Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
In the correspondence filed on December 06 2018, claims 1-20 are currently pending for examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
          Claim 10 recites “At least one computer-readable medium …”, the term “computer-readable medium” is not limited to a statutory subject matter.  As evidenced by applicants own disclosure, in specification, par0076-0077, recites as follows: “…A computer-readable medium may include a non-transitory storage medium to store logic… a computer-readable medium may include a non-transitory storage medium to store or maintain instructions… ”, the claimed computer-readable medium is not limited to a statutory subject matter.  
In view of the above; applicant has provided antecedent basis for the claim terminology “computer-readable medium”.  Applicant has provided intrinsic evidence of the embodiment, which is non-statutory transitory signals, intended to be covered within the meaning.
Note that signal claims are not directed to a process since they do not cover an act or series of acts. No part of the signal is a mechanical “device” or “part”. A 
In view of the above analysis, claim 10 is ineligible for patent protection as failing to be limited to embodiments which fall within a statutory category.
Claims 11-17 are rejected under 35 U.S.C. 101 for similar reason as independent claim 10. Claims 11-17 are directed to non-statutory subject matter for being dependent on rejected claim 10, and the claims recite the “computer-readable medium” as in claim 10.  


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.


Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.  

Considering objective evidence present in the application  indicating obviousness or nonobviousness.  
Claims 1, 8 - 10, 17 - 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo et al. (US20170289068A1) hereinafter Palermo in view of Kavanagh (US20030081607A1) hereinafter Kavanagh. 
As per claim 1.  A system comprising: at least one memory and
at least one processor communicatively coupled to the at least one memory,  (Palermo, par0020 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113).
wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
fast path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
determine if a packet, provided for transmission, includes a faster path tag, (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path).
in response to the packet including the faster path tag, permit the packet to progress. (Palermo, par0061 teaches if the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo does not explicitly discloses verify that the packet has an expected context, in response to verification of the packet.
          Kavanagh however discloses verify that the packet has an expected context, in response to verification of the packet. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           verify that the packet has an expected context, in response to verification of the packet, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

As per claim 8.  Palermo and Kavanagh disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
fast path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
perform non-faster path packet processing in response to the packet not including a faster path tag. (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch [perform non-faster path packet processing in response to the packet not including a faster path tag], as depicted by a block 912).

As per claim 9.  Palermo and Kavanagh disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
          Palermo does not explicitly discloses in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a faster transmit path associated with the packet.
          Kavanagh however discloses in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a faster transmit path associated with the packet. (Kavanagh, par0095-0096 teaches the GTP Filter verifies that there is a PDP Context that is active for this MS. Thus, as shown at step 162, GTP packets that do not meet the filtering criteria [in response to failed verification of the packet] are dropped [discard the packet]).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a faster transmit path associated with the packet, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane 

As per claim 10.  At least one computer-readable medium comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
faster path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
a packet is permitted to use a faster path route, and the packet including a faster path tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).

          Kavanagh however discloses verify that a packet is permitted, based at least in part on the packet context. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           verify that a packet is permitted, based at least in part on the packet context, as taught by Kavanagh in the at least one computer-readable medium of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

As per claim 17.  Palermo and Kavanagh disclose the at least one computer-readable medium of claim 10.
(Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo does not explicitly discloses in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a faster transmit path associated with the packet.
          Kavanagh however discloses in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a faster transmit path associated with the packet. (Kavanagh, par0095-0096 teaches the GTP Filter verifies that there is a PDP Context that is active for this MS. Thus, as shown at step 162, GTP packets that do not meet the filtering criteria [in response to failed verification of the packet] are dropped [discard the packet]).


As per claim 18.   A system comprising: a host system comprising one or more processors and one or more memory devices and (Palermo, par0020 teaches FIG. 1 shows an exemplary host platform architecture 100 [A system comprising: a host system] including platform hardware 102 and various software-based components … includes a central processing unit (CPU) 104 coupled to each of a memory interface 106 …Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113)
a network interface communicatively coupled to the host system, the network interface: (Palermo, par0035 teaches architecture 300 includes a host platform 302 coupled to a network interface 304 that may be integrated on the host platform (e.g., as a NIC).
fast path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
(Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path).
in response to the packet including the faster path tag, permit the packet to progress. (Palermo, par0061 teaches if the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo does not explicitly discloses verify that a packet has an expected context, in response to verification of the packet.
          Kavanagh however discloses verify that a packet has an expected context, in response to verification of the packet. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).


