Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/31/2020. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Amendments
This communication is considered fully responsive to the amendment filed on 01/11/2022. Claims 1-2, 58, 13, 17-20 have been amended. New claims 21-22 have been added. Claims 3-4 were canceled.   Claims 1-2, 5-22 are pending.
Response to Arguments
The applicants’ arguments, filed on 01/11/2022, with respect to “Traffic class-based ESP sequence” have been considered but are moot. The herein cited features(s) are newly added to previously rejected claims, and the applicant’s arguments are drawn to the newly added features, which have been addressed in instant Office action with newly identified/applied prior art (see details below), thus rendering respective argument moot. A new reference of Zhao et al. (US 20220121626, henceforth “Zhao”) has been used for rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6, 7, 8, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) and in view of Clemm et al. (US 20190007326, henceforth “Clemm”).
Examiner’s note: in what follows, references are drawn to Lou unless otherwise mentioned.
Regarding claim 1, Lou teaches one or more tangible, non-transitory, computer-readable media, comprising computer-readable instructions that, when executed by one or more processors of a computer, cause the one or more processors to (The processing described above for processing of an outbound packet may be implemented in one or more programmable processors executing software or firmware (or a combination thereof). A software or firmware embodiment of these operations is illustrated in FIG. 10. A computing system 1000 includes one or more memory devices, shown collectively as memory 1010. Memory 1010 is in communication with one or more processors 1020 and with one or more input/output units 1030. An example of an I/O unit is a network processor unit that may have associated network ports or other communications ports 1035a-1035m. In an embodiment, I/O 1030 allows a user to interface with and control the execution of instructions 1040, see [0032]. The memory 1010 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., memory device(s)) encoded with software or firmware that comprises computer executable instructions. When the instructions are executed (by the processor(s) 1020) the software or firmware is operable to perform the operations, see [0033].): 
(FIG. 1 illustrates a communications system that connects two protected networks 110 and 120. The protected network 110 includes a set of connected nodes 111-113. These nodes may include client devices, servers, or other processing and communications devices. Communications from any of these nodes to a node in another protected network, such as protected network 120, pass through security gateway 140. At security gateway 140, one or more security associations (SAs) are established and maintained. A given SA includes security parameters 170 that are sent to protected network 120. This allows the implementation of security measures for communications channels between any of the nodes 111-113 in protected network 110 and any of the nodes 121-123 in protected network 120., see [0017]. The missing/crossed out limitations will be discussed in view of  Clemm.); 
determine whether the data is of a first traffic class or a second traffic class (When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces, see [0019]. Because there are two classes of traffic, there are two sequence number spaces with two respective counters, see [0028]. Because there are two possible classes of traffic in this example, there are two possible selector values. Therefore, one bit may be used to represent the selector value in the sequence number field, and the selector width is 1, see [0029]. This technique is used to determine whether the data is of a first traffic class or a second traffic class.); 
generate a packet for the data, the packet comprising a first sequence field corresponding to the first traffic class and a second sequence field corresponding to the second traffic class (FIG. 2 at 210, a security association is created for outbound traffic, see [0018]. A particular sequence number space corresponds to a particular class of traffic…When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. FIG. 4 is a flowchart illustrating the creation of a sequence number field in a packet header. Creation of a 32-bit sequence number field for a packet header (reference 230 of FIG. 2) is illustrated in greater detail in FIG. 4 according to an embodiment. The sequence number field contains two distinct values. The first represents the value of a sequence number counter operating within the sequence number space of the packet's class of traffic. Successive packets in a class of traffic will have successive sequence numbers in the sequence number space, see[0020]. Because there are two classes of traffic, there are two sequence number spaces with two respective counters. A particular sequence number space may be identified by the “Selector value” as indicated. The selector value may be either 0 or 1. Selector value 0 is associated with the normal priority packets; selector value 1 is associated with the high priority packets, see [0028]. This technique is used to generate a packet for the data, the packet comprising a first sequence field corresponding to the first traffic class and a second sequence field corresponding to the second traffic class.); 
in response to determining that the data is of the first traffic class, generate a first sequence corresponding to the first traffic class and write the first sequence into the first sequence field (Because there are two classes of traffic, there are two sequence number spaces with two respective counters, see [0028]. In one form embodiment, the process and system described herein create a plurality of sequence number spaces for a security association at a sending network device. Each sequence number space corresponds to a respective class of traffic. Each sequence number space is identified by a unique selector value. For each sequence number space, a sequence number counter is created for counting a sequence of outbound packets of a class of traffic corresponding to the sequence number space. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet. The low order bits of a current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, are written into a second portion of the sequence number field. The sequence number counter is then incremented, see [0038]. So, in response to determining that the data is of the first traffic class, generate a first sequence corresponding to the first traffic class and write the first sequence into the first sequence field.); 
in response to determining that the data is of the second traffic class, generate a second sequence corresponding to the second traffic class and write the second sequence into the second sequence field (Because there are two classes of traffic, there are two sequence number spaces with two respective counters, see [0028]. In one form embodiment, the process and system described herein create a plurality of sequence number spaces for a security association at a sending network device. Each sequence number space corresponds to a respective class of traffic. Each sequence number space is identified by a unique selector value. For each sequence number space, a sequence number counter is created for counting a sequence of outbound packets of a class of traffic corresponding to the sequence number space. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet. The low order bits of a current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, are written into a second portion of the sequence number field. The sequence number counter is then incremented, see [0038]. So, in response to determining that the data is of the second traffic class, generate a second sequence corresponding to the second traffic class and write the second sequence into the second sequence field.); and 
send the packet with the data to the electronic device (Send the outbound packet to a receiving device, see [0039].).
 As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) receive an indication to send data to an electronic device.
However, Clemm discloses the missing/crossed limitations comprising: (1) receive an indication to send data to an electronic device (FIG. 1 is an illustration of a network organization 100. The network organization 100 includes originator entities 110A and 110B, destination entities 120A and 120B, a data plane 170, a Generic Resilient Identity Services (GRIDS) network 130, and a collector 190. The GRIDS network 130 includes originator GRIDS access points (APs) 140A and 140B, destination GRIDS-APs 160A and 160B, a GRIDS-MS 150, a category server 165, and a detector 195. The data plane 170 includes routers 180A, 180B, 180C, and 180D, see [0047]-[0052]. FIG. 4 is a block diagram illustrating circuitry for clients and servers that implement algorithms and perform methods. The computer 400 includes or have access to a computing environment that includes an input interface 425, an output interface 430, and a communication interface 435. The program 455 is shown as including an Internet protocol flow information export (IPFIX) module 460, a cache module 465, a policy module 470, and a detection module 480, see [0064]-[0073]. The IPFIX module 460 provides the categories to the policy module 470 and receive an indication from the policy module 470 to either send the data packet to the destination or refrain from doing so, see [0116]. This technique is used to receive an indication to send data to an electronic device.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Clemm in order to make a better apparatus by improving communication flow monitoring system, resulting in improved efficiency and an improved user experience, see (Clemm, [0119].).
