DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendments filed on 03/04/2022.
 Claims 1-36 are currently pending in this application. Claims 7, 35 and 36 have been amended.
No new IDS has been filed.

Response to Arguments
The previous objection to the abstract and specification has been withdrawn in response to the applicants’ amendments/remarks.
The previous double patenting rejections to the claims 1-36 have been withdrawn in response to the applicants’ amendments/remarks (for the claims 35 and 36) and filing of a terminal disclaimer (for the claims 1-34), which is approved on 03/07/2022.

Allowable Subject Matter
Claims 1-36 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Regarding independent claims 1, 18, 35 and 36,

Lee et al. (US 2016/0248686 A1) teaches a device for establishing flows associated with one or more applications using control plane signaling. A gateway device obtains a request for a network token during the control plane signaling. The gateway device derives the network token and sends it to the device and/or an access node during the control plane signaling. The device and/or access node obtain the network token, where the network token is associated with a first flow of the one or more flows, a first application of the one or more applications, and provisioned to the device or access node via the control plane signaling. The network token may be included in a packet sent in the user plane from the device. The network token may be verified at the access node and/or the gateway device using a cryptographic function and sent to its destination based on the results of the verification - see figs. 1, 2; abstract, paras. [0018] - [0021] and [0064] of Lee.

Serebrin (US 2015/0326542 A1) teaches a method and system implementing a live migration of a guest on a virtual machine of a host server to a target server. A host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receiving token. The receiving token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server. A transaction table may be implemented, where tuples indexed by corresponding flow identifiers are stored – see abstract, figs. 1, 3; paras. [0019] and [0039] of Serebrin.

Ueno et al. (US 2011/0185039 A1) teaches an access control device to cause an information processing device to execute access control between a client device and two or more server devices. The device receives an open request for causing the information processing device to open the port of a port number that is a port number to be transmitted to the client device according to completion of one process of a plurality of processes to be executed on a first server device which is one of the two or more server devices. The device generates information for data transfer for opening the port of the port number based on information for identifying the first server device which transmitted the open request, which is included in the received open request. The device transmits the generated information for data transfer to the information processing device – see figs. 6, 9; abstract and par. [0018] of Ueno.

However, the prior art of record does not teach or render obvious the limitations, specific and combination with other limitations for:
the claims 1 and 18 in a medium and system of:
receiving a description of a flow entry in a packet from another node, the description of the flow entry including an address in a flow, a flow identifier (ID) of the flow entry, a flow version, an address and port information for one 
storing the flow entry and the private key in a database indexed to by flow ID;
receiving a packet, wherein the packet comprises an authentication code and packet data including packet sequence information and a flow ID of the packet;
performing a look up in the database of a flow entry corresponding to the flow ID of the packet; and
ignoring the packet or forwarding the packet to the IP address of the next node in the flow, depending on the result of the look-up.

the claim 35 in a master server system of:
receiving node information from nodes in a network;
determining one or more flow routes between a beginning node and an end node from node information wherein each flow route of the one or more flow routes includes one or more nodes in the network other than the beginning node and the end node;
sending flow route information to one or more nodes, wherein the flow route information includes one or more flow tokens corresponding to each node of one or more nodes in a flow route of the one or more flow routes, and a flow token for the server and wherein each flow token includes a flow identifier, a 

the claim 36 in a matchmaker server system of:
receiving a request from a client to connect to one or more servers;
requesting one or more flow routes between the client and one or more servers from a master server;
receiving flow route information for one or more flow routes between the client and the one or more servers from the master server, wherein the flow route information for a given flow route of the one or more flow routes includes a flow token for the client, one or more flow tokens corresponding to each relay of one or more relays in the given flow route, and a flow token for the server and wherein each flow token includes a flow ID, a flow version, a flow private key, an internet protocol (IP) address and port for a previous node and/or an IP address and port for a next.

Dependent claims 2-17 and 19-34 are allowed as they depend from allowable independent claim 1 or 18.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.