DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on Feb 18, 2022 has been entered.

Response to Amendment
Claims 1-6 and 10-17 are pending in this application. Claims 1, 10, 12 and 15 have been amended. Claim 17 has been newly added. Claims 7-9 have been canceled.

Response to Arguments
Applicant’s arguments with respect to claims 1 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Further notes on applicant’s arguments about Bifulco et al (US 20180048561 A1, Priority Date March 12, 2015) fails to disclose: “monitoring the packet”. The examiner respectively disagrees even though new reference cited in this office action to address the issue because Bifulco’561 discloses: “forwarding element marks the data, preferably each packet, to be delayed with a delay indication for later evaluation”. Here “late evaluation” can be equated to monitoring. 
Copy of the provisional application 62238510 being attached.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-6 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Dukes et al (US 9252972 B1, Priority Date: Dec 20, 2012) in view of Shanklin et al (US20020133586A1), and further in view of PASUPATHY et al (US20170288987A1, Priority Date: Mar 29, 2016) and Malomsoky et al (US20110080835A1).

Regarding claim 1 (Currently Amended), Dukes’972 discloses a method for monitoring packets in a communication network (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), said method comprising:
a) at an ingress point of said communication network (see, Fig. 2, flow control unit work with policy engine and DPI inside service card,  col. 2 line 3-6), classifying at least one packet of a traffic received at the ingress point for determining whether packets of said traffic are to be monitored and, in the affirmative, associating them with a service of monitoring (see, Flow control unit of router detects new packet flow associated with packets section, DPI module receive packets from flow control unit and selectively provide security and other services to the packets for the monitored traffic in accordance policies installed by local policy engine, col. 2 line 3-6, col. 10 line 46-55); 
b) creating a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring (see, Policy engine of the router outputs message to request a policy from policy server upon detection of new packet flow, col. 2 line 14-20); 
c) installing said selection policy at one or more measuring points within the communication network  (see, policy server response router with specific policy for policy engine to install the policy within policy database, col. 2 line 14-20. Note: fig. 2, measuring points corresponding to Policy engine with policy database inside the router, col. 2 line 14-15); 
d) at each of said one or more measuring points (see, fig. 2, Policy engine with policy database inside the router, col. 2 line 14-15), identifying said packet flow on the basis of said selection policy (see, Policy engine to detect service data flow according to policies stored in policy database,  col. 8 line 62-col. 9 line 3); and
e) at each of said one or more measuring points (see, fig. 2, Policy engine with policy database inside the router, col. 2 line 14-15), applying monitoring actions associated with said service of monitoring to said identified packet flow (see, Policy engine work with policy database to applying actions such as label control on the packets  and QOS processing on the service data flow, col. 8 line 66-col. 10 line 16).  
Dukes’972 discloses all the claim limitations but fails to explicitly teach:
b) creating, by said ingress point, a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring, the selection policy being based on a classification policy used to classify the at least one packet in step a);
f) at said ingress point, after said step b), marking the packets of said packet flow to be monitored, 
wherein said marking comprises setting a feature of each packet of the packet flow to be monitored to a given value suitable for distinguishing said packet flow to be monitored from another packet flow that is not to be monitored, and 
said marking comprises setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However Shanklin’586 from the same field of endeavor (see, fig. 1, data traffic monitoring system for protecting networks includes packet daemons (pktd) 52 as IDS (intrusion detection system) running on each port 56 of router 58, par 0010, 0034) discloses:
b) creating, by said ingress point (see, physical network input port in a router 58, par 0064), a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring (see, Fig. 3, adaptive firewall 54 operates with the sorting and counting procedures of the packet daemon on the physical network input port in a router automatically updating rule for the packets of the traffic if transmitted packets of the attacker's traffic has shown up or subsided when number of packets from any one source exceeds the data packet threshold value during the pre-determined sample time, abstract, par 0063-0064. Noted, service of monitoring corresponding to transmission of the attacker's traffic to be monitored and processed including alert, denial of service, request for throttling and redirection (for further analysis), par 0019, 0064 and 0073), the selection policy being based on a classification policy used to classify the at least one packet in step a) (see, dynamic rules categorized with different protocol type to analysis and sort the packets, par 0008, 0061, 0071 and 0074).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the method as taught by Shanklin’586 into that of Dukes’972. The motivation would have been to perform monitoring operations by adaptive firewall that not dependent on a rules based on statically configured monitoring and defense model (par 0063).
