DETAILED ACTION
This first non-final action is in response to applicants’ filing on 03/04/2020. Claims 1-20 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Drawings
The drawings filed on 03/04/2020 are accepted.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites the limitation “the first data item” in lines 6-7.  There is insufficient antecedent basis for this limitation in the claim.
Claim 6 recites the limitation “the fractionated CDS” in lines 4-5.  There is insufficient antecedent basis for this limitation in the claim.
Claim 7 recites the limitation “the fractionated CDS” in lines 3-4.  There is insufficient antecedent basis for this limitation in the claim.
Claim 8 recites the limitation “the first data item” in lines 7-8.  There is insufficient antecedent basis for this limitation in the claim.
Claim 13 recites the limitation “the fractionated CDS” in lines 3-4.  There is insufficient antecedent basis for this limitation in the claim.
Claim 14 recites the limitation “the first data item” in lines 5-6.  There is insufficient antecedent basis for this limitation in the claim.
Claim 19 recites the limitation “the fractionated CDS” in lines 3-4.  There is insufficient antecedent basis for this limitation in the claim.
Claim 20 recites the limitation “the fractionated CDS” in line 3.  There is insufficient antecedent basis for this limitation in the claim.
Claims 2-5, 9-12, and 15-18 are rejected under 35 U.S.C. 112(b) for inheriting the statutory deficiencies of respective claims from which they depend.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4, 5, 8, 11, 12, 14, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bomgardner et al. (US 20120291089 A1, hereinafter Bomgardner) in view of Boebert et al. (US 20040230791 A1, hereinafter Boebert).
As to Claim 1:
Bomgardner discloses one or more non-transitory machine-readable media storing instructions that, when executed by one or more processors (e.g. Bomgardner “data management system 150 includes instructions 102 stored in memory 103 that when loaded into and executed by microprocessor 104 enables data manager 100 for cross-domain data management and security. Data management system 150 may include hardware or a combination of hardware and software components to enable various features of data manager 100. For example, separate first domain security processes may execute on separate security microprocessors” [0025]; [0068]), cause:
receiving, by a first intermediate node operating in a first physical device (e.g. Bomgardner receiving data at first domain security process which is executed on separate microprocessor [0050]; first processor [0066]) in a fragmented cross-domain solution (CDS) (e.g. Bomgardner cross-domain security structure providing security mechanisms between multiple domains [0004]), a data item originating at a source node (e.g. Bomgardner a user process resident in a first domain sends service request information data [0055]) in a first security domain (e.g. “In some embodiments, data manager 100 is communicatively coupled to multiple domains (for example, first domain 171 and second domain 181) over a network 105 which can include, but is not limited to, a wired network and/or a wireless network. Each domain may be configured in a separate security domain under the control of an organization. The organization uses security domain assets to secure the domain data” [0026]; “Data manager 100 enables enforcement of security policies between multiple domains. As will be described further below, data manager 100 includes security processes (for example, first domain security process 110 and second domain security process 120) to enforce associated domain security policies (for example, first domain security policy 112 and second domain security policy 122) between first domain 171 and second domain 181. Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains) and/or bidirectional data access between domains. Optionally, data manager 100 may enable data access within the same domain, such as between different groups of an organization of first domain 171” [0027]);
applying, by the first intermediate node, a first data filter to determine that the first data item complies with a data security requirement of the fragmented CDS (e.g. Bomgardner “First domain security process 110 uses first domain security policy 112 to secure and process data 101 received from first domain 171” [0028]; “first domain security policy 112 includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security needs or desires of first domain 171” [0030]; [0032]; [0033]); 
transmitting, by the first intermediate node, the first data item to a second intermediate node operating in a second physical device in the fragmented CDS (e.g. Bomgardner “first domain security process 110 can receive data 101, execute the rules in policy 112 and render the results. Second domain security process 120 can receive the results from first domain security process 110” [0031] separate microprocessor for second domain security policy [0050]; second processor to execute a second security policy [0066]);
applying, by the second intermediate node, a second data filter to redundantly determine that the first data item complies with the data security requirement of the fragmented CDS (e.g. Bomgardner “second domain security process 120 uses second domain security policy 122 to secure and process data 101 received from first domain 171 via first domain security process 110. Data manger 100 may send some, all, or none of data 101 to second domain 181 based second domain security policy 122. It should be noted that respective first domain security policy 112 and second domain security policy 122 enable data 101 to be secured according to security policies related to respective first domain 171 and second domain 181” [0029]; “second domain security policy 122 (which data manager 100 receives from second domain 181) includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security practices of a second organization in control of second domain 181” [0030]; “Second domain security process 120 can receive the results from first domain security process 110 and execute the rules in policy 122 to further search for and remove any sensitive information from rendered data” [0031]; [0032]; [0033]); and
transmitting, by the second intermediate node, the first data item to a recipient node in a second security domain via the first assured pipeline (e.g. Bomgardner enable secure data transfer or data services to second domain, send all data to second domain [0028]; “send some, all, or none of data 101 to second domain 181 based second domain security policy 122” [0029]);
But Bomgardner does not specifically disclose:
a first assured pipeline.
