the security enforcer logic chip, and configured to receive one of the plurality of data packets only when the data packet is specifically designated for the management processor; and
the plurality of physical ports, wherein each of the physical ports of the plurality of physical ports has an associated security threshold and each is configured to interface with one of the plurality of data paths; and
a plurality of magnetic isolation transformers;
wherein the security enforcer logic chip is adapted to examine the security tag of the one of the plurality of data packets received from the switch chip and provide the one of the plurality of data packets to one of the one of the plurality of physical ports only when the security tag of the data packet meets the security threshold associated with the one of the plurality of physical ports;
wherein the security enforcer logic chip examines the security tag of the one of the plurality of data packets received from the switch chip and drops the one of the plurality of data packets when the security tag of the data packet does not meet the security threshold associated with the one of the plurality of physical ports to which the data packet is to be transmitted;
wherein each of the plurality of magnetic isolation transformers is in electrical communication with only one of the plurality of physical ports;
wherein each of the plurality of paths is isolated from each of the other paths and each of the plurality of paths connects a single port of the switch chip with a single physical port;
wherein the switch chip and the management processor are not in direct electronic communication with one another; 
wherein the security enforcer chip is physically separate from the management processor; and
wherein each of the plurality of data paths of the security enforcer logic chip is isolated from every other data path of the plurality of data paths of the security enforcer logic chip.
Claim 21.	(New) A method for multi-level secure switching comprising:
obtaining a switch comprising a security enforcer logic chip configured to receive and transmit a plurality of data packets, each of the plurality of data packets having an associated security level, wherein the security enforcer logic chip further comprises a plurality of data paths, wherein each of the plurality of data paths connects a single port of a plurality of ports of a switch chip to a single physical port of a plurality of physical ports, the switch chip configured to send the plurality of data packets to and receive the plurality of data packets from the security enforcer logic chip, wherein the switch chip dynamically routes each of the plurality of data packets received from the security enforcer logic chip to the associated data path of the security enforcer logic chip and the switch chip comprises the plurality of ports of the switch chip, wherein the switch further comprises a management processor configured to provide security parameters to the security enforcer logic chip and wherein the management processor comprises a rules engine adapted to provide security parameters to the security enforcer logic chip and wherein the switch further comprises the plurality of physical ports, wherein each of the physical ports of the plurality of physical ports has an associated security threshold, wherein the plurality of physical ports are configured to send the plurality of data packets to and receive the plurality of data packets from the security enforcer logic chip, wherein the switch chip and the management processor are not in direct electronic communication with one another, and wherein the security enforcer chip is physically separate from the management processor; 
appending a security tag, indicative of the security level, to each of the plurality of data packets;
examining the security tag appended to each of the plurality of data packets received from the switch chip;
providing each of the plurality of data packets to one of the plurality of physical ports only when the security tag of the data packet meets the security threshold associated with the physical port;
preventing transmission of one of the plurality of data packets to one of the plurality of physical ports when the security level associated with the one of the plurality of data packets is incompatible with the security threshold associated with the one of the plurality of physical ports; and
isolating each of the plurality of data paths of the security enforcer logic chip from every other data path of the plurality of data paths of the security enforcer logic chip.
---------------------------------------- End Examiner’s Amendment ----------------------------------
Response to Arguments
Applicant’s arguments, see the remarks filed on 08/26/2021, with respect to various rejections of claims under 35 USC 103, have been fully considered in view of the claim amendments and further in view of Examiner’s Amendment above, and they are persuasive. Therefore, the claim rejections are withdrawn.

Allowable Subject Matter
Claims 1-4, 8-9, 11-12, 14, 16-17 and 19-21 as in the “Examiner’s Amendment” section above are allowed, but they renumbered as claims 1-14.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 08/26/2021 and that have been further amended in the Examiner’s Amendment section above. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
TAKAHASHI (PGPUB: US 20170075821 A1): TAKAHASHI discloses a system that includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.
Crosmer et al. (PAT: US 7676608 B1): Crosmer discloses a system for providing Multiple Independent Levels of Security (MILS) partitioning. The system includes a memory, a bus controller communicatively coupled to the memory via a memory bus, and a MILS controller communicatively coupled to the bus controller via a host-side bus, the MILS controller configured for monitoring and controlling system transactions. The system further includes a plurality of input/output (I/O) devices communicatively coupled to the MILS controller via a plurality of corresponding device-side buses. The system further includes a MILS separation kernel configured for mapping regions of the memory to a plurality of user partitions. Each I/O device included in the plurality of I/O devices is allocated to a partition included in the plurality of partitions and is isolated from MILS separation kernel space. The MILS separation kernel is configured for guaranteeing isolation of the partitions of the memory. The system further includes a processor connected to the bus controller via a processor front-side bus. The MILS controller is configured for extending MILS partitioning to the plurality of I/O devices.
Sutardja et al. (PGPUB: US 20130212670 A1): Sutardja discloses a physical layer device that includes memory, a memory control module, and a physical layer module. The memory control module is configured to control access to the memory. The physical layer module is configured to store packets in the memory via the memory control module. The physical layer module includes an interface configured to receive the packets from a network device via a network and an interface bus. The interface bus includes at least one of a control module and a regular expression module. The at least one of the control module and the regular expression module is configured to inspect the packets to determine a security level of the packets. A network interface is configured to, based on the security level, provide the packets to a device separate from the physical layer device.
Smith (PGPUB: US 20050097357 A1): Smith discloses a method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node.
This invention relates to the field of information network security, and more particularly relates to a method and apparatus for securing network communications through the use of a security label.
Maier (PAT: US 7388958 B1): Smith discloses a communication system is provided for distributing communications within the system while maintaining each communication at one of a plurality of different security levels. The system uses internal encryption to encode all data signals with an encryption which is specific to the security level of the particular data signal being encoded. The internal encryption is designed to segregate all data signals in the system and to maintain the segregated data signals compartmentalized while being transferred on data streams within the system via common media.
The present invention relates generally to communication systems, and more particularly to a communication system which enables distribution of multiple communications within the system while segregating and maintaining compartmentalization of each communication at one of a plurality of different security levels.


However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1, 20 and 21. Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAHABUB S AHMED/Examiner, Art Unit 2434

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434