The combination of Dukes’972 and Shanklin’586 discloses all the claim limitations but fails to explicitly teach:
f) at said ingress point, after said step b), marking the packets of said packet flow to be monitored, 
wherein said marking comprises setting a feature of each packet of the packet flow to be monitored to a given value suitable for distinguishing said packet flow to be monitored from another packet flow that is not to be monitored, and 
said marking comprises setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However PASUPATHY’987 from the same field of endeavor (see, fig. 1a and 2, systems  including network device (router) receives network traffic comprises multiple traffic flows associated with applications, par 0013) discloses:
f) at said ingress point (Note, fig. 3, controller coordinates with input component, par 0038), after said step b) (see, updated new rule created by machine learning in network device, par 0057), marking the packets of said packet flow to be monitored(see, network device generates application signature according to contextual information based on rule base after updated new rule created by machine learning in network device, application signature used to improve the effectiveness of application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, track appropriate information, par 0001, 0014, 0023, 0057 and 0069), 
wherein said marking (see, generates application signature for the packets in network traffic, par 0014 and 0044) comprises setting a feature (see, contextual information from the network traffic such as requested URI and the hostname classified as HTTP, par 0014) of each packet of the packet flow (see, data packets in network traffic corresponding to applications, par 0043-0044) to be monitored (see, application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, par 0001, 0020) to a given value (see, application signature for the packets in traffic flows associated with applications , par 0013-0014 and 0044. Noted, application signatures comparing based on hash function, therefore application signature are values and different application signature for different flow, par 0019) suitable for distinguishing said packet flow (see, traffic flows, par 0013) to be monitored from another packet flow that is not to be monitored (see, network device generates application signature according to contextual information such as requested URI and the hostname classified as HTTP, application signature used to improve the effectiveness of application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, track appropriate information, par 0001, 0014, 0023, 0057 and 0069. Noted, flows without application signature corresponding to another packet flow that is not to be monitored).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the method as taught by PASUPATHY’987 into that of Dukes’972 modified by Shanklin’586. The motivation would have been to identify the application based on the application signature (par 0078).
The combination of Dukes’972, Shanklin’586 and PASUPATHY’987 discloses all the claim limitations but fails to explicitly teach: said marking comprises setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However Malomsoky’835 from the same field of endeavor (see, fig.1, one node performing marking, packet processing and monitoring, par 0057) discloses: said marking (see, marking each selected packets with identifier in flow with monitoring indicator, par 0061, 0065) comprises setting one or more bits (see, monitoring indicator comprises bits to be used for the monitoring, par 0067 and 0073) of a given field of a header (see, marking in encapsulation header or outer IP header, par 0135, 0141) of each packet of said packet flow (see, serial flow of packets with uniquely identifier, par 0061) to be monitored to a predetermined value (see, marking each selected packets with unique identifier in flow with predetermined monitoring indicator that comprises bits to be marked in encapsulation header or outer IP header used for monitoring, par 0061, 0065,0067, 0073, 0135, 0141).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the method as taught by Malomsoky’835 into that of Dukes’972 modified by Shanklin’586 and PASUPATHY’987. The motivation would have been to enable simple identification of flows to be observed (par 0120).

Regarding claim 2 (Previously Presented), Dukes’972 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), wherein said classifying is performed by applying a classification policy comprising one or more classification rules to be applied to one or more classification attributes of the packets (see, characterize packet flows according to matching parameters of the packets specified by policies , col. 5 line 3-8 and col. 9 line 3-11).   

