Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments, filed, with respect to the rejection(s) of claim(s) under have been fully considered and are persuasive.  

In accord with the amendment of 2/24/2022, to the independent claims 1 and 13, directed to, package processing at nodes (of a trusted Fabric), narrows the claims to be more specific, to the insertions on paths of the fabric, as claimed, the prior art, teaches as claimed but, fails to teach as amended, 
insertions that should be applied (such as: Signatures), interpreted as, when applied, IMPROVES a confidence score (or Improves Confidence), when applied, at, at least one, node receiving the package (message).

The prior art teaches at least to, insert the # hops (update), as a rule when accomplished, the (package or message), is acceptable, when, the number of Hops of reached and inserted an end node verifies the rule.
The amended claims is more specific, the insertions, when accomplished Improves a confidence or score.

Therefore, the previous rejection with prior art is deficient to this point, as amended.

However, upon further consideration, a new ground(s) of rejection (103), is made in view of Thomas (2010/0031027).

Thomas teaches, Path data (Or HOPS), wherein nodes authenticate received packages or messages, the nodes, are Trusted CA nodes (abstract and 0001-), that, Sign (Insert or annotate), with certificates, or trust, based on policy rules, are associated with, an assurance level (or score). 

The examiner welcomes applicant to request an interview to
discuss potential distinguishable subject matter in an effort to
enhance compact prosecution as well as record clarity, with
respect to the prior art and present claims and disclosure.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the
application as subject to AIA  35 U.S.C. 102 and 103 (or as
subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any
correction of the statutory basis for the rejection will not be
considered a new ground of rejection if the prior art relied
upon, and the rationale supporting the rejection, would be the
same under either status.

The following is a quotation of 35 U.S.C. 103 which forms
the basis for all obviousness rejections set forth in this
Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the
manner in which the invention was made.
Claims 1-5, 11-14, 15, 20 are rejected under 35 U.S.C. 103
as being unpatentable over Bendickson et al. (US 10,986,076) in
view of Mathews et al. (US 2014/0126573) and Thomas et al. (US 2010/0031027).
Regarding claims 1, 13 (currently amended), Bendickson discloses a method, comprising:
o	receiving a package (see message), at a node of a data
confidence fabric, wherein the package includes at least
data

SEE abstract
Multi-level security Network, w/Nodes, UTNs and GTNs
Trusted Nodes and Untrusted nodes

o performing a trust insertion (such as: an edit, an add or a modify), on the data

As understood is only accomplished by Trusted Nodes of the Network Performing Operation on Received (package at the trusted
node), the Trusted Nodes, performs a decryption of a portion
(header to validate Source & Destination) and are allowed to
modify to the message data
(SEE modify the outer header)

O	modifying .. to the package that is associated with the
trust insertion at the node

SEE the step of modifying, in view of a modify of the Outer
Header (see abstract)

“..obfuscate source and destination from, the UTNs”, this protects the source and destination from, the UTNs by performing an annotation that, causes Obfuscation of addresses defining the source and destination, as understood.

O 	determining a path for the package in the data
confidence fabric (of Trusted Nodes), wherein the path
is determined from the configuration file 
(see decryption by a Trusted Node of an encrypted file, in
the inner header) and

o routing the package using the path (see abstract)

SEE routing forward, by a Trusted Node (of the GTNs)
Also note if not clear, while the Outer Header is not
encrypted, both the non-encrypted outer header and encrypted
inner headers in the package, both, are next hops (forward
package route or path).

Also note there are, also Local trusted nodes (or LTNs), as
well as the Global Trusted Nodes (or GINs), as well as untrusted
nodes (UTNs), as node types, while trusted nodes are adapted for
decryption of package data (Routing), at the trusted nodes, data
as claimed, or the configuration file.

SEE detail in col. 4 and Annotate is to (ADD to)
“Before forwarding the message 120, the trusted node 102 may
modify the outer header (124a) such that the generated routing
path is followed, stripping off the original outer header 124 to
partially or fully obfuscate the true source and destination
nodes from untrusted nodes 110.”

