DETAILED ACTION
This is a final office action issued in response to a request for communications received on 6/17/2021 and amendments received 2/01/2021.  Claims 1, 3-4, 6-8, 10-11, 13-15 and 18-20 were amended.  Claims 2 and 12 were cancelled.  New claim 21 was added.  Claims 1, 3-11 and 13-21 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant’s arguments regarding the rejection of claims 1, 3-11 and 13-21 under 103 have been considered, but are found unpersuasive.
Applicant’s remaining arguments filed 6/17/2021, with respect to the rejection of claims 1, 3-11 and 13-21 under 35 USC § 102 have been fully considered but are moot because newly cited prior art is used to reject the limitations argued by Applicant.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole 


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3-5, 10-11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Johnson (WO 2005/125128) and Zelle (US 4,942,574).
Land discloses the limitations of claim 1 substantially as follows:
	A network switch for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload , where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determine whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determine whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6, 10: determining whether destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link is reachable, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet)
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission (i.e. actual values) as permitted frame parameters for a data frame (i.e. first characteristic of the data packets) against a maximum frame size and prior sequence number (i.e. first reference values) required for the permitted frame parameters (i.e. for the first characteristic)); and 
responsive to determining (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. characteristic) is within the maximum frame size (i.e. corresponds to the reference value) and the sequence numbers (i.e. characteristic) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 1 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on [[an]] the error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address.
However, in the same field of endeavor Johnson discloses the limitations of claim 1 as follows:
packet comprising a header and payload, a source address and a destination address (pages 11, first two paras., page 15, fifth para., page 16, third para., Fig. 7: receiving a packet comprising a header and payload, where the header comprises a source and destination identifier that can be extracted from the header) ; 
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices (page 5, four paras. & page 33, Figs. 2-3: determining whether a source identifier corresponds to an approved node of a plurality of nodes on a deterministic network which is within range of an approved range of source identifiers) 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices, the second electronic device being different than the first electronic device (pages 5, fourth para., page 15, paras. 5-6, page 18, last para., page 20, first 4 paras., page 33, Figs. 2-3: determine whether the destination identifier or destination LID/address corresponds to an legal end node (i.e. second electronic device) of the plurality of nodes on the deterministic network, where the end node that is the destination is different from the node that is the source);  
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (page 5, first four paras., page 20, paras. 1-2: responsive to determining that the source identifier/address does not correspond to a node/electronic device within an allowed range of source identifiers or the destination identifier does not correspond to a port/entry of a node on a supported route of the deterministic network, discarding/dropping the packet);
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (page 3, fourth para., page 5, four paras.: comparing the values (i.e. actual values) of the partition key and source identifier (i.e. first characteristics) of the data packet against a partition value in the partition key table & range of approved source identifiers (i.e. first reference values) for the partition key (i.e. for the first characteristic) to determine whether the values (i.e. actual values) of the partition key and source identifier (i.e. for the first characteristics) corresponds to the partition value and approved range)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (page 3, paras. 2-4: responsive to verifying that the values (i.e. actual value) for the partition key and source identifier of the data packet corresponds to the partition value of the partition key table and range of approved source id’s (i.e. first reference values), then use the partition key to determine the service levels and determine whether the levels (i.e. actual value) of the service (i.e. second characteristic) to be provided for the data in the payload (i.e. of the one or more entries in the payload) correspond to authorized service levels (i.e. second reference value); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address (page 3, paras. 2-4:, page 4, sixth para., page 5, first para., page 11, third para: responsive to completing all authentication checks including determining that the level (i.e. actual value) of the service (i.e. second characteristic) corresponds to the authorized service levels, delivering the packet to the destination end node).
Johnson is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Johnson’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics are not transmitted by preventing data packets from 
	Neither Land or Johnson disclose the remaining limitations of claim 1 as follows:
the header including at least an error-detecting code;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 1 as follows:
the header including at least an error-detecting code; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Johnson and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Johnson and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 


Land discloses the limitations of claim 3 as follows:
The network switch of either of claims 1, 
wherein the first characteristic comprises how frequently the first electronic device transmits the data packet; and wherein the first reference value includes a threshold value defining how frequently the first electronic device is permitted to transmit the data packet (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. describing characteristic) as part of determining how frequently data packet is transmitted) and comparing the time interval with a permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames).

