DETAILED ACTION
This office action is in response to the correspondence filed on 06/02/2020. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 04/19/2021. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Objections
The specification and claims 9, 12, and 15 are objected:
In the specification, regarding sentences like the following: “other data packets in the stream of data packets having MAC signatures that do/do not match the generated MAC are discarded,” it seems to be a typo when “not” is missing in some instances as discarding packets when the MAC matches seem to be the undesired outcome. 
In the specification, regarding [0011], “the application-layer network segment limits communications being sent and read by specific applications executing on the computing comprising the virtual network segment” should likely read “the application-layer network segment limits communications being sent and read by specific applications executing on the hosts comprising the virtual network segment”. Claim 9 has the same error that should be corrected.
In the specification, regarding [0014], “configured to transmit/send a second communication to one or more computing hosts in another network segment be using a another previously received or generated pre-shared key” should likely read “configured to transmit/send a second communication to one or more computing hosts in another network segment [[be]]by using a another previously received or generated pre-shared key”. Claim 12 has the same error that should be corrected.
Claim 15 is missing a period at the end of the limitation.
Please check and correct the entire specification and claim set to ensure accuracy.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Regarding independent claims 1, 13, and 18 and their dependent claims, “wherein other data packets in the stream of data packets having MAC signatures that do match the generated MAC are discarded” should likely read “wherein other data packets in the stream of data packets having MAC not match the generated MAC are discarded” as discarding packets when the MAC matches seem to be the undesired outcome.
Examiner notes that for the purpose of examination, it is interpreted that packets are discarded when the MAC do not match.

Regarding claim 12, the limitation recites “the other MAC”, which was never recited before. There is insufficient antecedent basis for this limitation in the claim. “The other MAC” is likely referring to “the another MAC” (note that “the another” is merely used to point out which MAC the examiner thinks it should be, please correct it using a better description) previously recited but to avoid confusion, please clarify it so there is no confusion.
Examiner notes that for the purpose of examination, it is interpreted that the limitation has the equivalent meaning of “the another MAC” (i.e. mentioned “a another MAC” earlier in the limitation).
Please clarify and thoroughly review the claim set for accuracy.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-6, 13-14, 16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Rivest ("Chaffing and winnowing: Confidentiality without encryption", referred to as Rivest), in view of Komano et al. (US Pub No. 2017/0139795 A1, referred to as Komano).
garding claims 1, 13, and 18, taking claim 1 as exemplary, Rivest discloses,
…send a first communication to one or more of the computing hosts… by using a previously received or generated pre-shared key (PSK) to algorithmically generate a Message Authentication Code (MAC) and sign each data packet that comprises the first communication with the MAC, and (Rivest: P. 12, 2nd Coln, para. 3-5; the sender breaks the message into packets, and authenticates each packet using a secret authentication key (PSK). That is, the sender appends to each packet a “message authentication code” or “MAC” computed as a function of the packet contents and the secret authentication key (sign), using some standard MAC algorithm. There is a secret key shared by the sender and the receiver to authenticate the origin and contents of each packet—the legitimate receiver.) P. 14, 2nd Coln, 3rd para; Alice is communicating with Bob (send or receive) using a standard packet-based communication scheme. Each packet is authenticated with a MAC created using a secret authentication key (PSK) known only to Alice and Bob.)
receive a second communication from one of the computing hosts and read the second communication by using the PSK to algorithmically generate the MAC, comparing the generated MAC to MAC signatures of data packets within a received stream of data packets, determining that the generated MAC matches MAC signatures in one or more data packets within the received stream of data packets, and assembling the one or more data packets into the second communication, wherein other data packets in the stream of data packets having MAC signatures that do (not) match the generated MAC are discarded. (Rivest: P. 12, 2nd Coln, para. 3-5; there is a secret key shared by the sender and the receiver to authenticate the origin and contents of each packet—the legitimate receiver, knowing the secret authentication key, can determine that a packet is authentic by recomputing the MAC (generating MAC) and comparing it to the received MAC. If the comparison fails, the packet and its MAC are automatically discarded. P. 13, 1st Coln, para. 1; reassembling the file.)
Rivest does not explicitly disclose, however Komano teaches,
1. A system for dynamic segmentation of computing network traffic, the system comprising:
a plurality of computing hosts, each computing host including a first memory component and at least one first processing component in communication with the first memory component, wherein the first memory component stores first computer-readable instructions that are executable by the at least first one processing component and are configured to: (Komano: Fig. 1; [0020]; communication between subnetworks in the vehicle-mounted network system 1 and communication between the vehicle-mounted network system 1 and an external network, and a pre-shared key shared between the communicating ECUs 20 (hosts).)
…send a first communication to one or more of the computing hosts comprising a virtual network segment... (Komano: Fig. 1; [0020]; communication between subnetworks (subnetworks can be physical or virtual) in the vehicle-mounted network system 1 and communication between the vehicle-mounted network system 1 and an external network, and a pre-shared key shared between the communicating ECUs 20.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Komano of into the teachings of Rivest with a motivation to ensure the validity of communication in order to prevent wrong control by testing and using a pre-shared key shared between the communicating ECUs that control moving objects such as automobiles (Komano: [0003-0004], [0020]).