Regarding claim 8,  Lou teaches an electronic device comprising: 
a network interface (An apparatus is provided comprising a processor and a network interface unit coupled to the processor, see [0039].);
one or more processors configured (Instructions 1040 are executable on processor(s) 1020. The processor(s) 1020 comprise, for example, a microprocessor or microcontroller that executes instructions 1040, see [0033].) to: 
 (FIG. 1 illustrates a communications system that connects two protected networks 110 and 120. The protected network 110 includes a set of connected nodes 111-113. These nodes may include client devices, servers, or other processing and communications devices. Communications from any of these nodes to a node in another protected network, such as protected network 120, pass through security gateway 140. At security gateway 140, one or more security associations (SAs) are established and maintained. A given SA includes security parameters 170 that are sent to protected network 120. This allows the implementation of security measures for communications channels between any of the nodes 111-113 in protected network 110 and any of the nodes 121-123 in protected network 120., see [0017]. The missing/crossed out limitations will be discussed in view of  Clemm.); 
determine whether the data is of a traffic class of a plurality of traffic classes (When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. Because there may be multiple classes of traffic and corresponding multiple sequence number spaces for an SA, there may be multiple respective anti-replay windows, see [0025]. This technique is used to determine whether the data is of a traffic class of a plurality of traffic classes.); 
generate a packet for the data, the packet comprising a plurality of sequence fields corresponding to the plurality of traffic classes (For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet. The low order bits of a current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, are written into a second portion of the sequence number field, see [0015]. FIG. 2 at 210, a security association is created for outbound traffic, see [0018]. A particular sequence number space corresponds to a particular class of traffic…When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. Because there may be multiple classes of traffic and corresponding multiple sequence number spaces for an SA, there may be multiple respective anti-replay windows, see [0025]. This technique is used to generate a packet for the data, the packet comprising a plurality of sequence fields corresponding to the plurality of traffic classes.); 
generate a sequence corresponding to the traffic class (When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces, see [0019]. FIG. 4 is a flowchart illustrating the creation of a sequence number field in a packet header. Creation of a 32-bit sequence number field for a packet header (reference 230 of FIG. 2) is illustrated in greater detail in FIG. 4 according to an embodiment. The sequence number field contains two distinct values. The first represents the value of a sequence number counter operating within the sequence number space of the packet's class of traffic. Successive packets in a class of traffic will have successive sequence numbers in the sequence number space, see[0020].); 
write the sequence into a sequence field  of the packet corresponding to the traffic class, the plurality of sequence fields comprising the sequence field (FIG. 5, a sequence number field 500 is shown, with a length of 32 bits, see [0021]. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet, see [0015]. The missing/crossed out limitations will be discussed in view of Willebrand.); and 
send the packet with the data to the additional electronic device using the network interface (Send the outbound packet to a receiving device, see [0039]. This technique is used to send the packet with the data to the additional electronic device.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) receive an indication to send data to an electronic device. However, Clemm discloses the missing/crossed limitations comprising: (1) receive an indication to send data to an electronic device (FIG. 1 is an illustration of a network organization 100 for aggregating flows by endpoint category in an ION using IPFIX extensions. The network organization 100 includes originator entities 110A and 110B, destination entities 120A and 120B, a data plane 170, a GRIDS network 130, and a collector 190. The GRIDS network 130 includes originator GRIDS access points (APs) 140A and 140B, destination GRIDS-APs 160A and 160B, a GRIDS-MS 150, a category server 165, and a detector 195. The data plane 170 includes routers 180A, 180B, 180C, and 180D, see [0047]-[0052]. FIG. 4 is a block diagram illustrating circuitry for clients and servers that implement algorithms and perform methods. The computer 400 includes or have access to a computing environment that includes an input interface 425, an output interface 430, and a communication interface 435. The program 455 is shown as including an IPFIX module 460, a cache module 465, a policy module 470, and a detection module 480, see [0064]-[0073]. The IPFIX module 460 provides the categories to the policy module 470 and receive an indication from the policy module 470 to either send the data packet to the destination or refrain from doing so, see [0116]. This technique is used to receive an indication to send data to an electronic device.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Clemm in order to make a better apparatus by improving communication flow monitoring system, resulting in improved efficiency and an improved user experience, see (Clemm, [0119].).
Regarding claim 6, Lou and Clemm teach all the claim limitations of claim 1 above; and Wollbrand further teaches wherein the computer-readable instructions (The memory 1010 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., memory device(s)) encoded with software or firmware that comprises computer executable instructions. When the instructions are executed (by the processor(s) 1020) the software or firmware is operable to perform the operations, see [0033].) cause the one or more processors to generate the sequence by increasing a previous sequence corresponding to the traffic class (For each sequence number space, a sequence number counter is created for counting a sequence of outbound packets of a class of traffic corresponding to the sequence number space. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet. The low order bits of a current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, are written into a second portion of the sequence number field. The sequence number counter is then incremented, see [0015]. This technique is used to cause the one or more processors to generate the sequence by increasing a previous sequence corresponding to the traffic class.). 
Regarding claim 7, Lou and Clemm teach all the claim limitations of claim 1 above; and Wollbrand further teaches wherein packet comprises a packet header of the packet, the packet header comprising the first sequence field and the second sequence field (For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet. The low order bits of a current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, are written into a second portion of the sequence number field. The sequence number counter is then incremented, see [0038].).
Regarding claim 11, Lou and Clemm teach all the claim limitations of claim 8 above; and Wollbrand further teaches wherein the network interface is configured (The missing/crossed out limitations will be discussed in view of  Clemm.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the network interface is configured to communicatively couple the electronic device to the additional electronic device via a plurality of channels. However, Clemm discloses the missing/crossed limitations comprising: (1) the network interface is configured to communicatively couple the electronic device to the additional electronic device via a plurality of channels (FIG. 1 is an illustration of a network organization 100 for aggregating flows by endpoint category in an ION using IPFIX extensions, according to some embodiments. The network organization 100 includes originator entities 110A and 110B, destination entities 120A and 120B, a data plane 170, a GRIDS network 130, and a collector 190. The GRIDS network 130 includes originator GRIDS access points (APs) 140A and 140B, destination GRIDS-APs 160A and 160B, a GRIDS-MS 150, a category server 165, and a detector 195. The data plane 170 includes routers 180A, 180B, 180C, and 180D. Data transmitted between the entities 110A and 120A may be routed through one or more routers of the data plane 170, including the routers 180B and 180C, see [0047]-[0050]. This technique is used to configure the network interface to communicatively couple the electronic device to the additional electronic device via a plurality of channels, i.e. one or more routers of the data plane 170.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Clemm in order to make a better apparatus by improving communication flow monitoring system, resulting in improved efficiency and an improved user experience, see (Clemm, [0119].).