Regarding claim 4, Land, Johnson and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 4 as follows:
The network switch of claim 1, 
wherein the actual value of the first characteristic is an amount of time lapsing since the network switch last received the data packet from the first electronic device, and wherein the computing device(s) are further configured to reject the data packet when the actual value of the first characteristic is greater than a threshold value (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. actual value) as part of determining how frequently data packet is transmitted (i.e. describing characteristic)) and comparing the time interval with a permitted minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein when the time interval for the frame exceeds the bandwidth allocation gap are dropped) (see also Fountain, paras. [0061]-[0062]).

Regarding claim 5, Land, Johnson and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 5 as follows:
The network switch of claim 1,
wherein when a protocol for the deterministic network defines a time-division scheme comprising a first time slot for the first electronic device and a second time slot for the second electronic device, the computing device(s) are be configured to determine whether the data packet was transmitted during the first time slot (pp. 4, 6: virtual links over the deterministic network are time-division multiplexed (i.e. time-division scheme) such that a transmission time slot is assigned for originating and terminating  AFDX Avionics End systems (i.e. for first and second electronic devices), where the transmission time slot is within an assigned bandwidth allocation gap and determining whether the data frame is transmitted within the time slot/allocation gap).

	Regarding claim 10, Land discloses the limitations substantially as follows:
A method for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the method comprising: 
receiving, at a network switch of the deterministic network, a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload , where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determining, by the network switch, whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determining, by the network switch, whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6: determining destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission as permitted frame parameters for a data frame (i.e. characteristics of data packets) against a maximum frame size and prior sequence number (i.e. reference values) required for permitted frame parameters); and 
responsive to determining (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 10 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on [[an]] the error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address.

packet comprising a header and payload, a source address and a destination address (pages 11, first two paras., page 15, fifth para., page 16, third para., Fig. 7: receiving a packet comprising a header and payload, where the header comprises a source and destination identifier that can be extracted from the header) ; 
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices (page 5, four paras. & page 33, Figs. 2-3: determining whether a source identifier corresponds to an approved node of a plurality of nodes on a deterministic network which is within range of an approved range of source identifiers) 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices, the second electronic device being different than the first electronic device (pages 5, fourth para., page 15, paras. 5-6, page 18, last para., page 20, first 4 paras., page 33, Figs. 2-3: determine whether the destination identifier or destination LID/address corresponds to an legal end node (i.e. second electronic device) of the plurality of nodes on the deterministic network, where the end node that is the destination is different from the node that is the source);  
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (page 5, first four paras., page 20, paras. 1-2: responsive to determining that the source identifier/address does not correspond to a node/electronic device within an allowed range of source identifiers or the destination identifier does not correspond to a port/entry of a node on a supported route of the deterministic network, discarding/dropping the packet);
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (page 3, fourth para., page 5, four paras.: comparing the values (i.e. actual values) of the partition key and source identifier (i.e. first characteristics) of the data packet against a partition value in the partition key table & range of approved source identifiers (i.e. first reference values) for the partition key (i.e. for the first characteristic) to determine whether the values (i.e. actual values) of the partition key and source identifier (i.e. for the first characteristics) corresponds to the partition value and approved range)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (page 3, paras. 2-4: responsive to verifying that the values (i.e. actual value) for the partition key and source identifier of the data packet corresponds to the partition value of the partition key table and range of approved source id’s (i.e. first reference values), then use the partition key to determine the service levels and determine whether the levels (i.e. actual value) of the service (i.e. second characteristic) to be provided for the data in the payload (i.e. of the one or more entries in the payload) correspond to authorized service levels (i.e. second reference value); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address (page 3, paras. 2-4:, page 4, sixth para., page 5, first para., page 11, third para: responsive to completing all authentication checks including determining that the level (i.e. actual value) of the service (i.e. second characteristic) corresponds to the authorized service levels, delivering the packet to the destination end node).
Johnson is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Johnson’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics are not transmitted by preventing data packets from being transmitted until after all authentication checks on the data packet have been completed.
Neither Land or Johnson disclose the remaining limitations of claim 10 as follows:
the header including at least an error-detecting code;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 10 as follows:
the header including at least an error-detecting code; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Johnson and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Johnson and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

