DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-19 are pending.

Priority
Acknowledgement is made of applicant's claim for priority based on application PCT/CN2018/084849 filed on 04/27/2018 and application CN201710381240.4 filed on 05/25/2017.
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file. 

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a control device configured to obtain…, send…, receive…” and “the verification device is configured to receive…, perform…” in claims 7-12.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Objections
Claims --3, 6, and 15 are objected to because of the following informalities:  
“the second sequence number is marked” in line 31 of claim 3 should read “the second sequence number is marked;”.
“enables a verification device” in line 52 of claim 3 should read “enables the verification device”.
“wherein si is a sequence number i and sj are respectively a sequence number i and a sequence number j” in line 13 of claim 6 should read “wherein si j are respectively a sequence number i and a sequence number j”.
“the first data packet;” in claim 15 should read “the first data packet.”.
Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 3, 5, 7, and 13-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Naous (Verifying and enforcing network paths with icing) (previously cited in Applicant’s IDS)

Claim 1, Naous discloses A data packet sending method, implemented by a network device, wherein the network device is one of a plurality of intermediate network devices on a path, and wherein the data packet sending method comprises: 
receiving, a first data packet from a first device, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) wherein a first packet header of the first data packet comprises: 
a first sequence number marker sequence, wherein the first sequence number marker sequence comprises a plurality of sequence number markers arranged in order, wherein a first sequence number marker in the first sequence number marker sequence to a last sequence number marker in the first sequence number marker sequence respectively record whether a first sequence number to a last sequence number in an available sequence number sequence are marked, wherein a first plurality of sequence numbers in the available sequence number sequence is arranged in order, and wherein the first plurality of sequence numbers comprises a second plurality of sequence numbers of the intermediate network devices; (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
a first position marker sequence, wherein the first position marker sequence comprises a plurality of position markers arranged in order, wherein a first position marker in the first position marker sequence to a last position marker in the first position marker sequence respectively record whether a first sequence number in a position sequence number sequence to a last sequence number in the position sequence number 552475-v3/4747-169003Atty. Docket No. 4747-16900 (85360764US04) sequence are marked, wherein the position sequence number sequence comprises the second plurality of sequence numbers and a second sequence number of a pseudo device, wherein the second plurality of sequence numbers is arranged in the position sequence number sequence in an order of the intermediate network devices on the path in a sending direction of the first data packet, and wherein the first position marker sequence records that the second sequence number is marked; (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
.  Note that pseudo device covers a device with an assumed id as opposed to manufactured (real) id)
a first accumulated value; and(e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
a verification value, wherein the verification value 
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
obtaining a second data packet after the receiving, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) wherein a second packet header of the second data packet comprises a second sequence number marker sequence, (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
a second position marker sequence, (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
) a second accumulated value, (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
and the verification value; and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
sending the second data packet to a second device. (e.g. figs. 1, 2, 3, 5, 6, 2.6 Packet creation and proofs of provenance (PoPs), 3.1 Creating a packet: Given these PoCs, the sender calls INITIALIZE (Figure 6), which creates a verifier Vj for each other node j on the path. The sender initializes Vj with Aj (which binds the PoCj to the packet contents) and PoP0,j; given this Vj, a downstream node can verify that the packet’s path is approved by its consent server and that the packet has been created by the packet’s purported sender)