SEE Minimum Route Number (or configuration data)
“..Note additionally to annotate by, a trusted node 102 may
decrement the MRN; the next trusted node (104) in the path may
thus regenerate a path for the message reflecting the
decremented MRN...”
Col. 4
Description Paragraph - DETX (16):
In embodiments, referring in particular to FIG. 2B, a trusted node 102 may be either global or local in nature. For example, global trusted nodes (GTN) may similarly route messages 120 through the MLS environment 100 while local trusted nodes (LTN) may be in communication with a local network 116 and regulation of inbound and outbound messages to, from, and between nodes of the local network. However, the trusted node 102 may first decrypt a portion of the inner header 126 to verify or validate the true source and destination nodes of the message 120. For example, the trusted node 102 may decrypt only the encrypted identifier portion (130) of the inner header 126 and, e.g., compare this decrypted information to the unencrypted outer header 124, On validating the destination node of the message 120 the trusted node 102 may (e.g., if the trusted node is a
global trusted node) generate a routing path via which the
message may reach its destination node, forwarding the
message to the next point in the routing path (which may be
another trusted node 104 or an untrusted node 110). Before
forwarding the message 120, the trusted node 102 may modify
the outer header (124a) such that the generated routing
path is followed, stripping off the original outer header
124 to partially or fully obfuscate the true source and
destination nodes from untrusted nodes 110. For example,
the trusted node 102 may generate a routing path providing
that the message 120 reach its destination only after
relaying through a given number of subsequent untrusted
nodes 110 and trusted nodes 104. The encrypted identifier
130 may include a Minimum Route Number (MRN) equivalent to
the minimum number of subsequent trusted nodes 104 through
which the message 120 must be routed before reaching its
ultimate destination node. When formulating a path for the
message 120 to its ultimate destination node, the trusted
node 102 may decrement the MRN; the next trusted node (104)
in the path may thus regenerate a path for the message
reflecting the decremented MRN. The trusted node 102 may
employ any appropriate algorithm or combination of
algorithms in order to obscure the source, destination, or
routing path of the message 120 from untrusted nodes 110.

Bendickson does modifications, but fails to specifically
mention, performing annotation to the package, or adding
additional data as, annotations to the package (or messages),
but, Matthews teaches and is deemed to render any differences
obvious by, specifically performing annotations to a package
(see information of a packet), by annotating, or adding to, “the
number of hops traversed so far”, or adding, hash of the packet
header or payload, or adding routing/path selection criteria or
other, by performing an annotating by adding to the information
of a package, based on the information, at a hop (node).

SEE annotating embodiments below
[0035] An additional example of annotation is adding
annotation information at each hop of a packet through a
network. The hop may be, for example, entry of a packet
into a network device and exit of the packet from the
network device. The annotation information may include,
as further examples, network device identifiers, number
of hops traversed so far, the hash value of the packet
header, payload, or both, routing/path selection criteria
or decision variables, and network device configuration
settings.

Matthews also appears to teach, and is deemed to render the
remaining difference obvious based, on a configuration file at the node (see 0035, being a device configuration file of the node at the node), the annotation information may include, network device configuration settings, since of the device,
appears is as claimed, based in a configuration file at
the node, since is of the network device at the node therefore the annotated messages, would include Hop (Node) configuration data (of the device) at the hop, along with other annotations (# hops and so forth), as annotated data, facilitating management and control (1004), of a network.

	But as amended, Thomas is deemed to teach and render obvious, additional details directed to, wherein in accord with a configuration file (IDs trusted points to Hop), considers as claimed, to insert or to perform Trusted Insertions by Trusted Nodes, in accord with Thomas, being nodes that sign messages, this operation, is associated with, an assurance level or scoring (see 0018).

[0018] One method for addressing interoperability issues to support inter-organizational security involves use of cross-certificates, wherein CAs of different organizations cross sign one another's certificates to enable members in one organization to trust all user certificates issued by each cross-certified CA. To avoid scalability issues due to meshed CA cross-certification, a bridge CA may be used to cross sign certificates with each participating CA, such that members of each organization can trust all certificates issued by cross-certified CAs. However, both of the above methods are undesirable for establishing inter-organizational trust among disparate organizations that have specific and limited relationships. Such disparate organizations have to rely on predetermined policy constraints on certificate validation, where policy rules may include, for example, constraints on at least one of path length, domain name, and assurance level. Certificate validation therefore can be complicated by policy rules that may be required for large PKI domains.