	Regarding claim 11, Land, Johnson and Zelle disclose the limitations of claim 10.
Land discloses the limitations of claim 11 as follows:
The method of claim 10, 
wherein the first characteristic comprises how frequently the first electronic device transmits the data packet; wherein the first reference value includes a threshold value defining how frequently the first electronic device is allowed to transmit the data packet, wherein the actual value for the first characteristic is equal to an amount of time lapsing since the network switch last received the data packet from the first electronic device, and wherein the method further comprises rejecting, by the network switch, the data packet when the actual value for the first characteristic is greater than the threshold value (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. actual value) as part of determining how frequently data packet is transmitted (i.e. describing characteristic)) and comparing the time interval of reception of the frame with a permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein the time interval equals the amount of time that has passed since the last transmission/frame received and dropping frames when the time interval exceeds the bandwidth allocation gap).

Regarding claim 18, Land discloses the limitations substantially as follows:
An aerial vehicle (p. 1: switch is part of an avionics system such as an airbus (i.e. aerial vehicle)) comprising: 
a deterministic communication network (p. 1: deterministic network); 
one or more electronic device communicatively coupled to the communication network (Figs. 1, 6: avionics endpoint systems); and 
a network switch communicatively coupled to the communication network, the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload , where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determine whether the source address corresponds to a first electronic device on the deterministic network (pp. 3- 6, Figs. 3, 6: receiving/determining from an originating AFDX source address of AFDX Avionics End system sending the packets over the virtual link); 
determine whether the destination address corresponds to a second electronic device on the deterministic network, the second electronic device being different than the first electronic device (pp. 3-6, Figs. 3, 6: determining destination addresses corresponding to the terminating AFDX Avionics End system to which the frames are sent over the virtual link, where the sending and receiving AFDX Avionics subsystems are different); 
responsive to determining the destination does not correspond to one of the plurality of electronic devices on the deterministic network, drop the data packet (p. 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to the first electronic device and the destination address corresponds to the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission as permitted frame parameters for a data frame (i.e. characteristics of data packets) against a maximum frame size and prior sequence number (i.e. reference values) required for permitted frame parameters); and 
responsive to determining (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 18 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on [[an]] the error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices on the deterministic network;
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet; 
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address.
However, in the same field of endeavor Johnson discloses the limitations of claim 18 as follows:
packet comprising a header and payload, a source address and a destination address (pages 11, first two paras., page 15, fifth para., page 16, third para., Fig. 7: receiving a packet comprising a header and payload, where the header comprises a source and destination identifier that can be extracted from the header) ; 
determine whether the source address corresponds to a first electronic device of a plurality of electronic devices (page 5, four paras. & page 33, Figs. 2-3: determining whether a source identifier corresponds to an approved node of a plurality of nodes on a deterministic network which is within range of an approved range of source identifiers) 
determine whether the destination address corresponds to a second electronic device of the plurality of electronic devices, the second electronic device being different than the first electronic device (pages 5, fourth para., page 15, paras. 5-6, page 18, last para., page 20, first 4 paras., page 33, Figs. 2-3: determine whether the destination identifier or destination LID/address corresponds to an legal end node (i.e. second electronic device) of the plurality of nodes on the deterministic network, where the end node that is the destination is different from the node that is the source);  
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (page 5, first four paras., page 20, paras. 1-2: responsive to determining that the source identifier/address does not correspond to a node/electronic device within an allowed range of source identifiers or the destination identifier does not correspond to a port/entry of a node on a supported route of the deterministic network, discarding/dropping the packet);
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (page 3, fourth para., page 5, four paras.: comparing the values (i.e. actual values) of the partition key and source identifier (i.e. first characteristics) of the data packet against a partition value in the partition key table & range of approved source identifiers (i.e. first reference values) for the partition key (i.e. for the first characteristic) to determine whether the values (i.e. actual values) of the partition key and source identifier (i.e. for the first characteristics) corresponds to the partition value and approved range)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (page 3, paras. 2-4: responsive to verifying that the values (i.e. actual value) for the partition key and source identifier of the data packet corresponds to the partition value of the partition key table and range of approved source id’s (i.e. first reference values), then use the partition key to determine the service levels and determine whether the levels (i.e. actual value) of the service (i.e. second characteristic) to be provided for the data in the payload (i.e. of the one or more entries in the payload) correspond to authorized service levels (i.e. second reference value); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address (page 3, paras. 2-4:, page 4, sixth para., page 5, first para., page 11, third para: responsive to completing all authentication checks including determining that the level (i.e. actual value) of the service (i.e. second characteristic) corresponds to the authorized service levels, delivering the packet to the destination end node).
Johnson is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Johnson’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics are not transmitted by preventing data packets from being transmitted until after all authentication checks on the data packet have been completed.
Neither Land or Johnson disclose the remaining limitations of claim 18 as follows:
the header including at least an error-detecting code;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code 
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 18 as follows:
the header including at least an error-detecting code; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Johnson and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Johnson and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