As per claim 20.  Palermo and Kavanagh disclose the system of claim 18.
          Palermo further discloses wherein the network interface comprises a wired or wireless network interface and further comprising one or more of: (Palermo, par0043 teaches each of NIC Cards 404 a and 404 b are coupled [wired or wireless] to an external switch 504 that is connected to network 118).
at least one storage device communicatively coupled to the network interface, (Palermo, par0024 teaches all or a portion of software components 130 may be stored on one or more storage devices (not shown) that are accessed via a network 122).
[examiner will not map the following since the first "or" condition is mapped] Or at least one interconnect communicatively coupled to the network interface.

Claims 2, 3, 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Kavanagh, and further in view of Miriyala et al. (US11159389B1) hereinafter Miriyala. 
As per claim 2.  Palermo and Kavanagh disclose the system of claim 1.
(Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
fast path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
determine if the faster path tag comprises a routing tag that matches a permitted routing tag, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo does not explicitly discloses verify that the packet has an expected context that matches an expected context associated with.
          Kavanagh however discloses verify that the packet has an expected context that matches an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           verify that the packet has an expected context that matches an expected context associated with, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo and Kavanagh do not explicitly disclose determine if the tag comprises a tag that matches a permitted tag.
          Miriyala however discloses determine if the tag comprises a tag that matches a permitted tag. (Miriyala, col29 par4 teaches policy agent 139 receives, from policy controller 23, a first policy rule that permits network traffic originating from interface 146C and includes tag 1. Policy agent 139 may examine categories applied to interfaces 146, determine that a category of interface 146A matches tag 1 of the first policy rule, and apply the policy rule only to interface 146A. VN agent 35 may subsequently permit network traffic originating from interface 146C and destined for interface 146A).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           determine if the tag comprises a tag that matches a permitted tag, as taught by Miriyala 

As per claim 3.  Palermo, Kavanagh and Miriyala disclose the system of claim 2.
          Palermo does not explicitly discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of 

As per claim 11.  Palermo and Kavanagh disclose the at least one computer-readable medium of claim 10.
          Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
faster path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
a packet is permitted to use a faster path route, and the packet including a faster path tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
determine if the faster path tag comprises a routing tag that matches a permitted routing tag, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo does not explicitly discloses verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an expected context associated with.
          Kavanagh however discloses verify that a packet is permitted, based at least in part on the packet context. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
verify that the packet has an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an expected context associated with, as taught by Kavanagh in the at least one computer-readable medium of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo and Kavanagh do not explicitly disclose determine if the tag comprises a tag that matches a permitted tag.
          Miriyala however discloses determine if the tag comprises a tag that matches a permitted tag. (Miriyala, col29 par4 teaches policy agent 139 receives, from policy controller 23, a first policy rule that permits network traffic originating from interface 146C and includes tag 1. Policy agent 139 may examine categories applied to interfaces 146, determine that a category of interface 146A matches tag 1 of the first policy rule, and apply the policy rule only to interface 146A. VN agent 35 may subsequently permit network traffic originating from interface 146C and destined for interface 146A).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           

As per claim 12.  Palermo, Kavanagh and Miriyala disclose the at least one computer-readable medium of claim 11.
          Palermo does not explicitly discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the at least one computer-readable .

Claims 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Kavanagh further in view of Miriyala, and further in view of Seely et al. (US20190109792A1) hereinafter Seely. 
As per claim 4.  Palermo, Kavanagh and Miriyala disclose the system of claim 2.
          Palermo further discloses the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
          Palermo, Kavanagh and Miriyala do not explicitly disclose wherein to permit the packet to progress, the at least one processor is to associate the packet with an egress queue.
          Seely however discloses wherein to permit the packet to progress, the at least one processor is to associate the packet with an egress queue. (Seely, par0023-0025 teaches the egress 106 may include an egress queue…. The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to …The egress metering and/or policing manager may meter and or police packets 104 coming from the egress queue on the way to departing the egress 106).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           

As per claim 13.  Palermo, Kavanagh and Miriyala disclose the at least one computer-readable medium of claim 11.
          Palermo further discloses comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).