Claims 5, 9, 10, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) and in view of Clemm et al. (US 20190007326, henceforth “Clemm”) and  further in view of Wollbrand et al. (US 20130166905, henceforth “Wollbrand”).
Regarding claim 5, Lou and Clemm teach all the claim limitations of claim 1 above; and Wollbrand further teaches wherein the first sequence field and the second sequence field are When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces, see [0019]. Because there are two classes of traffic, there are two sequence number spaces with two respective counters, see [0028]. Because there are two possible classes of traffic in this example, there are two possible selector values. Therefore, one bit may be used to represent the selector value in the sequence number field, and the selector width is 1, see [0029]. The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the first sequence field and the second sequence field are each eight bits in size. However, Wollbrand discloses the missing/crossed limitations comprising: (1) the first sequence field and the second sequence field are each eight bits in size (One Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best efforts traffic, see [0049]. FIG. 6 illustrates an embodiment of an ESP header 600, in which the Traffic Class is comprised in a dedicated field 615 of the ESP header. This dedicated field is added to the ESP header defined in RFC 4303. The dedicated field preferably has 32 bits, wherein e.g. 8 bits are reserved for the Traffic class. Depending on the used number of  Traffic classes, all bits of the Traffic Class field might not be used for deriving the Traffic Class, see [0079]-[0080]. So, each portion of the plurality of portions is eight bits in size.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Regarding claim 9, Lou and Clemm teach all the claim limitations of claim 8 above; and Wollbrand further teaches wherein (The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the packet comprises an Internet Protocol Security packet. However, Wollbrand discloses the missing/crossed limitations comprising: (1) the packet comprises an Internet Protocol Security packet (When communicating data over an IPsec protected network from a packet sender to a packet receiver, Internet Protocol (IP) Security (IPsec) anti-replay protection is employed as a security service, see [0002]. FIG. 1 is a schematic overview of a sender and receiver communicating over an IP network employing Internet security. The packet sender 110 is connected to the IP network 120 via gateway 115. Likewise, the packet receiver 130 is connected to the IP network via gateway 135. As the packet sender 110 transmit an IP packet 140 towards the packet receiver 130, the sending gateway, GW-S, 115 encapsulates the IP packet 140 in an outer IP packet 150, also called an IPsec packet. After encapsulating the packet 140 in the outer packet 150, the sending gateway 115 transmit the packet 150 to the receiving gateway, GW-R, 135, see [0041]-[0042]. The IPsec packet is equivalent to an Internet Protocol Security packet.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Regarding claim 10, Lou and Clemm teach all the claim limitations of claim 9 above; and Wollbrand further teaches wherein the one or more processors are configured to The memory 1010 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., memory device(s)) encoded with software or firmware that comprises computer executable instructions. When the instructions are executed (by the processor(s) 1020) the software or firmware is operable to perform the operations, see [0033]. The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the one or more processors are configured to write the sequence into an Encapsulating Security Payload header of the Internet Protocol Security packet. However, Wollbrand discloses the missing/crossed limitations comprising: (1) the one or more processors are configured to write the sequence into an Encapsulating Security Payload header of the Internet Protocol Security packet (One embodiment of the present invention includes a computer-readable medium having program instructions stored thereon that are executable by a computer or processor of the transmitting and receiving nodes respectively to perform the method steps of the embodiments of the present invention, see [0122]. The SN and Traffic Class are inserted at 280 into the outer IP packet 740, see [0051]. This technique is used to configure the one or more processors to write the sequence into an Encapsulating Security Payload header of the Internet Protocol Security packet.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
 Regarding claim 13, Lou and Clemm teach all the claim limitations of claim 11 above; and Wollbrand further teaches wherein the one or more processors are configured to:
 (The missing/crossed out limitations will be discussed in view of  Clemm.); 
(The missing/crossed out limitations will be discussed in view of Wollbrand.); 
(The missing/crossed out limitations will be discussed in view of Wollbrand.); 
(The missing/crossed out limitations will be discussed in view of Wollbrand.); 
write the additional sequence into the additional packet (For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in a header of the outbound packet, see [0015]. This technique is used to write the additional sequence into the additional packet.); and 
write the additional sequence into an additional sequence field of the additional packet corresponding to the additional traffic class, the plurality of sequence fields comprising the additional sequence field (A particular sequence number space corresponds to a particular class of traffic…When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. This technique is used to write the additional sequence into an additional sequence field of the additional packet corresponding to the additional traffic class, the plurality of sequence fields comprising the additional sequence field.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) receive an additional indication to send additional data to the additional electronic device, (2) determine whether the additional data is of an additional traffic class of the plurality of traffic classes, (3) generate an additional packet for the additional data, the additional packet comprising the plurality of sequence fields corresponding to the plurality of traffic classes, (4) generate an additional sequence corresponding to the additional traffic class.
However, Clemm discloses the missing/crossed limitations comprising: (1) receive an additional indication to send additional data to the additional electronic device (FIG. 4 is a block diagram illustrating circuitry for clients and servers that implement algorithms and perform methods. One computing device in the form of a computer 400 (also referred to as computing device 400 and computer system 400) may include a processor 405, memory storage 410, removable storage 415, and non-removable storage 420, all connected by a bus 440. The computer 400 includes or have access to a computing environment that includes an input interface 425, an output interface 430, and a communication interface 435. The program 455 is shown as including an IPFIX module 460, a cache module 465, a policy module 470, and a detection module 480, see [0064]-[0073]. The IPFIX module 460 provides the categories to the policy module 470 and receive an indication from the policy module 470 to either send the data packet to the destination or refrain from doing so, see [0116]. This technique is used to receive an additional indication to send additional data to the additional electronic device.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s apparatus by adding the teachings of Clemm in order to make a better apparatus by improving communication flow monitoring system, resulting in improved efficiency and an improved user experience, see (Clemm, [0119].).