Regarding claim 3 (Previously Presented), Dukes’972 discloses the method according to claim 2 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), wherein said one or more classification attributes are defined among identifying attributes comprised within a header of said packets (see, characterize packet flows according to match parameters such as the IP5-tuple specified in IP packet headers, other packet header information, col. 5 line 20-25).  

Regarding claim 4 (Original), Dukes’972 discloses the method according to claim 3 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), wherein said identifying attributes comprise one or more of: a source address, a destination address, a source port number, a destination port number, a transmission protocol, a class of service (see, characterize packet flows according to match parameters such as the IP5-tuple consisting of the source address, destination address, Source port, destination port, and transport protocol specified in IP packet headers, other packet header information, and/or information obtained from Deep-Packet Inspection (DPI), col. 5 line 20-25). 

Regarding claim 5 (Previously Presented), Dukes’972 discloses the method according to claim 2 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55),	wherein said creating a selection policy comprises applying selection policy creation instructions associated with said service of monitoring (see, Instructions cause processor to output a message to request a policy from a policy server and further cause processor to install the policy within the policy database upon receiving response, col. 2 line 27-42).  

Regarding claim 6 (Previously Presented), Dukes’972 discloses the method according to claim 2 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), wherein said selection policy comprises one or more predefined values or ranges for one or more selection attributes for identifying the packets of said packet flow, said selection attributes being defined among said identifying attributes of the packets ( see, apply DPI to the data packets to identify an application identity such as HTTP protocol , col. 10 line 55-62. Note: HTTP protocol belong to predefined transport protocol specified in IP packet headers, col. 5 line 20-25). 