Regarding claim 2, the combination of Rivest and Komano discloses,
2. The system of Claim 1, 
Rivest does not explicitly disclose, however Komano teaches,
further comprising a centralized security system including a second memory component and at least one second processing component in communication with the second memory component, wherein the second memory component stores second computer-readable instructions that are executable by the at least one second processing component and are configured to: (Komano: Fig. 2; [0020], [0026]; GW 10.)
manage key exchange protocol for dynamic distribution of pre-shared keys (PSKs) to the plurality of computing hosts, (Komano: [0022]; GW 10 distributes a session key to be used for deriving a MAC value to each of the communicating ECUs 20 (hosts). [0067]; GW 10 distributes key to each ECU according to some protocol.) wherein the distribution of a specific PSK to two or more of the plurality of computing hosts defines a network segment. (Komano: [0020]; subnetworks (network segment). [0024]; ECUs 20 belonging to the same group share the same pre-shared key.)
The same motivation that was utilized for combining Rivest and Komano as set forth in claim 1 is equally applicable to claim 2.


Regarding claim 4, the combination of Rivest and Komano discloses,
4. The system of Claim 1, wherein the first instructions configured to send the first communication are further configured to:
Rivest further discloses,
insert false data packets within a stream of data packets that includes the data packets comprising the first communication. (Rivest: P. 13, 1nd Coln, para. 2; the second process involved in sending a message is “adding chaff”: adding fake packets with bogus MACs. The chaff packets have the correct overall format, have reasonable serial numbers and reasonable message contents, but have MACs that are not valid.)

Regarding claim 5, the combination of Rivest and Komano discloses,
5. The system of Claim 4, 
Rivest further discloses,
wherein the first instructions configured to insert the false data packets are further configured to insert false data packets within the stream of data packets that includes the data packets comprising the first communication, wherein the false data packets include portions of concurrently transmitted other communications or previous communications. (Rivest: P. 13, 1nd Coln, para. 2; the second process involved in sending a message is “adding chaff”: adding fake packets with bogus MACs. The chaff packets have the correct overall format, have reasonable serial numbers and reasonable message contents (can be other or previous communications), but have MACs that are not valid.)


Regarding claim 6, the combination of Rivest and Komano discloses,
6. The system of Claim 4, 
Rivest further discloses,
wherein the first instructions are further configured to generate the false data packets. (Rivest: P. 13, 1nd Coln, para. 2; the second process involved in sending a message is “adding chaff”: adding fake packets with bogus MACs. The chaff packets have the correct overall format, have reasonable serial numbers and reasonable message contents, but have MACs that are not valid (chaff needs to be generated before they can be inserted).)


Regarding claim 14, the combination of Rivest and Komano discloses,
14. The computer-implemented method of Claim 13, further comprising:
Rivest does not explicitly disclose, however Komano teaches,
managing key exchange protocol for dynamic distribution of pre-shared keys (PSKs) from a centralized computing entity to the plurality of computing hosts, (Komano: [0022]; GW 10 (centralized computing entity) distributes a session key to be used for deriving a MAC value to each of the communicating ECUs 20 (hosts). [0067]; GW 10 distributes key to each ECU according to some protocol.) wherein the distribution of a specific PSK to two or more of the plurality of computing hosts defines a network segment. (Komano: [0020]; subnetworks (network segment). [0024]; ECUs 20 belonging to the same group share the same pre-shared key.)
The same motivation that was utilized for combining Rivest and Komano as set forth in claim 1 is equally applicable to claim 14.


Regarding claim 16, the combination of Rivest and Komano discloses,
16. The computer-implemented method of Claim 13, 
Rivest further discloses,
further comprising:
inserting false data packets within a stream of data that includes the data packets comprising the first communication, wherein the false data packets include at least one of portions of previous communications and data generated at the computing host. (Rivest: P. 13, 1nd Coln, para. 2; the second process involved in sending a message is “adding chaff”: adding fake packets with bogus MACs. The chaff packets have the correct overall format, have reasonable serial numbers and reasonable message contents (can be other or previous communications), but have MACs that are not valid.)