Wollbrand discloses the missing/crossed limitations comprising: (2) determine whether the additional data is of an additional traffic class of the plurality of traffic classes (The method 200 comprises deriving at 220 a Security Associations (SA) and deriving at 230 a Differentiated Services Code Point value (DSCP value). The method 200 further comprises deriving a Traffic Class at (260) from the derived DSCP value and the SA… one Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best effort traffic (e.g. web browsing), see [0046]-[0049]. As an example, one Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best efforts traffic (e.g. web browsing), see [0049]. This technique is used to determine whether the additional data is of an additional traffic class of the plurality of traffic classes.), (3) generate an additional packet for the additional data, the additional packet comprising the plurality of sequence fields corresponding to the plurality of traffic classes (The method 200 comprises encapsulating at 240 the received IP packet into the outer IP packet, the outer IP packet comprising an IP header, also referred to as the outer IP header, and an Encapsulating Security Payload header (ESP header). The outer IP packet also comprises an ESP payload and ESP trailer, wherein the ESP payload comprises the received IP packet, i.e. the inner IP packet. The method comprises inserting at 250 the derived DSCP value into the IP header of the outer IP packet 740, see [0048]. FIG. 1, as the packet sender 110 transmit an IP packet 140 towards the packet receiver 130, the sending gateway, GW-S, 115 encapsulates the IP packet 140 in an outer IP packet 150, also called an Internet Protocol Security (IPSec) packet, see [0042]. The missing/crossed out limitations will be discussed in view of Zhao.), (4) generate an additional sequence corresponding to the additional traffic class (One Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best effort traffic (e.g. web browsing), see [0049]. The method further comprises incrementing at 270 the Sequence Number, SN, dedicated for the Traffic Class within the SA, see [0050]. This technique is used to generate an additional sequence corresponding to the additional traffic class.).
 It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Claims 2, 21 are rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) and in view of Clemm et al. (US 20190007326, henceforth “Clemm”) and  further in view of Yadav et al. (US 20170245177, henceforth “Yadav”.).
Regarding claim 2, Lou and Clemm all the claim limitations of claim 1 above; and Lou further teaches wherein (The missing/crossed out limitations will be discussed in view of  Yadav.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the traffic class is one of a plurality of traffic classes, the plurality of traffic classes comprising voice traffic, video traffic, best effort traffic, and background traffic. However, Yadav discloses the missing/crossed limitations comprising: (1) the traffic class is one of a plurality of traffic classes, the plurality of traffic classes comprising voice traffic, video traffic, best effort traffic, and background traffic (The access points use a combination of a classification system and Wi-Fi Multimedia (WMM) queues to classify and queue network traffic, e.g., voice traffic, video traffic, best-efforts traffic, and background traffic sent by or to a client device. Each type of traffic may have its own priority and its own queue, and the access point may transmit the traffic based on the associated priorities, e.g., voice traffic at highest priority, video traffic second highest, best-efforts traffic third, and background traffic last, see [0007].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Yadav in order to make a better apparatus by providing high quality service, see (Yadav, [0035].).
Regarding claim 21, Lou and Clemm teach all the claim limitations of claim 1 above; and Lou further teaches  wherein the packet comprises (Moreover, because there may be multiple classes of traffic and corresponding multiple sequence number spaces for an SA, there may be multiple respective anti-replay windows, see [0025]. The missing/crossed out limitations will be discussed in view of  Yadav.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the packet comprises a third sequence field corresponding to a third traffic class. However, Yadav discloses the missing/crossed limitations comprising: (1) the packet comprises a third sequence field corresponding to a third traffic class (The access points use a combination of a classification system and Wi-Fi Multimedia (WMM) queues to classify and queue network traffic, e.g., voice traffic, video traffic, best-efforts traffic, and background traffic sent by or to a client device. Each type of traffic may have its own priority and its own queue, and the access point may transmit the traffic based on the associated priorities, e.g., voice traffic at highest priority, video traffic second highest, best-efforts traffic third, and background traffic last, see [0007]. So, a third sequence field corresponding to a third traffic class.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Yadav in order to make a better apparatus by providing high quality service, see (Yadav, [0035].).
Claims 2, 21 are rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) and in view of Clemm et al. (US 20190007326, henceforth “Clemm”) and  further in view of Yadav et al. (US 20170245177, henceforth “Yadav”.), Wollbrand et al. (US 20130166905, henceforth “Wollbrand”).
Regarding claim 22, Lou, Yadav and Clemm teach all the claim limitations of claim 21 above; and Lou further teaches wherein the computer-readable instructions cause the one or more processors to: 
(The missing/crossed out limitations will be discussed in view of  Yadav.); and 
in response to determining that the data is of the third traffic class, generate a third sequence corresponding to the third traffic class and write the third sequence into the third sequence field (The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Luo is silent about the aforementioned missing/crossed limitations of: (1) determine whether the data is of the third traffic class, (2) in response to determining that the data is of the third traffic class, generate a third sequence corresponding to the third traffic class and write the third sequence into the third sequence field. However, Yadav discloses the missing/crossed limitations comprising: (1) determine whether the data is of the third traffic class (The access points use a combination of a classification system and Wi-Fi Multimedia (WMM) queues to classify and queue network traffic, e.g., voice traffic, video traffic, best-efforts traffic, and background traffic sent by or to a client device. Each type of traffic may have its own priority and its own queue, and the access point may transmit the traffic based on the associated priorities, e.g., voice traffic at highest priority, video traffic second highest, best-efforts traffic third, and background traffic last, see [0007]. S0, a third sequence field corresponding to a third traffic class.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Luo’s apparatus by adding the teachings of Yadav in order to make a better apparatus by providing high quality service, see (Yadav, [0035].).
Wollbrand discloses the missing/crossed limitations comprising: (2) in response to determining that the data is of the third traffic class, generate a third sequence corresponding to the third traffic class and write the third sequence into the third sequence field (The method further comprises incrementing at 270 the Sequence Number, SN, dedicated for the Traffic Class within the SA, see [0050]. The SN and Traffic Class are inserted at 280 into the outer IP packet 740, see [0051].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Claims 12 is rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) in view of Clemm et al. (US 20190007326, henceforth “Clemm”)  and  further in view of Yan et al. (US 20200076723, henceforth “Yan”.).
Regarding claim 12, Lou and Clemm teach all the claim limitations of claim 11 above; and Lou further teaches wherein  (The missing/crossed out limitations will be discussed in view of Yan.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) a first channel of the plurality of channels is a lower priority channel, and a second channel of the plurality of channels is a high priority channel. However, Yan discloses the missing/crossed limitations comprising: (1) a first channel of the plurality of channels is a lower priority channel, and a second channel of the plurality of channels is a high priority channel (FIG. 1 the switch 100, a plurality of channels of different levels are provided, such as channel 1, channel 2, . . . Channel N. FIG. 4, channel M has the lowest transmission priority, and channel N has a high transmission priority, user device A is associated with channel M and user device B is associated with to channel N, see [0059]. So, a first channel  (channel M) of the plurality of channels is a lower priority channel, and a second channel (channel N) of the plurality of channels is a high priority channel.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Yan in order to make a better apparatus by improving the security of network communication, see (Yan, [0073].).
Claims 14, 15, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lou et al. (US 20160337398, henceforth “Lou”) in view of Clemm et al. (US 20190007326, henceforth “Clemm”), Wollbrand et al. (US 20130166905, henceforth “Wollbrand”) and  further in view of Yan et al. (US 20200076723, henceforth “Yan”.).