Claim 3, Naous discloses A network device, wherein the network device is one of a plurality of intermediate network devices on a path, a data packet is used by a verification device to perform path verification after being transferred through the path, and wherein the network device comprises: a non-transitory memory storing instructions; and a processor coupled to the non-transitory memory and configured to execute the instructions to cause the computing network device to: 
receive a first data packet from a first device, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) wherein a first packet header of the first data packet comprises: 
a first sequence number marker sequence, wherein the first sequence number marker sequence comprises a plurality of sequence number markers arranged in order, wherein a first sequence number marker in the first sequence number marker sequence to a last sequence number marker in the first sequence number marker sequence respectively record whether a first sequence number to a last sequence number in an available sequence number sequence are marked, wherein a first plurality of sequence numbers in the available sequence number sequence is arranged in order, and wherein the first plurality of sequence numbers comprises a second plurality of sequence numbers of the intermediate network devices; (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
a first position marker sequence, wherein the first position marker sequence comprises a plurality of position markers arranged in order, wherein a first position marker to a last position marker in the first position marker sequence respectively record whether a first sequence number to a last sequence number in a position sequence number sequence are marked, wherein the position sequence number sequence comprises the second plurality of sequence numbers and a second sequence number of a pseudo device, wherein the second plurality of sequence numbers is arranged in the position sequence number sequence in an order of the intermediate network devices on the path in a sending direction of the first data packet, and wherein the first position marker sequence records that the second sequence number is marked (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
.  Note that pseudo device covers a device with an assumed id as opposed to manufactured (real) id)
a first accumulated value; and (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
a verification value, wherein the verification value enables a verification device to perform path verification; (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)	
obtain a second data packet, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes)  wherein a second packet header of the second data packet comprises a second sequence number marker sequence; (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
obtain each of a second position marker sequence, (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
) a second accumulated value, (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
and the verification value; and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
send the second data packet to a second device. (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes)  

Claim 5, Naous discloses A control device, wherein the control device is configured to communicate with a verification device through a path, and wherein the control device comprises: a non-transitory memory storing instructions; and a processor coupled to the non-transitory memory and configured to execute the instructions to cause the control device to: 
obtain a sequence number marker sequence, wherein the sequence number marker sequence comprises a plurality of sequence number markers arranged in order, wherein a first sequence number marker in the sequence number marker sequence to a last sequence number marker in the sequence number marker sequence respectively record whether a first sequence number in an available sequence number sequence to a last sequence number in the available sequence number sequence are marked, wherein a first plurality of sequence numbers in the available sequence number sequence is arranged in order, and wherein the first plurality of sequence numbers comprises a second plurality of sequence numbers of a plurality of intermediate network devices; and (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
obtain a position marker sequence, wherein the position marker sequence comprises a plurality of position markers arranged in order, wherein a first position marker in the position marker sequence to a last position marker in the position marker sequence respectively record whether a first sequence number in a position sequence number sequence to a last sequence number in the position sequence number sequence are marked, wherein the position sequence number sequence comprises the second plurality of sequence numbers and a second sequence number of a pseudo device, wherein the second plurality of sequence numbers is arranged in the position sequence number sequence in an order of the intermediate network devices on the path in a direction from the control device to the verification device, and wherein the position marker sequence records that the second sequence number is marked; (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
 Note that pseudo device covers a device with an assumed id as opposed to manufactured (real) id)
obtain an accumulated value of the second sequence number (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
) and a verification value based on the position sequence number sequence; and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
send a data packet to a network device, wherein the network device is a first intermediate network device of the intermediate network devices on the path in the direction from the control device to the verification device, wherein a packet header of the data packet comprises the sequence number marker sequence, the position marker sequence, the accumulated value of the second sequence number, and the verification value, and wherein the verification value enables the verification device to perform path verification. (e.g. figs. 1, 2, 3, 5, 6, 2.6 Packet creation and proofs of provenance (PoPs), 3.1 Creating a packet: Given these PoCs, the sender calls INITIALIZE (Figure 6), which creates a verifier Vj for each other node j on the path. The sender initializes Vj with Aj (which binds the PoCj to the packet contents) and PoP0,j; given this Vj, a downstream node can verify that the packet’s path is approved by its consent server and that the packet has been created by the packet’s purported sender)