Regarding claim 15 (Currently Amended), Dukes’972 discloses a node for a communication network (see, fig. 1, routers in network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), comprising: 
- at ingress point (see, Fig. 2, flow control unit work with policy engine and DPI inside service card, col. 2 line 3-6) configured to classify at least one packet of a traffic received at the node for determining whether packets of said traffic are to be monitored and, in the affirmative, associate them with a service of monitoring (see, Flow control unit of router detects new packet flow received at the router associated with packets section,  DPI module receive packets from flow control unit and selectively provide security and other services to the packets for the monitored traffic in accordance policies installed by local policy engine, col. 2 line 3-6, col. 10 line 46-55), and further configured to create a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring (see, Policy engine of the router outputs message to request a policy from policy server upon detection of new packet flow, col. 2 line 14-20); and 
- measuring point (see, fig. 2, Policy engine with policy database inside the router, col. 2 line 14-15)configured to identify said packet flow to be monitored on the basis of said selection policy (see, Policy engine to detect service data flow for monitoring according to policies stored in policy database,  col. 8 line 62-col. 9 line 3, col. 10 line 53-55), and apply monitoring actions associated with said service of monitoring to said identified packet flow (see, Policy engine work with policy database to applying actions such as label control on the packets  and QOS processing on the service data flow, col. 8 line 66-col. 10 line 16).
Dukes’972 discloses all the claim limitations but fails to explicitly teach:
create, by said ingress point, a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring, the selection policy being based on a classification policy used to classify the at least one packet.
wherein at said ingress point, after creation of said selection policy, the packets of said packet flow to be monitored are marked, 
the packets are marked by setting a feature of each packet of the packet flow to be monitored to a given value suitable for distinguishing said packet flow to be monitored from another packet flow that is not to be monitored, and by setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However Shanklin’586 from the same field of endeavor (see, fig. 1, data traffic monitoring system for protecting networks includes packet daemons (pktd) 52 as IDS (intrusion detection system) running on each port 56 of router 58, par 0010, 0034) discloses:
create, by said ingress point (see, physical network input port in a router 58, par 0064), a selection policy to identify a packet flow of said packets to be monitored according to the service of monitoring (see, Fig. 3, adaptive firewall 54 operates with the sorting and counting procedures of the packet daemon on the physical network input port in a router 58 automatically updating rule for the packets of the traffic if transmitted packets of the attacker's traffic has shown up or subsided when number of packets from any one source exceeds the data packet threshold value during the pre-determined sample time, abstract, par 0063-0064. Noted, service of monitoring corresponding to transmission of the attacker's traffic to be monitored and processed including alert, denial of service, request for throttling and redirection (for further analysis), par 0019, 0064 and 0073), the selection policy being based on a classification policy used to classify the at least one packet (see, dynamic rules categorized with different protocol type to analysis and sort the packets, par 0008, 0061, 0071 and 0074).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the node as taught by Shanklin’586 into that of Dukes’972. The motivation would have been to perform monitoring operations by adaptive firewall that not dependent on a rules based on statically configured monitoring and defense model (par 0063).
The combination of Dukes’972 and Shanklin’586 discloses all the claim limitations but fails to explicitly teach:
wherein at said ingress point, after creation of said selection policy, the packets of said packet flow to be monitored are marked, 
the packets are marked by setting a feature of each packet of the packet flow to be monitored to a given value suitable for distinguishing said packet flow to be monitored from another packet flow that is not to be monitored, and by setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However PASUPATHY’987 from the same field of endeavor (see, fig. 1a and 2, systems  including network device (router) receives network traffic comprises multiple traffic flows associated with applications, par 0013) discloses:
wherein at said ingress point (Note, fig. 3, controller coordinates with input component, par 0038), after creation of said selection policy (see, updated new rule for traffic classification created by machine learning in network device, par 0014, 0057), the packets of said packet flow to be monitored are marked (see, network device generates application signature according to contextual information based on rule base after updated new rule created by machine learning in network device, application signature used to improve the effectiveness of application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, track appropriate information, par 0001, 0014, 0023, 0057 and 0069), 
the packets are marked (see, generates application signature for the packets in network traffic, par 0014 and 0044) by setting a feature (see, contextual information from the network traffic such as requested URI and the hostname classified as HTTP, par 0014) of each packet of the packet flow (see, data packets in network traffic corresponding to applications, par 0043-0044) to be monitored (see, application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, par 0001, 0020) to a given value (see, application signature for the packets in traffic flows associated with applications , par 0013-0014 and 0044. Noted, application signatures comparing based on hash function, therefore application signature are values and different application signature for different flow, par 0019) suitable for distinguishing said packet flow (see, traffic flows, par 0013) to be monitored from another packet flow that is not to be monitored (see, network device generates application signature according to contextual information such as requested URI and the hostname classified as HTTP, application signature used to improve the effectiveness of application reporting and support network security and services such as application-aware firewalls, application-aware traffic visibility and intrusion detection, track appropriate information, par 0001, 0014, 0023, 0057 and 0069. Noted, flows without application signature corresponding to another packet flow that is not to be monitored),
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the node as taught by PASUPATHY’987 into that of Dukes’972 modified by Shanklin’586. The motivation would have been to identify the application based on the application signature (par 0078).
The combination of Dukes’972, Shanklin’586 and PASUPATHY’987 discloses all the claim limitations but fails to explicitly teach: by setting one or more bits of a given field of a header of each packet of said packet flow to be monitored to a predetermined value.

However Malomsoky’835 from the same field of endeavor (see, fig.1, one node performing marking, packet processing and monitoring, par 0057) discloses: by setting one or more bits (see, monitoring indicator comprises bits to be used for the monitoring, par 0067 and 0073) of a given field of a header (see, marking in encapsulation header or outer IP header, par 0135, 0141) of each packet of said packet flow (see, serial flow of packets with uniquely identifier, par 0061) to be monitored to a predetermined value (see, marking each selected packets with unique identifier in flow with predetermined monitoring indicator that comprises bits to be marked in encapsulation header or outer IP header used for monitoring, par 0061, 0065,0067, 0073, 0135, 0141).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the node as taught by Malomsoky’835 into that of Dukes’972 modified by Shanklin’586 and PASUPATHY’987. The motivation would have been to enable simple identification of flows to be observed (par 0120).