Regarding claim 14, Lou, Wollbrand and Clemm teach all the claim limitations of claim 13 above; and Lou further teaches wherein the one or more processors are configured to: 
(The missing/crossed out limitations will be discussed in view of Yan.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) send the packet with the data to the additional electronic device on a first channel of the plurality of channels; and send the additional packet with the additional data to the additional electronic device on a second channel of the plurality of channels. However, Yan discloses the missing/crossed limitations comprising: (1) send the packet with the data to the additional electronic device on a first channel of the plurality of channels; and send the additional packet with the additional data to the additional electronic device on a second channel of the plurality of channels (FIG. 1 the switch 100, a plurality of channels of different levels are provided, such as channel 1, channel 2, . . . Channel N. FIG. 4, channel M has the lowest transmission priority, and channel N has a high transmission priority, user device A is associated with channel M and user device B is associated with to channel N, see [0059]. The acknowledgement data frame for the broadcast or multicast data frame will be transmitted in the lowest priority channel M, see [0070]. FIG. 7 is a diagram of a network embodying the multi-channels switch 100 over Ethernet in accordance with the present disclosure. As shown in FIG. 7, one user access port of the switch 101 is connected to the source device, and the user access ports of the other switch 102 are connected to the video device and the controlled object. As shown in FIG. 7, the user assigns channel N to the channel attribute of the controlled object and assigns channel M to the channel attribute of the video user device, and channel N has the highest transmission priority. When the source device issues a broadcast data frame to access the video device, and after the channel arbitration component performs one confirmation or two confirmations on the lowest channel level, a communication link between the source user device and the video device having the channel attribute of channel level M is established. Similarly, when the source device issues a broadcast data frame to access the controlled object, and after the channel arbitration component performs one confirmation or two confirmations on the lowest channel level, a communication link between the source user device and the controlled object having the channel attribute of channel level N is established. If the switch needs to transmit data frame of channel level N between the source user device and the controlled object when data frame of channel level M is being transmitted between the source user device and the video device via a pair of paired network link ports of the switch, the receiving/transmitting decision component 115 of the switch will interrupt the transmission of data frame of channel level M between the source user device and the transmission and determine that the data frame of channel level N between the source user device and the controlled object occupies the pair of paired network link ports of the switch so as to be transmitted immediately. In this way, the data communication of channel level N between the source user device and the controlled object can occupy the transmission channel to channel level N by channel level switching mechanism. Meanwhile, the interrupt mechanism can ensure the time efficiency of the control data transmission, see [0078]. This technique is used to send the packet with the data to the additional electronic device on a first channel (or channel N) of the plurality of channels; and send the additional packet with the additional data to the additional electronic device on a second channel (or channel M) of the plurality of channels.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Yan in order to make a better apparatus by improving the security of network communication, see (Yan, [0073].).
Regarding claim 15, Lou, Wollbrand, Clemm and Yan teach all the claim limitations of claim 14 above; and Lou further teaches wherein The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the sequence is generated after the additional sequence, and wherein the sequence is less than the additional sequence. However, Wollbrand discloses the missing/crossed limitations comprising: (1) the sequence is generated after the additional sequence, and wherein the sequence is less than the additional sequence (FIG. 2, the method 200 comprises incrementing at 270 the Sequence Number, SN, dedicated for the Traffic Class within the SA. Then, the SN and Traffic Class are inserted at 280 into the outer IP packet 740, see [0050]-[0051]. One Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best effort traffic (e.g. web browsing), see [0048]-[0049]. So. the sequence is generated by incrementing SN related to one class of traffic and the additional sequence is generated by incrementing SN related to another class of traffic, and the sequence is less than the additional sequence.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Regarding claim 16, Lou, Wollbrand, Clemm and Yan teach all the claim limitations of claim 14 above; and Lou further teaches wherein (The missing/crossed out limitations will be discussed in view of Wollbrand.).
As noted above, Lou is silent about the aforementioned missing/crossed limitations of: (1) the sequence is generated after the additional sequence, and wherein the sequence is less than the additional sequence. However, Wollbrand discloses the missing/crossed limitations comprising: (1) the packet is sent after the additional packet, and wherein the sequence is less than the additional sequence (FIG. 2, the method 200 comprises deriving at 260 a Traffic Class from the derived DSCP value and the SA. It should be mentioned that within an SA, a Traffic Class identifies a flow of packets, where the packets of the flow are expected not to be reordered by QoS prioritization in the IP network, that is, the sending packet order within the flow is retained. As an example, one Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best effort traffic (e.g. web browsing). The method further comprises incrementing at 270 the Sequence Number, SN, dedicated for the Traffic Class within the SA. Then, the SN and Traffic Class are inserted 280 into the outer IP packet 740, see [0049]-[0059]. Further, the method 200 comprises transmitting 290 the outer IP packet 740 towards a destination receiving node, see [0060]. So, a packet may be  related to one class of traffic and the additional packet may be related to another class of traffic, wherein the packet is sent after the additional packet, and wherein the sequence is less than the additional sequence.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Lou’s apparatus by adding the teachings of Wollbrand in order to make a better apparatus by minimizing the size of the anti-replay window at the receiver, since separate anti-replay windows are maintained for each Traffic Class within a Security Association. This also reduces the use of system resources, see (Wollbrand, [0053].).
Claims 17, 18, 19, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wollbrand et al. (US 20130166905, henceforth “Wollbrand”) in view of Gorrepati et al. (US 20210120033, henceforth “Gorrepati”) and further in view of Lou et al. (US 20160337398, henceforth “Lou”).