Claim 7, Naous discloses A network system, comprising: 
a plurality of intermediate network devices comprising a first network device; (e.g. 2.1 Architecture and components: the sender first chooses a path of nodes)
a verification device coupled to the intermediate network devices; and (e.g. 2.1 Architecture and components: the sender first chooses a path of nodes, as a packet travels through the network, each node verifies that the packet is following its approved path)
a control device configured to: (e.g. 2.1 Architecture and components: the sender creates and sends the packet to the first ICING node)
communicate with the verification device through a path, (e.g. 2.1 Architecture and components: the sender creates and sends the packet to the first ICING node, as a packet travels through the network, each node verifies that the packet is following its approved path)
obtain a first sequence number marker sequence, wherein the first sequence number marker sequence comprises a plurality of sequence number markers arranged in order, wherein a first sequence number marker in the first sequence number marker sequence to a last sequence number marker in the first sequence number marker sequence respectively record whether a first sequence number in an available sequence number sequence to a last sequence number in the available sequence number sequence are marked, wherein a first plurality of sequence numbers in the available sequence number sequence is arranged in order, and wherein the first plurality of sequence numbers comprises a second plurality of sequence numbers of the intermediate network devices; (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]
 
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
 

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
)
obtain a first position marker sequence, wherein the first position marker sequence comprises a plurality of position markers arranged in order, wherein a first position marker in the first position marker sequence to a last position marker in the first position marker sequence respectively record whether a first sequence number in a position sequence number sequence to a last sequence number in the position sequence number sequence are marked, wherein the position sequence number sequence comprises the second plurality of sequence numbers and a second sequence number of a pseudo device, wherein the second plurality of sequence numbers is 552475-v3/4747-1690013Atty. Docket No. 4747-16900 (85360764US04) arranged in the position sequence number sequence in an order of the intermediate network devices on the path in a direction from the control device to the verification device, and wherein the first position marker sequence records that the second sequence number is marked; (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
 Note that pseudo device covers a device with an assumed id as opposed to manufactured (real) id)
obtain a first accumulated value (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
) and a verification value based on the position sequence number sequence; and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
send a first data packet to the first network device, wherein the first network device is a first intermediate network device of the intermediate network devices in the direction from the control device to the verification device, wherein a packet header of the first data packet comprises the first sequence number marker sequence, the first position marker sequence, the first accumulated value, and the verification value; (e.g. figs. 1, 2, 3, 5, 6, 2.6 Packet creation and proofs of provenance (PoPs), 3.1 Creating a packet: Given these PoCs, the sender calls INITIALIZE (Figure 6), which creates a verifier Vj for each other node j on the path. The sender initializes Vj with Aj (which binds the PoCj to the packet contents) and PoP0,j; given this Vj, a downstream node can verify that the packet’s path is approved by its consent server and that the packet has been created by the packet’s purported sender)
wherein each of the intermediate network devices is configured to: (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet)
receive a second data packet from an upstream device that is a previous device of each of the intermediate network devices on the path in the direction from the control device to the verification device, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) wherein a packet header of the second data packet comprises: 
a second sequence number marker sequence, wherein the second sequence number marker sequence comprises a plurality of sequence number markers arranged in order, wherein a first sequence number marker in the second sequence number marker sequence to a last sequence number marker in the second sequence number marker sequence respectively records whether the first sequence 552475-v3/4747-1690014Atty. Docket No. 4747-16900 (85360764US04) number in the available sequence number sequence to the last sequence number in the available sequence number sequence are marked; (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]
 
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
 

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
)
a second position marker sequence, wherein the second position marker sequence comprises a plurality of position markers arranged in order, and wherein a first position marker to a last position marker in the second position marker sequence respectively record whether the first sequence number to the last sequence number in the position sequence number sequence are marked;  (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
)
a second accumulated value; and (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
the verification value; (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
obtain a third data packet, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) wherein a packet header of the third data packet comprises: 
a third sequence number marker sequence obtained by recording, in the second sequence number marker sequence, that a sequence number of each of the intermediate network devices is marked, 552475-v3/4747-1690015Atty. Docket No. 4747-16900 (85360764US04)(e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )
a third position marker sequence obtained by recording, in the second position marker sequence, that the sequence number of each intermediate network device is marked; (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
)
a third accumulated value, wherein the third accumulated value is based on the second sequence number marker sequence, the second position marker sequence, and the second accumulated value; and (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)
 the verification value, and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
send the third data packet to a downstream device, wherein the downstream device is an immediately adjacent device of each of the intermediate network devices on the path in the direction from the control device to the verification device and (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes)
wherein the verification device is configured to: 
receive a fourth data packet from a second network device, wherein the second network device is a last intermediate network device of the intermediate network devices on the path in the direction from the control device 552475-v3/4747-1690016Atty. Docket No. 4747-16900 (85360764US04)to the verification device, (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes) and wherein a packet header of the fourth data packet comprises a fourth accumulated value (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
) and the verification value; and (e.g. figs. 2, 3, 5, 2.5 Proofs of consents (PoCs), 2.6 Packet creation and proofs of provenance (PoPs), 2.7 Packet processing: Verification and forwarding:
    PNG
    media_image5.png
    200
    400
    media_image5.png
    Greyscale
,
    PNG
    media_image6.png
    200
    400
    media_image6.png
    Greyscale
 and/or 
    PNG
    media_image7.png
    200
    400
    media_image7.png
    Greyscale
)
perform path verification based on the fourth accumulated value and the verification value. (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes)