Regarding claim 16 (Previously Presented), Dukes’972 discloses a communication network (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55) comprising 
a first node according to claim 15 (see, fig. 1, a router in network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55)  and 
a second node (see, fig. 1, routers other than first router in network system, col. 3 line 3-46, col. 10 line 53-55 ) configured to receive said packet flow (see, fig. 1, routers comprises a plurality of interfaces configured to send and receive packets, abstract, col. 2 line 1-2), 
said node comprising a measuring point (see, fig. 2, Policy engine with policy database inside the router, col. 2 line 14-15) configured to identify said packet flow to be monitored on the basis of said selection policy (see, Policy engine to detect service data flow for monitoring according to policies stored in policy database,  col. 8 line 62-col. 9 line 3, col. 10 line 53-55), and 
apply monitoring actions associated with said service of monitoring to said identified packet flow (see, Policy engine work with policy database to applying actions such as label control on the packets  and QOS processing on the service data flow, col. 8 line 66-col. 10 line 16).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view of Shanklin’586, and further in view of PASUPATHY’987 and Malomsoky’835 as applied to claim 1 above, and further in view of SZYMANSKI (US 20180310078 A1, Pro 62238510 Priority Date Oct 07, 2015).

Regarding claim 10 (Currently Amended), Dukes’972 modified by Shanklin’586, PASUPATHY’987 and Malomsoky’835 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55). 
The combination of Dukes’972, Shanklin’586, PASUPATHY’987 and Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: at an egress point of said communication network, restoring said feature of said marked packet to a predetermined restoration value associated with said selection policy.    

	However SZYMANSKI’078 from the same field of endeavor (see, fig. 1a and 9, deterministic packet-switch with Combined Input Queues (IQ) and Output Queues (OQs) used in IP network, ATM networks and MPLS networks , paragraph 0002, 0079) discloses at an egress point of said communication network, restoring said feature (see, Guaranteed-Rate of the traffic flow, par 0164) of said marked packet (see, packet with flow-label number, par 0163) to a predetermined restoration value associated with said selection policy (see, a new flow-label created for aggregated flow when flows are aggregated, remove flow-label for the aggregated flow and replacing it with original flow-labels of the flows when flows are dis-aggregated at the deterministic packet switches, paragraph 0163-0164).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the method as taught by SZYMANSKI’078 into that of Dukes’972 modified by Shanklin’586 and Bifulco’561. The motivation would have been to illustrate a Flow-Table for the proposed deterministic packet switches (par 0163).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view Shanklin’586, and further in view of PASUPATHY’987 and Malomsoky’835 as applied to claim 1 above, and further in view of Bifulco’561 and Deshpande et al (US 20140376373 A1, June 24, 2013).

Regarding claim 11 (Previously Presented), Dukes’972 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55),	wherein it further comprises, at said measuring point (see, Fig. 2-3, Policy engine with policy database inside the route, col. 2 line 14-15), before said step c): - checking whether a received packet matches a selection policy already installed at said measuring point (see, fig. 4B step 126, policy engine attempts to perform local policy decision to select one of the policies from the policy database, col. 13 line 24-26). 
The combination of Dukes’972, Shanklin’586, PASUPATHY’987 and Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: 
in the affirmative: - sending a request from said measurement point to a monitoring center; and - receiving from the monitoring center said selection policy to be installed;
in the negative: checking whether said received packet is marked. 