Regarding claim 17, Wollbrand teaches a computer-implemented method comprising (FIG. 3, which is a flow chart of an embodiment of a method 300 in a receiving node, e.g. gateway 135 (FIG. 1), of communicating data over an IP network employing Internet security, see [0064]-[0075].): 
receiving, via one or more processors of a computing device, a packet comprising a sequence header storing a traffic class identifier (FIG. 3 illustrates first receiving at 310 an IP packet 840 (see FIG. 8), also referred to as an outer IP packet. This received IP packet 840 (FIG. 8) or outer IP packet comprises an inner, encapsulated IP packet 830 in accordance with the method in a transmitting node as described in FIG. 2. The received IP packet is viewed as an encapsulating IP packet, see [0065]. FIG. 4-6 are schematic illustrations of different embodiment of an ESP header. FIG. 2, the method 200 comprises inserting at 280 the SN and the Traffic Class into the ESP header of the outer IP packet. The method 200 further comprises transmitting 2at 90 the outer IP packet 740 towards a destination receiving node, see  [0055]-[0060]. This technique is used for receiving, via a computer, a packet comprising a sequence header storing a traffic class identifier.); 
extracting via the one or more processors of the traffic class identifier from the sequence header of the packet (The method 300 further comprises deriving at 320 a Security Association, SA, by using an SA identifier in an Encapsulating Security Payload header, ESP header, of the encapsulating IP packet, to retrieve an SA from an SA Database, and also deriving a Traffic Class, see [0065]-[0067]. This technique is used for extracting, via the computer, the traffic class identifier from the sequence header of the packet.); 
determining via the one or more processors a traffic class of data in the packet based on the traffic class identifier, the traffic class being of a plurality of traffic classes (The SA identifier is comprised in a Security Parameter Index field, SPI field of the ESP header. The Traffic Class is comprised in a field in the ESP header of the outer encapsulating IP packet. The method 300 further comprises…deriving a Traffic Class, see [0065]-[0067]. In one embodiment, the Traffic Class is derived from a part of a SPI field (410) of the ESP header (400), a part of an SN field (520) or an Extended Sequence Number (ESN) field of the ESP header (500), or a dedicated field (615) of the ESP header (600), see [0072]. As an example, one Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best efforts traffic (e.g. web browsing), see [0049].); 
extracting via the one or more processors, a sequence from a sequence field of a plurality of sequence fields of the packet, (Still further, the method comprises determining at 340 if a Sequence Number (SN) of the received IP packet, comprised in the ESP header, is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet. The sequence number is comprised in, e.g., a Sequence Number field, SN field, of the ESP header, see [0068]-[0069]. FIG. 6 is an schematic illustrations of an embodiment 600 of an ESP header. The Traffic Class is comprised in a dedicated field 615 of the ESP header. The dedicated field preferably has 32 bits. Depending on the used number of  Traffic classes, all bits of the Traffic Class field might not be used for deriving the Traffic Class, see [0079]-[0080]. The missing/crossed out limitations will be discussed in view of Luo.); 
 (If the SN is within the anti-replay window and is not a duplicate of an earlier received packet, then the received IP packet will be further processed. This processing of the received IP packet 840 is comprise performing at 350 an integrity check of the received IP packet, see [0068]-[0073]. If the Integrity check verifies the integrity of the packet, then the anti-replay window is updated at 370 in accordance with the SN, and the encapsulated IP packet within the encapsulating IP packet is decrypted at 380 and the decrypted encapsulated IP packet is forwarded at 390 to its destination as indicated in an IP header of the decrypted IP packet, see [0075]. So, decrypted encapsulated IP packet  is equivalent to extracting, via the computer, the data from the packet. The missing/crossed out limitations will be discussed in view of Gorrepati.); and 
(According to an embodiment of the method, if the SN of the ESP header is not within the anti-replay window of the Traffic Class or is a duplicate of an earlier received packet, the received packet 840 is dropped at 345, see [0071]. In another embodiment, the integrity check is evaluated at 360 and if the integrity check fails to verify the integrity of the encapsulating packet, then the packet is dropped at 345, see [0074]. So, dropping the packet is equivalent to refraining, via the computer, from extracting the data from the packet. The missing/crossed out limitations will be discussed in view of  Gorrepati.).
As noted above, Wollbrand is silent about the aforementioned missing/crossed limitations of: (1) extracting via the one or more processors, a sequence from a sequence field of a plurality of sequence fields of the packet, the plurality of sequence fields corresponding to the plurality of traffic classes, and the sequence field corresponding to the traffic class, (2) in response to determining that the sequence is greater than a previously extracted sequence corresponding to the traffic class, extracting, via the computer, the data from the packet, (3) in response to determining that the sequence is not greater than the previously extracted sequence corresponding to the traffic class, refraining, via the computer, from extracting the data from the packet. 
However, Luo discloses the missing/crossed limitations comprising: (1)  extracting via the one or more processors, a sequence from a sequence field of a plurality of sequence fields of the packet, the plurality of sequence fields corresponding to the plurality of traffic classes, and the sequence field corresponding to the traffic class (FIG. 2 at 210, a security association is created for outbound traffic, see [0018]. A particular sequence number space corresponds to a particular class of traffic…When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. FIG. 4 is a flowchart illustrating the creation of a sequence number field in a packet header, see[0020].  A particular sequence number space corresponds to a particular class of traffic…When configuring an SA, the number of classes of traffic can be determined, thereby determining the number of sequence number spaces. A given SA may therefore have multiple sequence number spaces and respective selector values, see [0019]. Because there may be multiple classes of traffic and corresponding multiple sequence number spaces for an SA, there may be multiple respective anti-replay windows, see [0025].
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s apparatus by adding the teachings of Lou in order to make a better apparatus by providing a receiving device's sliding window to accommodate out-of-sequence packets when the packets arrive at s receiver, thus providing implementation of security measures for communications channels between the nodes in a protected network and other nodes in the protected network, see (Lou, [0018].).
Gorrepati discloses the missing/crossed limitations comprising: (2) in response to determining that the sequence is greater than a previously extracted sequence corresponding to the traffic class, extracting, via the computer, the data from the packet (FIG. 4B, a diagram 450 illustrating packet verification between at least two nodes 404 of a cluster 402. The cluster 402 includes a transmitting node 404a and a receiving node 404b. The receiving node 404b compares the second sequence number 422b to the first sequence number 422a or the expected sequence number 422 to verify the packet 408. If the second sequence 422b is greater than the first sequence number 422a, the receiving node 404b can determine the packet 408 has not been tampered with and accept the packet 408, see [0100]-[0104]. FIGS. 5A-5C include flow charts illustrating  processes or methods for preventing replay attacks within a cluster. FIG. 5C, the method 550 includes one or more of: receiving a packet (552), authenticating the packet (554), identifying a sequence number (556), comparing the sequence number to a threshold (558), if the sequence number is greater than or equal to the threshold, accepting the packet (560), see [0125]. So, in response to determining that the sequence is greater than a previously extracted sequence corresponding to the traffic class, extracting, via the computer, the data from the packet.), (3) in response to determining that the sequence is not greater than a previously extracted sequence corresponding to the traffic class, refraining, via the computer, from extracting the data from the packet (FIG. 4B, a diagram 450 illustrating packet verification between at least two nodes 404 of a cluster 402. The cluster 402 includes a transmitting node 404a and a receiving node 404b. The receiving node 404b can compare the second sequence number 422b to the first sequence number 422a or the expected sequence number 422 to verify the packet 408. If the second sequence number 422b is less than the first sequence number 422a or the expected sequence number 422, the receiving node 404b rejects the packet 408. For example, the receiving node 404b can determine the packet 408 has been tampered with or is part of a replay attack, see [0100]-[0104]. FIG. 5C, referring to 564, and in some embodiments, if the sequence number is less than the threshold, the packet can be rejected. The first node 404 can determine that the sequence number 422 is less than the threshold and reject the packet 408 or refuse to accept the packet 408. The first node 404 can reject the packet 408 based in part on the improper sequence number 422, see [0136]. So, this technique is used for determining that the sequence is not greater than a previously extracted sequence corresponding to the traffic class, refraining, via the computer, from extracting the data from the packet.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s method by adding the teachings of Gorrepati in order to make a more effective method by preventing replay attacks or other forms of packet tampering of communications between the nodes of the cluster, see (Gorrepati, [0003].).