Claim 13, Naous discloses The data packet sending method of claim 1, further comprising obtaining the second sequence number marker sequence by recording, in the first sequence number marker sequence, that a third sequence number of the network device is marked. (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )

Claim 14, Naous discloses The data packet sending method of claim 13, further comprising obtaining the second position marker sequence by recording, in the first position marker sequence, that the third sequence number is marked. (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
)

Claim 15, Naous discloses The data packet sending method of claim 1, further comprising sending the first data packet to the verification device for path verification after receiving the first data packet; (e.g. fig. 7, 2.7 Packet processing: verification and forwarding, 3.2 Forwarding and receiving a packet: Each node that receives the packet does the following:…For each upstream node in the path:…For each downstream node in the path:.. On receiving a packet, a node Ni with index i in the packet’s path processes it according to the pseudocode in Figure 7. The node must ensure that Path Consent and Path Compliance (Section 2.2) are met for each packet that it passes)

Claim 16, Naous discloses The data packet sending method of claim 1, further comprising obtaining the second accumulated value based on the first sequence number marker sequence, the first position marker sequence, and the first accumulated value. (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)

Claim 17, Naous discloses The network device of claim 3, wherein the instructions further cause the network device to obtain the second sequence number marker sequence by recording, in the first sequence number marker sequence, that a third sequence number of the network device is marked. (e.g. figs. 2, 3, 5, 2.4 Naming: A path is a list of <nodeID, tag> pairs. The tag identifies a specific set of local actions that a node performs on packets with this tag, tag0 [4 bytes] … tagn [4 bytes]

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale
     )

Claim 18, Naous discloses The network device of claim 17, wherein the instructions further cause the network device to obtain the second position marker sequence by recording, in the first position marker sequence, that the third sequence number of the network device is marked. (e.g. figs. 2, 3, 5:  2.4 Naming: Each ICING node assigns itself an identifier, called a node ID, that is a unique public key, Node ID (N0) [20 bytes] … Node ID (Nn) [20 bytes] 
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale
)

Claim 19, Naous discloses The network device of claim 3, wherein the instructions further cause the network device to obtain the second accumulated value based on the first sequence number marker sequence, the first position marker sequence, and the first accumulated value. (e.g. figs. 2, 3, 5, 2.7 Packet processing: Verification and forwarding, 3 Design details of ICING: As illustrated in Figure 2, the PoC and the PoPs that a node inspects in steps 1–3 above are XORed together in an aggregate MAC, the PoC—more precisely, an authenticator derived from it—and PoPs are aggregated into a constant-length verifier (Vi.proof).      

    PNG
    media_image4.png
    200
    400
    media_image4.png
    Greyscale
)

Allowable Subject Matter
Claims 2, 4 and 8-12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 6 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome the objection set forth above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20160315921 discloses A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.


US 20140198791 discloses an apparatus and method for processing a packet for routing and verifying a path in a domain. The apparatus for processing the packet includes an authentication processing unit configured to authenticate a transmission path of a packet in a corresponding node inside a domain; and a transmission processing unit configured to verify whether or not authentication has been performed such that a reception packet passes through the corresponding node and whether or not the packet has passed through an immediately previous node that is passed through along the transmission path and transmit the packet.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436