Note, certification authorities (certify)
[0043] The certificate path data message may include a signed object that includes a list that identifies the one or more trusted certification authorities and validated public keys for the one or more trusted certification authorities. For example, the list may include a validated public key for each trusted certification authority in the list. As described above, the certificate path data may also include other information such as policies, constraints, or certificate revocation lists (CRLs) for the one or more trusted certification authorities.

[0044] At step 420, the at least one relying node processes a signature of the certificate path data message received from the CPMU. For example, the relying node 145-3 processes a digital signature of the CPMU 150.

[0045] At step 425, the at least one relying node determines a trustworthiness of the one or more trusted certification authorities based on information contained in the certificate path data message. For example, in order to trust the certification authority 135-2 in the ad hoc wireless network 100, the relying node 145-3 can determine a trustworthiness of the certification authority 135-2 by using a validated public key of the certification authority 135-2 that was received in a signed certificate path data message received from the CPMU 150.

Therefore, since, the differences between the claimed
invention and the prior art are such that the claimed invention
as a whole would have been obvious before the effective filing
date of the claimed invention to a person having ordinary skill
in the art to, modify Bendickson in view of teachings of
Mathews and Thomas, to annotate the messages of Bendickson by the trusted nodes, to annotate, such as: “hops traversed so far”, or routing/path selection criteria or other information and including annotating the network device configuration settings, of the hop at the hop, to carry to next nodes and to consider the teachings of Thomas, to apply trusted insertions that improves a confidence score (or an assurance level), by having certificate paths (that should be applied), that are directed to, as claimed (improves a confidence or a score), as taught by Thomas being an Assurance Level (0018, or a confidence), as applied (Sign or certify), by a certificate paths (path data messages), by signing with certificates, while various annotation of messages, also enhances the ability to manage and control networks (Fig. 10, 1004), directed to improving high speed data networks (See hop delay, power and fill), by adding annotations to information to network packets as they travel through devices (see 0002-), including configuration settings, as taught by Matthews, this allows for analysis of Status (Fig. 10) and thereafter control (see 1004), to networked graphed components 1002 (w/configuration settings and status 1008, 1010, 1012), and performing adaptations (see Fig. 11, step 1114).

Regarding claims 2-4 and 14 (original), the combination as applied is deemed to further render obvious, comprising determining the path by identifying a next node in the path based on a next trust insertion identified from the configuration file and routing the package to the next node, wherein the next node is configured to perform the next trust insertion
SEE Bendickson determined the path (next hop), by identifying a
next node in the path based on a next trust insertion identified
from the configuration file decoded at trusted nodes (see MRN in
col. 4 above).

SEE col. 4

“..However, the trusted node 102 may first decrypt a portion of
the inner header 126 to verify or validate the true source and
destination nodes of the message 120. For example, the trusted
node 102 may decrypt only the encrypted identifier portion
(130) of the inner header 126 and, e.g., compare this
decrypted information to the unencrypted outer header 124. On
validating the destination node of the message 120 the trusted
node 102 may (e.g., if the trusted node is a global trusted
node) generate a routing path via which the message may reach
its destination node..”, wherein destination nodes or paths can
require, “the minimum number of subsequent trusted nodes 104”.

SEE MRN (as a configuration file), that determines the path or
next hops, by identifying a next node in the path based on a
next trust insertion identified from the configuration file
(SEE MRN).

	
Since, processed at a current trusted node the process is considered to be, comprising dynamically searching for the next node in the path (as claimed in claim 3). Met by searching the MRN file at a trusted node (see above) and wherein the system is deemed to, dynamically searching includes searching for the next node in the pathing map information stored by the node, and/or (or), broadcasting a request to other nodes to identify the next node, (as claimed in claim 4). 
Note the combination meets the claims by providing the dynamic searching of the MRN file at a trusted node to identify the next trusted nodes, in a required path (Map), having a number of required hops.

Also see Thomas as applied also appears to teach, determining the path by identifying a next node in the path based on, a next trust insertion identified from the configuration file and routing the package to the next node, wherein the next node is configured to perform the next trust insertion.