Regarding claim 18, Wollbrand, Luo and Gorrepati teach all the claim limitations of claim 17 above; and Wollbrand further teaches comprising, in response to determining that According to an embodiment of the method, if the SN of the ESP header is not within the anti-replay window of the Traffic Class or is a duplicate of an earlier received packet, the received packet 840 is dropped 345, see [0071]. In another embodiment, the integrity check is evaluated 360 and if the integrity check fails to verify the integrity of the encapsulating packet, then the packet is dropped 345, see [0074]. The missing/crossed out limitations will be discussed in view of  Gorrepati.).
As noted above, Wollbrand is silent about the aforementioned missing/crossed limitations of: (1) the sequence is not greater than the previously extracted sequence corresponding to the traffic class, indicating, via the one or more processors,, an error. However, Gorrepati discloses the missing/crossed limitations comprising: (1) the sequence is not greater than the previously extracted sequence corresponding to the traffic class, indicating, via the one or more processors, an error (FIG. 4B, a diagram 450 illustrating packet verification between at least two nodes 404 of a cluster 402. The cluster 402 includes a transmitting node 404a and a receiving node 404b. The receiving node 404b can compare the second sequence number 422b to the first sequence number 422a or the expected sequence number 422 to verify the packet 408. If the second sequence number 422b is less than the first sequence number 422a or the expected sequence number 422, the receiving node 404b can reject the packet 408. For example, the receiving node 404b can determine the packet 408 has been tampered with or is part of a replay attack, see [0100]-[0104]. FIG. 5C, referring to 564, and in some embodiments, if the sequence number is less than the threshold, the packet can be rejected. The first node 404 can determine that the sequence number 422 is less than the threshold and reject the packet 408 or refuse to accept the packet 408. The first node 404 can reject the packet 408 based in part on the improper sequence number 422, see [0136]. So, this technique is used for indicating, via the computer, an error if the sequence is not greater than the previously extracted sequence corresponding to the traffic class.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s method by adding the teachings of Gorrepati in order to make a more effective method by prevent replay attacks or other forms of packet tampering of communications between the nodes of the cluster, see (Gorrepati, [0003].).
Regarding claim 19, Wollbrand, Luo and Gorrepati teach all the claim limitations of claim 17 above; and Wollbrand further teaches comprising: 
receiving, via the one or more processors, an additional packet comprising an additional sequence header storing the traffic class identifier (FIG. 3 illustrates first receiving at 310 an IP packet 840 (see FIG. 8), also referred to as an outer IP packet. This received IP packet 840 or outer IP packet comprises an inner, encapsulated IP packet 830 in accordance with the method in a transmitting node as described in FIG. 2. The received IP packet is viewed as an encapsulating IP packet, see [0065]. FIG. 4-6 are schematic illustrations of different embodiment of an ESP header. FIG. 2, the method 200 comprises inserting 280 the SN and the Traffic Class into the ESP header of the outer IP packet. The method 200 further comprises transmitting 290 the outer IP packet 740 towards a destination receiving node, see  [0055]-[0060]. This technique is used for receiving, via a computer, an additional packet comprising an additional sequence header storing a traffic class identifier.); 
extracting, via the computer, the traffic class identifier from the additional sequence header of the additional packet (The method 300 further comprises deriving at 320 a Security Association, SA, by using an SA identifier in an Encapsulating Security Payload header, ESP header, of the encapsulating IP packet, to retrieve an SA from an SA Database, and also deriving a Traffic Class, see [0065]-[0067]. This technique is used for extracting, via the computer, the traffic class identifier from the additional sequence header of the additional packet.); 
determining, via the one or more processors, that additional data in the additional packet is of the traffic class based on the traffic class identifier (The SA identifier is comprised in a Security Parameter Index field, SPI field, of the ESP header. The Traffic Class is comprised in a field in the ESP header of the outer encapsulating IP packet. The method 300 further comprises…deriving a Traffic Class, see [0065]-[0067]. In one embodiment, the Traffic Class is derived from a part of a SPI field (410) of the ESP header (400), a part of an SN field (520) or an Extended Sequence Number (ESN) field of the ESP header (500), or a dedicated field (615) of the ESP header (600), see [0072]. This technique is used for determining, via the computer, that additional data in the additional packet is of the traffic class based on the traffic class identifier.); 
extracting, via the one or more processors, an additional sequence from the additional packet (Still further, the method comprises determining at 340 if a Sequence Number (SN) of the received IP packet, comprised in the ESP header, is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet. The sequence number is comprised in, e.g., a Sequence Number field, SN field, of the ESP header, see [0068]-[0069]. So, an additional Sequence Number (SN) of the received packet is extracted before it is determining whether the additional SN is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet.); and 
(If the SN is within the anti-replay window and is not a duplicate of an earlier received packet, then the received IP packet will be further processed. This processing of the received IP packet 840 is comprise performing 350 an integrity check of the received IP packet, see [0068]-[0073]. If the Integrity check verifies the integrity of the packet, then the anti-replay window is updated 370 in accordance with the SN, and the encapsulated IP packet within the encapsulating IP packet is decrypted 380 and the decrypted encapsulated IP packet is forwarded 390 to its destination as indicated in an IP header of the decrypted IP packet, see [0075]. So, decrypted encapsulated IP packet  is equivalent to extracting, via the computer, the data from the packet. The missing/crossed out limitations will be discussed in view of Gorrepati.)
As noted above, Wollbrand is silent about the aforementioned missing/crossed limitations of: (1) in response to determining that the additional sequence is greater than the sequence corresponding to the traffic class, extracting, via the computer, the data from the packet. However, Gorrepati discloses the missing/crossed limitations comprising: (1) in response to determining that the additional sequence is greater than the sequence corresponding to the traffic class, extracting, via the computer, the data from the packet (FIG. 4B, a diagram 450 illustrating packet verification between at least two nodes 404 of a cluster 402. The cluster 402 includes a transmitting node 404a and a receiving node 404b. The receiving node 404b compares the second sequence number 422b to the first sequence number 422a or the expected sequence number 422 to verify the packet 408. If the second sequence 422b is greater than the first sequence number 422a, the receiving node 404b can determine the packet 408 has not been tampered with and accept the packet 408, see [0100]-[0104]. FIGS. 5A-5C include flow charts illustrating  processes or methods for preventing replay attacks within a cluster. FIG. 5C, the method 550 includes one or more of: receiving a packet (552), authenticating the packet (554), identifying a sequence number (556), comparing the sequence number to a threshold 9558), if the sequence number is greater than or equal to the threshold, accepting the packet (560), see [0125]. So, in response to determining that the additional sequence is greater than the sequence corresponding to the traffic class, extracting, via the computer, the data from the packet.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s method by adding the teachings of Gorrepati in order to make a more effective method by prevent replay attacks or other forms of packet tampering of communications between the nodes of the cluster, see (Gorrepati, [0003].).