However Bifulco’561 from the same field of endeavor (see, fig. 1, monitoring network traffic in software-defined network with network controller in control plane and a plurality of switches connected together in data plane, paragraph 0034, 0039) discloses
in the affirmative: - sending a request from said measurement point to a monitoring center; and - receiving from the monitoring center said selection policy to be installed (see, Forwarding packet after interaction between switch and controller upon matching packet with flow rules installed in the switch, the controller further generating forwarding decision as flow rule and install in the switch, par 0006, 0026, 0063).  
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to implement the method as taught by Bifulco’561 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987 and Malomsoky’835. The motivation would have been to significantly enhance security by confusing potential attacker about the network configuration (par 0026).
The combination of Dukes’972, Shanklin’586, PASUPATHY’987, Malomsoky’835 and Bifulco’561 discloses all the claim limitations but fails to explicitly teach: in the negative: checking whether said received packet is marked. 
However Deshpande’373 from the same field of endeavor (see, fig. 1, packet switching computer network  comprises first and second host computing devices and a plurality of switches, paragraph 0016-0017) discloses in the negative: checking whether said received packet is marked (see, Fig. 6B, if no match( 616) then check for FL flag (step 618-> step 624) as a result of checking flow table for match at step 614, paragraph 0014, 0040. Note: FL flag is a "Flow Learn Flag," that is set as the control information of leaf switch toward to show congestion above at a first predetermined threshold level, paragraph 0014).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Deshpande’373 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835 and Bifulco’561. The motivation would have been to avoid congested spine links using control information in the topology of leaf and spine network (par 0034, 0039).


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view of Shanklin’586, and further in view of PASUPATHY’987, Malomsoky’835 as applied to claim 1 above, and further in view of Chen et al(US 6188674 B1, Priority Date: Feb 17, 1998), and further in view of Cociglio et al ( US 20110255440 A1, Priority Date Dec 22, 2008).

Regarding claim 12 (Currently Amended), Dukes’972 modified by Shanklin’586, PASUPATHY’987 and Malomsoky’835 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55).
The combination of Dukes’972, Shanklin’586, PASUPATHY’987 and Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: said marking comprises subdividing said packets of said packet flow to be monitored in first blocks and second blocks, said first blocks alternating in time with said second blocks, by setting said feature of the packets of said first blocks to a first predetermined value, and setting said feature of the packets of said second blocks to a second predetermined value different from said first predetermined value.  

However Chen’674 from the same field of endeavor (see, fig. 1, high-speed packet switch/router including ingress and egress module, col. 2 line 31-46) discloses : said marking comprises marking said packets of said packet flow to be monitored into blocks ( mark incoming packet into blocks according to fixed size and monitor packet flow , abstract and col. 7 line 54-62). 
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Chen’674 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987 and Malomsoky’835. The motivation would have been to permit a Straightforward characterization of the packet loss for a given traffic flow (col. 7 line 54-62).
The combination of Dukes’972, Shanklin’586, PASUPATHY’987, Malomsoky’835 and Chen’674 discloses all the claim limitations but fails to explicitly teach: said marking comprises subdividing said packets of said packet flow in first blocks and second blocks, said first blocks alternating in time with said second blocks, by setting said feature of the packets of said first blocks to a first predetermined value, and setting said feature of the packets of said second blocks to a second predetermined value different from said first predetermined value.

However Cociglio’440 from the same field of endeavor (see, fig. 1, packet-switched communication network CN comprising five nodes connected each other according to a partially meshed topology, paragraph 0057) discloses said marking comprises subdividing said packets of said packet flow in first blocks and second blocks, said first blocks alternating in time with said second blocks, by setting said feature of the packets  of said first blocks to a first predetermined value, and setting said feature of the packets of said second blocks to a second predetermined value different from said first predetermined value (see, packet flow divided into time sequence of blocks according to timer , blocks including packets marked by bit bi=1 in the header alternate with blocks including packet marked by bit bi=0 in the header, paragraph 0065-0066. Note: bit bi of header used to mark packet paragraph 0060).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Cociglio’440 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835 and Chen’674. The motivation would have been to perform measurement of the data loss relating to the packet flow PF by receiving node (par 0060).


Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view of Shanklin’586, and further in view of PASUPATHY’987, Malomsoky’835 as applied to claim 1 above, and further in view of Mathew et al (US 20170295035 A1, Priority Date: Aug 25, 2014).