          Seely however discloses an egress queue associated with an egress port, the egress queue and egress port associated with. (Seely, par0023-0025 teaches the egress 106 may include an egress queue…. The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to …The egress metering and/or policing manager may meter and or police packets 104 coming from the egress queue on the way to departing the egress 106).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           an egress queue associated with an egress port, the egress queue and egress port associated with, as taught by Seely in the at least one computer-readable medium of Palermo, Kavanagh and Miriyala, so mechanisms to monitor and influence the flow of information across the network may be utilized to monitor and influence the performance of the network, see Seely par0001.

Claims 5 - 7 and 14 - 16 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Kavanagh, and further in view of Hummel et al. (US20140137215A1) hereinafter Hummel. 
As per claim 5.  Palermo and Kavanagh disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to:  (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
(Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
determine if the faster path tag comprises a, tag that matches a permitted, tag, the permitted, tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo does not explicitly discloses verify that the packet has an expected context that matches an expected context associated with.
          Kavanagh however discloses verify that the packet has an expected context that matches an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           verify that the packet has an expected context that matches an expected context associated with, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           determine if the tag comprises a tag that matches a permitted tag, as taught by Hummel in the system of Palermo and Kavanagh, so flow tag permits decode functions to be 

As per claim 6.  Palermo, Kavanagh and Hummel disclose the system of claim 5.
           Palermo does not explicitly discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of 

As per claim 7  Palermo, Kavanagh and Hummel disclose the system of claim 5. 
          Palermo further discloses the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
          Palermo and Kavanagh do not explicitly disclose wherein to permit the packet to progress, to associate the packet with a destination queue.
          Hummel however discloses wherein to permit the packet to progress, to associate the packet with a destination queue. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           wherein to permit the packet to progress, to associate the packet with a destination queue, as taught by Hummel in the system of Palermo and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts 

As per claim 14.  Palermo and Kavanagh disclose the at least one computer-readable medium of claim 10.
          Palermo further discloses the at least one processor is to:   (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
faster path tag, and the packet including a faster path tag (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
use a faster path route, determine if the faster path tag comprises (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo does not explicitly discloses verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an expected context associated with.
(Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
verify that the packet has an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).

          Palermo and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           determine if the tag comprises a tag that matches a permitted tag, as taught by Hummel in the at least one computer-readable medium of Palermo and Kavanagh, so flow tag 

 As per claim 15.  Palermo, Kavanagh and Hummel disclose the at least one computer-readable medium of claim 14.
           Palermo does not explicitly discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           wherein the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the at least one computer-readable medium of Palermo, so GTP Filter performs specific filtering rules, this limits the effect 

As per claim 16  Palermo, Kavanagh and Hummel disclose the at least one computer-readable medium of claim 14. 
          Palermo further discloses comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo and Kavanagh do not explicitly disclose permit the packet to progress to a destination queue associated with associated with the permitted queue tag.
(Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           permit the packet to progress to a destination queue associated with associated with the permitted queue tag, as taught by Hummel in the at least one computer-readable medium of Palermo and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Kavanagh, further in view of Hummel, and further in view of Seely. 
As per claim 19.  Palermo and Kavanagh disclose the system of claim 18.
           Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
(Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
permit the packet to progress to, the permitted routing tag and the faster path tag comprising a routing tag that matches a permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo does not explicitly discloses based on the packet having an expected context associated with, the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses based on the packet having an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           based on the packet having an expected context associated with, the expected context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           a queue tag that matches a permitted queue tag, the permitted queue tag, as taught by Hummel in the system of Palermo and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.
          Palermo, Kavanagh and Hummel do not explicitly disclose permit the packet to progress to a destination queue, an egress queue.
          Seely however discloses permit the packet to progress to a destination queue, an egress queue. (Seely, par0021, 0023 teaches the egress 106 may be an interface with a destination node … The egress 106 may include an egress queue. … The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of           permit the packet to progress to a destination queue, an egress queue, as taught by 

Conclusion
The prior art made of record and not relied upon is considered pertinent are -
• Patel et al. (US9742672B1) – Related art in the area of an edge routing device of a service provider network includes a processing unit configured to retrieve, from a packet received via the one or more network interfaces, priority data from an Internet protocol (IP) header of the packet, form a first tag.
• Morrow (US7522601B1) – Related art in the area of a filtered router flag value in an information packet for packet-based communication networks. The presence of the filtered router flag value identifies the information packet as possibly requiring a slow-path routing technique.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907. The examiner can normally be reached Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442