Regarding claim 20, Wollbrand, Luo and Gorrepati teach all the claim limitations of claim 17 above; and Wollbrand further teaches comprising: 
receiving, via the one or more processors, an additional packet comprising an additional sequence header storing an additional traffic class identifier, wherein the additional packet is received after the packet (FIG. 3 illustrates first receiving 310 an IP packet 840 (see FIG. 8), also referred to as an outer IP packet. This received IP packet 840 or outer IP packet comprises an inner, encapsulated IP packet 830 in accordance with the method in a transmitting node as described in FIG. 2. The received IP packet is viewed as an encapsulating IP packet, see [0065]. FIG. 4-6 are schematic illustrations of different embodiment of an ESP header. FIG. 2, the method 200 comprises inserting 280 the SN and the Traffic Class into the ESP header of the outer IP packet. The method 200 further comprises transmitting 290 the outer IP packet 740 towards a destination receiving node, see  [0055]-[0060]. The method 200 is used for inserting additional sequence number and sending the additional packet after the packet. The method 300 is used for receiving, via the computer, an additional packet comprising an additional sequence header storing an additional traffic class identifier, wherein the additional packet is received after the packet.); 
extracting, via the one or more processors, the additional traffic class identifier from the additional sequence header of the additional packet (The method 300 further comprises deriving 320 a Security Association, SA, by using an SA identifier in an Encapsulating Security Payload header, ESP header, of the encapsulating IP packet, to retrieve an SA from an SA Database, and also deriving a Traffic Class, see [0065]-[0067]. This technique is used for extracting, via the computer, the additional traffic class identifier from the additional sequence header of the additional packet.); 
determining, via the one or more processors, an additional traffic class of additional data in the additional packet based on the additional traffic class identifier (The SA identifier is comprised in a Security Parameter Index field, SPI field, of the ESP header. The Traffic Class is comprised in a field in the ESP header of the outer encapsulating IP packet. The method 300 further comprises…deriving a Traffic Class, see [0065]-[0067]. In one embodiment, the Traffic Class is derived from a part of a SPI field (410) of the ESP header (400), a part of an SN field (520) or an Extended Sequence Number (ESN) field of the ESP header (500), or a dedicated field (615) of the ESP header (600), see [0072]. This technique is used for determining, via the computer, an additional traffic class of additional data in the additional packet based on the additional traffic class identifier.); 
extracting, via the one or more processors, an additional sequence from the additional packet (Still further, the method comprises determining 340 if a Sequence Number (SN) of the received IP packet, comprised in the ESP header, is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet. The sequence number is comprised in, e.g., a Sequence Number field, SN field, of the ESP header, see [0068]-[0069]. So, an additional  Sequence Number (SN) of the additional packet is extracted before it is determining whether SN is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet.); and 
(If the SN is within the anti-replay window and is not a duplicate of an earlier received packet, then the received IP packet will be further processed. This processing of the received IP packet 840 is comprise performing 350 an integrity check of the received IP packet, see [0068]-[0073]. If the Integrity check verifies the integrity of the packet, then the anti-replay window is updated 370 in accordance with the SN, and the encapsulated IP packet within the encapsulating IP packet is decrypted 380 and the decrypted encapsulated IP packet is forwarded 390 to its destination as indicated in an IP header of the decrypted IP packet, see [0075]. FIG. 2, the method 200 comprises incrementing 270 the Sequence Number, SN, dedicated for the Traffic Class within the SA. Then, the SN and Traffic Class are inserted 280 into the outer IP packet 740, see [0050]-[0051]. One Traffic Class could carry real-time traffic (e.g. voice and video) while another Traffic Class could carry best effort traffic (e.g. web browsing), see [0048]-[0049]. So, the sequence is generated by incrementing SN related to one class of traffic and the additional sequence is generated by incrementing SN related to another class of traffic, and the sequence is less than the additional sequence. Furthermore, the decrypted encapsulated IP packet  is equivalent to extracting, via the computer, the data from the packet. The missing/crossed out limitations will be discussed in view of Gorrepati.).  
As noted above, Wollbrand is silent about the aforementioned missing/crossed limitations of: (1) in response to determining that the additional sequence is greater than an additional previously extracted sequence corresponding to the additional traffic class, extracting, via the one or more processors, the additional data from the additional packet, wherein the additional sequence is less than the sequence. However, Gorrepati discloses the missing/crossed limitations comprising: (1) in response to determining that the additional sequence is greater than an additional previously extracted sequence corresponding to the additional traffic class, extracting, via the one or more processors, the additional data from the additional packet, wherein the additional sequence is less than the sequence (FIG. 4B, a diagram 450 illustrating packet verification between at least two nodes 404 of a cluster 402. The cluster 402 includes a transmitting node 404a and a receiving node 404b. The receiving node 404b compares the second sequence number 422b to the first sequence number 422a or the expected sequence number 422 to verify the packet 408. If the second sequence 422b is greater than the first sequence number 422a, the receiving node 404b can determine the packet 408 has not been tampered with and accept the packet 408, see [0100]-[0104]. FIGS. 5A-5C include flow charts illustrating  processes or methods for preventing replay attacks within a cluster. FIG. 5C, the method 550 includes one or more of: receiving a packet (552), authenticating the packet (554), identifying a sequence number (556), comparing the sequence number to a threshold 9558), if the sequence number is greater than or equal to the threshold, accepting the packet (560), see [0125]. So, in response to determining that the additional sequence is greater than a previously extracted sequence corresponding to the additional traffic class, extracting, via the computer, the data from the packet, wherein the additional sequence is less than sequence.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Wollbrand’s method by adding the teachings of Gorrepati in order to make a more effective method by prevent replay attacks or other forms of packet tampering of communications between the nodes of the cluster, see (Gorrepati, [0003].).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED MONZUR MURSHID whose telephone number is (313)446-6560.  The examiner can normally be reached on Monday-Friday 8:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Derrick Ferris can be reached on 571-272-3123. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/M.M.M./Examiner, Art Unit 2411   

/GARY MUI/Primary Examiner, Art Unit 2464