Regarding claims 5 and 15 (original) the combination as applied above is deemed to further render obvious as claimed, further comprising determining a full path (# hops), for the package in the data confidence fabric by identifying the path that best satisfies trust insertions included in the configuration file, wherein the full path is determined from pathing map information and the configuration file.
SEE above col. 4
“.a Minimum Route Number (MRN) equivalent to the minimum
number of subsequent trusted nodes 104 through which the message
120 must be routed before reaching its ultimate destination
node....”

Regarding claims 11-12 and 20 (original)  the combination as applied is deemed to further render obvious, wherein the order of trust insertions identified in the configuration file are arranged in (a node), and in levels.

SEE above, from, node to node, including, as defined by the
different types of nodes, Trusted and Non-trusted node (levels),
or arranged in levels in the file (defining the number of nodes
in the route), including trusted (insertions or modification at
trusted nodes) and/or annotations, defining an order (Levels) of
trust insertions at trusted nodes based on the MRN.

SEE Bendickson at col. 4, generate a routing path providing that
the message 120 reach its destination only after relaying
through a given number of subsequent untrusted nodes 110 and
trusted nodes 104, which are deemed reads as, arranged in
Levels.

Also see

“The encrypted identifier 130 may include a Minimum Route
Number (MRN) equivalent to the minimum number of subsequent
trusted nodes 104 through which the message 120 must be routed
before reaching its ultimate destination node.”, or levels
(defined by a Number),

Claims 6, 8, 10, 16 and 19 are rejected under 35 U.S.C. 103
as being unpatentable over the combination of Bendickson, Mathews and Thomas, as applied above and further in view of
Pacella et al. (US 2016/0191325).
Regarding claims 6 and 16, the combination as applied fails to teach (address above), as further recited but, Pacella teaches and deemed to render obvious as claimed, based on a form of Ledger and score (of a Route Reflector), wherein a path associated with a ledger that has a best representation of a confidence score rating is selected as the best path or next hop.
SEE 0029, 0059 and 0106
“..The route reflector may select a next hop and/or best path
for a client router to a particular external AS based on the
link scores calculated using the weighted average...”
[0059] Furthermore, route calculator 360 may use the calculated link scores and/or route scores to determine a best path and/or next hop destination for a particular client router 130 to a particular destination, for a particular context, using a weighted average of the link scores and/or route scores for the various parameters. Route calculator 360 may obtain a set of weights for a particular context from template DB 370. Template DB 370 may store templates associated with particular contexts. Exemplary information that may be stored in template DB 370 is described below with reference to FIG. 6B.

[0106] Some scores may be used to compute a next best path,
rather than a best path. For example, redundancy scores may
be used to select a next best path (e.g., a redundant path)
for a particular path. Thus, if another path does not meet
the redundancy requirements (e.g., is too close to the
particular path or is in the same SRLG as the particular
path), the other path will be associated with or assigned a
low redundancy score. Such assignment may result in the
other path not being selected as the next best path for the
particular path.

SEE route reflector (0023, 0025- and 0029- )
Therefore, since, the differences between the claimed
invention and the prior art are such that the claimed invention
as a whole would have been obvious before the effective filing
date of the claimed invention to a person having ordinary skill
in the art to, modify the combination as applied, in view of
teachings of Pacella, as claimed, wherein a path is associated
with a ledger that has a best representation of a confidence
score rating is selected as the path, as taught by Pacella, to
select next best paths (hops), based on confidence.

Claim 8 is deemed analyzed and discussed with respect to the claims above, further comprising determining a path based using a round robin mode, a computation-based mode (or scoring to determine the best next path/hop), or a broadcast mode.
Claims 10 and 19 the combination as applied above is deemed to render obvious, as claimed, as applied, wherein each node
includes a routing engine (see Pacella, as applied teaches Route
Reflectors), that is configured to determine the path (Next
Best, path by scoring), wherein the routing engine uses the
configuration information (0024, 0026) and pathing map (Fig. 3,
365), information (Fig. 3 to the route calculator 360), as
inputs to determine the path, wherein the pathing map
information includes at least associations between nodes in the
data confidence fabric and their trust insertion capabilities,
as applied.