Claims 6-7, 13-14 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Johnson (WO 2005/125128) and Zelle (US 4,942,574), as applied to claim 18, further in view of Fountain (US 2014/0310354).
Regarding claims 6 and 20, Land, Johnson and Zelle disclose the network switch of claim 1 and the aerial vehicle of claim 18.

second characteristic comprises an approved range of values for the data.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claims 6 and 20 as follows:
second characteristic comprises an approved range of values for the data (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the destination addresses (i.e. second characteristic) for the data comprise an approved range of destination addresses)).
Fountain is combinable with Land, Johnson and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Johnson and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations). 

Regarding claim 7, Land, Johnson, Fountain and Zelle disclose the network switch of claims 1 and 6.

The network switch of claim 6, wherein the computing device(s) are further configured to reject the data packet when the actual value of the second characteristic falls outside the approved range of values (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2:: dropping/rejecting frames when the MAC value (i.e. actual value) of the destination address falls outside the range of authorized destination addresses).
The same motivation to combine utilized in claim 6 is equally applicable in the instant claim.

Regarding claim 13, Land, Johnson and Zelle disclose the limitations of claim 10.
Neither Land, Johnson or Zelle discloses the limitations of claim 13 as follows:
The method of claim [[12]] 11, wherein second characteristic comprises a range of allowable values for the data.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claim 13 as follows:
The method of claim [[12]] 11, wherein second characteristic comprises a range of allowable values for the data (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the destination addresses (i.e. second characteristic) for the data comprise an approved range of destination addresses)).


Regarding claim 14, Land, Johnson, Fountain and Zelle disclose the limitations of claims 10 and 13.
Fountain discloses the limitations of claim 14 as follows:
The method of claim 13, wherein the network switch is further configured to reject the data packet when the actual value for the second characteristic falls outside the range of allowable values (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2:: dropping/rejecting frames when the MAC value (i.e. actual value) of the destination address falls outside the range of authorized destination addresses).
The same motivation to combine utilized in claim 6 is equally applicable in the instant claim.


Land disclose the limitations of claim 19 as follows:
wherein the first characteristic comprises a preapproved destination address for the data packet (Land, pp. 3-4: all addresses for packets are predefined/preapproved), 
Neither Land, Johnson or Zelle disclose the remaining limitations of claim 19 as follows:
wherein the first reference value includes one or more destination addresses approved to receive the data packet, when the actual value for the first characteristic does not match the first reference value, the one or more computing device(s) are configured to reject the data packet  (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the authorized destination addresses (i.e. reference values) are authorized to receive the frame/packet and when the MAC address (i.e. actual value) for the MAC destination (i.e. first characteristic) does not match the authorized destination addresses (i.e. reference values), the computing devices do not route the frames (i.e. reject the packets)).  
However, in the same field of endeavor, Fountain teaches the remaining limitations of claim 19 as follows:
wherein the first reference value includes one or more destination addresses approved to receive the data packet, when the actual value for the first characteristic does not match the first reference value, the one or more computing device(s) are configured to reject the data packet  (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the authorized destination addresses (i.e. reference values) are authorized to receive the frame/packet and when the MAC address (i.e. actual value) for the MAC destination (i.e. first characteristic) does not match the authorized destination addresses (i.e. reference values), the computing devices do not route the frames (i.e. reject the packets)).  
Fountain is combinable with Land, Johnson and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Johnson and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations). 