Regarding claim 13 (Previously Presented), Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55).	
The combination of Dukes’972, Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: after said step b), sending said selection policy from said ingress point to a monitoring center, and said step c) comprises installing said selection policy at said one or more measuring points by said monitoring center.  
However Mathew’035 from the same field of endeavor (see, fig. 1, network system including SDN controller and a plurality of network routers to select an optimal network device for reporting flow table misses on expiry of a flow in a software defined network, paragraph 0013, 0017) discloses after said step b), sending said selection policy from said ingress point to a monitoring center (Note, reporting router with timeout policy notifies controller the flow miss when timeout expires with the processing flow, paragraph 0017, 0030. Note: Ingress point corresponding to report router; Monitoring center corresponding to SDN controller), and said step c) comprises installing said selection policy at said one or more measuring points by said monitoring center (Note, controller will program all other devices with hard timeouts to extend the flow for the flow miss, paragraph 0017, 0030. Note: Monitoring center corresponding to controller; measuring points corresponding to all network devices in the path other than report device).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Mathew’035 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835. The motivation would have been to use various factors to identify an optimal network device in the data path of a flow to act as the reporting device (paragraph 0023).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view of Shanklin’586, and further in view of PASUPATHY’987, Malomsoky’835 as applied to claim 1 above, and further in view of Cohen et al (US 7050396 B1, Priority Date: Nov 30, 2000).

Regarding claim 14 (Previously Presented), Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55).	
The combination of Dukes’972, Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: after said step b), creating, on the basis of said selection policy, a further selection policy to identify a further packet flow of packets to be monitored along an opposite direction with respect to said packet flow.  

However Cohen’396 from the same field of endeavor (see, fig. 2, computer network includes routers, workstations and a policy management station, col. 6 line 29-38) discloses after said step b), creating, on the basis of said selection policy, a further selection policy to identify a further packet flow of packets to be monitored along an opposite direction with respect to said packet flow (see, fig. 3A, creating QOS policy at edge device that detects specified marked DSCP value in packets flow and applies the same DSCP value to corresponding return flows, col. 8, line 4-14. Note: obviously creating QOS policy for return flow happens after creating QOS policy for the packet flow according to time sequence).  
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Cohen’396 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835. The motivation would have been to automatically establish bi-directional differentiated services treatment of flows in a network (col. 8 line 4-6).

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Dukes’972 in view of Shanklin’586, and further in view of PASUPATHY’987, Malomsoky’835 as applied to claim 1 above, and further in view of Gupta et al (US 20160359673 A1, Priority Date: February 16, 2016).

Regarding claim 17 (New), Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses the method according to claim 1 (see, fig. 1, network system, includes a service provider network coupled to a public network which consists of a plurality of routers, distributes and applies subscriber policies to the monitoring traffic,  col. 3 line 3-46, col. 10 line 53-55), further comprising.
The combination of Dukes’972, Shanklin’586, PASUPATHY’987, Malomsoky’835 discloses all the claim limitations but fails to explicitly teach: uninstalling the selection policy from the one or more measuring points upon satisfaction of a predetermined condition related to the selection policy.
However Gupta’673 from the same field of endeavor (see, fig. 2, Network environment 200 including spine switches connected to leaf switches, par 0044) discloses: uninstalling the selection policy from the one or more measuring points upon satisfaction of a predetermined condition related to the selection policy (see, remove policy when policy identified as unused using policy utilization chart 500, par 0062-0063. Unused corresponding with predetermined condition).
In view of the above, it would have been obvious before the effective filling date of the claimed invention to a person having ordinary skill in the art to which the claimed invention to implement the method as taught by Gupta’673 into that of Dukes’972 modified by Shanklin’586, PASUPATHY’987, Malomsoky’835. The motivation would have been to rapid diagnostics of network conditions by network administrator (par 0062).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to XUAN LU whose telephone number is (571)272-2844. The examiner can normally be reached on Monday - Friday 7:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KWANG Yao can be reached on (571)272-3182. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/XUAN LU/Examiner, Art Unit 2473

/KWANG B YAO/Supervisory Patent Examiner, Art Unit 2473