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being
unpatentable over the combination of Bendickson, Mathews and Thomas, as applied above and further in view of
ZHENG (US 2009/0144807).
Regarding claims 7 and 17, as applied the combination fails
to address wherein performing a trust insertion includes leveraging a nearby node to perform the trust insertion, wherein the nearby node is not part of the data confidence fabric
ZHENG teaches and is deemed to render obvious as claimed by, converting a non-trusted node (Not part of a confidence fabric) to a trusted node (0015, 0033, is made part of the fabric), which extend boundary of the network (therefore, is considered a Nearby node), converted from untrusted to trusted.
ZHENG, also appears to leverage nodes that are considered
nearby node or nodes (see RG node in relation to other nodes in
Fig. 3).
Note, trusted nodes are taught as being trusted to insert or edit and or annotate (see above), while non-trusted cannot.

Therefore, since, the differences between the claimed
invention and the prior art are such that the claimed
invention as a whole would have been obvious before the
effective filing date of the claimed invention to a person
having ordinary skill in the art to, modify the combination as
applied, in view of teachings of ZHENG to perform as claimed,
“wherein performing a trust insertion includes leveraging a nearby node to perform the trust insertion, wherein the nearby node is not part of the data confidence fabric”, by converting non-trusted nearly nodes to trusted nodes, which extends the boundary of the network, as understood by as claimed, leveraging a nearby node (untrusted node not part of the confidence fabric), to perform the trust insertion, by converting the non-trusted node to a trusted node, as taught by ZHENG.


Claims 9 and 18 are rejected under 35 U.S.C. 103 as being
unpatentable over the combination of Bendickson, Mathews and Thomas, as applied above and further in view of Srivastava et
al. (US 2005/0044356).
Regarding claims 9 and 18, the combination as applied fails to teach as further recited but, Srivastava teaches and is deemed to render obvious as claimed, further comprising when
considering, a joining of a new node, wherein the new node has a
form of confidence or scoring attributes and does consider,
capabilities of the new node, are broadcast to other nodes and
stored by the other nodes in their pathing map information that
receive the broadcast from the new node comprises: attributes
related to score or scoring, or established attributes to
evaluate the new node, based on its attributes to be a new node
and scoring attributes (or Points), such as: physical proximity (Distance) to the new node, or other metrics (attributes), telecommunication cost (or viability), reliability (is a form of Confidence) and a link utilization (capability), therefore the New node comprises attributes representing scores (used to evaluate), new nodes, being added to the network directed to.
SEE 0081, new node comprises a confidence (or a reliability) and broadcasts the capabilities (0043) to be a new node, related to scores met by attribute values

“Alternatively, the designated node can be determined according to physical proximity to the new node, or other metrics such as telecommunication cost, reliability, link utilization, etc. Once entity 441 and user C arrive at a new shared secret key, they form a new entity 443, constituting a new multicast group that subsumes multicast group 441...”, also see Fig. 4C

Therefore, since, the differences between the claimed
invention and the prior art are such that the claimed invention
as a whole would have been obvious before the effective filing
date of the claimed invention to a person having ordinary skill
in the art to, modify the combination as applied, in view of
teachings of Srivastava by joining a new nodes, based on a
confidence and scoring of the attributes such as: capabilities
other metrics such as telecommunication cost, reliability, link
utilization and proximity, of a new joining node, and broadcasts
to other nodes and stored by the other nodes in their pathing
map information that receive the broadcast from the new node, as
taught by Srivastava, to join new nodes based on confidence and
(scoring), of the capabilities of new nodes.



Art Made Of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
(A) Sofia (US 11,138,343), teaches plural signatures applied to data (as metadata).
(B) Mullan (US 7,539,869), teaches signatures with values of nodes.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Contact Information
Any inquiry concerning this communication or earlier communications should be directed to the examiner of record
Vincent F. Boccio whose telephone number is (571) 272-7373.
The examiner can normally be reached between Monday-Friday between (8:00 AM to 4:00 PM).

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached on (571)272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval
(PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.

Status information for unpublished applications is available through Private PAIR only.

For more information about the PAIR system:
"http://portal.uspto.gov/external/portal/pair"

Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 866-217-9197 (toll-free)

If you would like assistance from a USPTO Customer Service
Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) OR 571-272-1000.

/VINCENT F BOCCIO/Primary Examiner, Art Unit 2162                                                                                                                                                                                                        5/11/2022