Regarding claim 19, the combination of Rivest and Komano discloses,
19. The computer program product of Claim 18, wherein the computer-readable medium further comprises:
Rivest does not explicitly disclose, however Komano teaches,
a third set of codes for causing a computer processing component to manage key exchange protocol for dynamic distribution of pre-shared keys (PSKs) to the plurality of computing hosts, (Komano: [0022]; GW 10 (centralized computing entity) distributes a session key to be used for deriving a MAC value to each of the communicating ECUs 20 (hosts). [0067]; GW 10 distributes key to each ECU according to some protocol.) wherein the distribution of a specific PSK to two or more of the plurality of computing hosts defines a network segment. (Komano: [0020]; subnetworks (network segment). [0024]; ECUs 20 belonging to the same group share the same pre-shared key.)
The same motivation that was utilized for combining Rivest and Komano as set forth in claim 1 is equally applicable to claim 19.


Regarding claim 20, the combination of Rivest and Komano discloses,
20. The computer program product of Claim 18, wherein the computer-readable medium further comprises:
Rivest further discloses,
a third set of codes for causing a computer processing component to insert false data packets within a stream of data that includes the data packets comprising the first communication, wherein the false data packets include at least one of portions of previous communications and data generated at the computing host. (Rivest: P. 13, 1nd Coln, para. 2; the second process involved in 


Claims 3 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Rivest, in view of Komano, further in view of Choi et al. (US Pub No. 2015/0003607 A1, referred to as Choi).
Regarding claim 3, the combination of Rivest and Komano discloses,
3. The system of Claim 1, 
The combination of Rivest and Komano does not explicitly disclose, however Choi teaches,
wherein the first instructions are further configured to algorithmically generate the PSK, wherein generation of the PSK by two or more of the computing hosts provides for an ad-hoc network segment. (Choi: [0030]; electronic device can participate in creating a group network or join the group network created by other electronic devices. When the electronic device participates in creating a group network or join the group network, it can generate an encryption key (such as a 128-bit encryption key) using a hash function (algorithmically) shared among the electronic devices and perform data communication secured based on the encryption key.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Choi into the combination of Rivest and Komano with a motivation to facilitate secure group connection by minimizing the connection delay with least user interaction by creating smaller device group networks that share the same encryption key that the devices generate (Choi: [0004]).


claim 15, the combination of Rivest and Komano discloses,
15. The computer-implemented method of Claim 13, 
The combination of Rivest and Komano does not explicitly disclose, however Choi teaches,
further comprising:
algorithmically generating the PSK at two or more of the computing hosts, wherein generation of the PSK by two or more of the computing hosts provides for an ad-hoc network segment (Choi: [0030]; electronic device can participate in creating a group network or join the group network created by other electronic devices. When the electronic device participates in creating a group network or join the group network, it can generate an encryption key (such as a 128-bit encryption key) using a hash function (algorithmically) shared among the electronic devices and perform data communication secured based on the encryption key.)
The same motivation that was utilized for combining Rivest, Komano and Choi as set forth in claim 3 is equally applicable to claim 15.


Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Rivest, in view of Komano, further in view of Makansi et al. (US Pub No. 2002/0154631 A1, referred to as Makansi).
Regarding claim 8, the combination of Rivest and Komano discloses, 
8. The system of Claim 1, 
The combination of Rivest and Komano does not explicitly disclose, however Makansi teaches,
wherein the first instructions configured to send the first communication are further configured to algorithmically rearrange the data packets that comprise the first communication in a random order and send the data packets in the random order within a data stream. (Makansi: [0041]; the packets can be transmitted in random order through the same route in the network. For example, if 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings of Makansi into the combination of Rivest and Komano with a motivation to transmitting a message as packets over a network less susceptible to unauthorized access by transmitting the packets in random order (Makansi: [0010]).



Allowable Subject Matter
Claims 7, 9-12, and 17 contains allowable subject matter but remain rejected under 112 rejection. It is also objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and the stated rejection(s) are resolved.
The following is an examiner’s statement of reasons for allowance: 
Although prior arts Rivest, Komano, Choi and Makansi above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses generating the false data packets by applying at least one of the data packets to an exclusive or (XOR) gate bitwise with a log of network traffic and a pre-computed salt value; the received or generated PSK defines an application-layer network segment or a data-layer network segment; the received or generated PSK defines a network session-based network segment, wherein the network-session-based network segment limits communications being sent and read to a duration of a specific network session; sending a second communication to one or more computing hosts in another network segment be using a another previously received or generated pre-shared key (PSK) to algorithmically generate another Message Authentication Code (MAC) and sign each data packet that comprises the second communication with the other MAC as described in the claims.
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The listed references disclose relevant inventions of secure communication using keys and message authentication code.
IZU; Tetsuya et al.	US-PGPUB	US 20150134963 A1
Ginzboorg; Philip et al.	US-PGPUB	US 20170257762 A1
SHIN; Kang G. et al.	US-PGPUB	US 20180131524 A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/KA SHAN CHOY/Examiner, Art Unit 2435                                                                                                                                                                                                        

/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435