Neither Land, Johnson or Zelle disclose the limitations of claim 21 as follows:
The network switch of claim 1, wherein the second characteristic comprises a data type of the one or more entries of the data included in the payload.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claim 21 as follows:
The network switch of claim 1, wherein the second characteristic comprises a data type of the one or more entries of the data included in the payload (Fountain, para. [0058]: checking message type ID of the payload to uniquely identify the data in the packet).
Fountain is combinable with Land, Johnson and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of comparing message type ID’s in the payload with the system of Land, Johnson and Zelle in order to provide additional methods for uniquely identifying and verifying the data transmitted in the data packets). 

Claims 8-9 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Johnson (WO 2005/125128) and Zelle (US 4,942,574), as applied to claims 1 and 10, further in view of Barron (US 2002/0210754) and Frattura (US 2010/0268933).

Land discloses the limitations of claims 8 and 15 as follows:
wherein the first electronic device is included within a first subnetwork of the deterministic network and the second electronic device is included within a second subnetwork of the deterministic network (Figs. 1, 6: originating AFDX End System is part of avionics subsystem on one side of the AFDX switch while the receiving AFDX End Systems are part of a different/second Avionics subsystem on the other side of the switch),
Neither Land, Johnson and Zelle discloses the limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, and wherein a portion of the data included in the payload of the data packet is classified as secret data.
However, in the same field of endeavor Barron discloses the remaining limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, (paras. [0017]-[0018]: communications with security transform device (i.e. first subnetwork) are for encrypted (i.e. data classified as secret) and unencrypted/non-secret data, while communications with nodes 102-104 (i.e. second subnetwork) are for unencrypted/non-secret data, while packets over the network with the security transform device are encrypted (i.e. portion of payload of packets is secret).
Barron is combinable with Land, Johnson and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Barron’s method of handling non-secret/unencrypted and secret/encrypted data with the system of Land, Johnson and Zelle in order to save resources and provide a means of providing different levels of security for packet data by not encrypting all packet data but rather only providing encryption of packet data when “encryption is desired” (Barron, para. [0018]). 
Neither Land, Fountain, Zelle or Barron disclose the remaining limitations of claims 8 and 15 as follows:
and wherein a portion of the data included in the payload of the data packet is classified as secret data (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
Frattura is combinable with Land, Johnson, Zelle and Barron because all five are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of determining portions of a payload that are secret or confidential with the system of Land, Johnson, Zelle and 

Regarding claim 9, Land, Johnson, Zelle, Barron and Frattura disclose the network switch of claim 1.
Frattura discloses the limitations of claim 9 as follows:
The network switch of claim 8, wherein the computing device(s) are configured to redact or obfuscate the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Johnson, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Regarding claim 16, Land, Johnson, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 16 as follows:
The method of claim 15, wherein the method further comprises redacting, by the one or more computing device(s) the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions comprise data considered to be secret, classified, confidential, privileged or private). 
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of redacting portions of payload with the system of Land, Johnson, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Regarding claim 17, Land, Johnson, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 17 as follows:
The method of either of claim 15 or 16, wherein the method further comprises obfuscating, by the one or more computing device(s), the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Johnson, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.


Conclusion 
For the above reasons, claims 1, 3-11 and 13-21 are rejected.
Prior art not relied upon but applied/considered includes:
1) Dull (Us 2005/0018693) discloses filtering and discarding packets based upon destination address of packets.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438