However, the analogous art Boebert does disclose a first assured pipeline (e.g. Boebert establishing an assured pipeline between domains [0051]; [0135]; [0144]; [0149]).  Bomgardner and Boebert are analogous art because they are from the same field of endeavor in securing data communication between different domains.
(e.g. see Boebert, “step of establishing an assured pipeline includes the steps of placing processes within domains, wherein the step of placing processes within domains includes the step of assigning processes received from the external network to an external domain, assigning types to files and restricting access by processes within the external domain to certain file types” [0051] “Type Enforcement is used to implement data flow structures called Assured Pipelines. Assured pipelines are made possible by the so-called "small process" model of computation used by Unix… Type Enforcement supplants this with the rigorously controlled, configurable structure of assured pipelines” [0135]; “An example of an assured pipeline appears in the diagram shown in FIG. 5a. The flow of data between processes in FIG. 5a is controlled by the access enforcement mechanism of the Intel Pentium processor. Virtual memory translation circuitry within the Pentium processor includes a mechanism for assigning access privileges to pages of virtual memory. This ensures that control is imposed on every fetch from, or store to, the machine memory. In this way, the protection is made continuous” [0144]; “The diagram in FIG. 5a then shows how these hardware-enforced accesses are used to force data flowing from internal network 82 to the Internet to go through a filter process, without any possibility that the filter is bypassed or that filtered data is tampered with by possibly vulnerable software on the Internet side of the filter” [0149]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Bomgardner and Boebert before him or her, to modify the disclosure of Bomgardner with the teachings of Boebert to include a first assured pipeline as claimed because Bomgardner provides a method and system for cross-domain security transactions with policy filtering for data sent between different domains (Bomgardner [Abstract]-[0068]) which could be connected through assured pipelines (Boebert [0051]; [0135]; [0144]; [0149]).  The suggestion/motivation for doing so would have been to ensure control is imposed on data transfers and protection is made continuous by filter processes that are not bypassed (Boebert [0144]; [0149]).  Therefore, it would have been obvious to combine Bomgardner and Boebert to obtain the invention as specified in the instant claim(s).
As to Claim 4:
Bomgardner discloses the one or more non-transitory machine-readable media of claim 1, further storing instructions that, when executed by one or more processors, cause:
enforcing attribute-based access control for the first data item along the first assured pipeline (e.g. Bomgardner “first domain security policy 112 can include criteria to remove the business's confidential and/or competitive information from data 101 before sharing the data 101 with the pubic sector organization. Second domain security policy 122 can include less stringent checks (such as the removal of any personal identification information) which the public sector organization needs or requires. In this way, data manager 100 enables sharing of data 101 across the different domains in a secure fashion and, in particular, according to the needs and desires of the different organizations” [0033]; “First domain security policy 512A can include rules to validate user information (for example, rules to validate authenticity of the user information) and to determine whether a particular user may access the requested second domain service 585” [0055]).
As to Claim 5:
Bomgardner discloses the one or more non-transitory machine-readable media of claim 1, further storing instructions that, when executed by one or more processors, cause:
enforcing a one-way data flow policy along the first assured pipeline (e.g. Bomgardner “Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains)” [0027]).
As to Claim 8:
Bomgardner discloses a system (e.g. Bomgardner “data management system 150 includes instructions 102 stored in memory 103 that when loaded into and executed by microprocessor 104 enables data manager 100 for cross-domain data management and security. Data management system 150 may include hardware or a combination of hardware and software components to enable various features of data manager 100. For example, separate first domain security processes may execute on separate security microprocessors” [0025]; [0068]) comprising:
at least one device including a hardware processor (e.g. Bomgardner data management system including multiple separate microprocessors [0025]; computer with one or more processors [0066]);
the system being configured to perform operations comprising:
receiving, by a first intermediate node operating in a first physical device (e.g. Bomgardner receiving data at first domain security process which is executed on separate microprocessor [0050]; first processor [0066]) in a fragmented cross-domain solution (CDS) (e.g. Bomgardner cross-domain security structure providing security mechanisms between multiple domains [0004]), a data item originating at a source node (e.g. Bomgardner a user process resident in a first domain sends service request information data [0055]) in a first security domain (e.g. “In some embodiments, data manager 100 is communicatively coupled to multiple domains (for example, first domain 171 and second domain 181) over a network 105 which can include, but is not limited to, a wired network and/or a wireless network. Each domain may be configured in a separate security domain under the control of an organization. The organization uses security domain assets to secure the domain data” [0026]; “Data manager 100 enables enforcement of security policies between multiple domains. As will be described further below, data manager 100 includes security processes (for example, first domain security process 110 and second domain security process 120) to enforce associated domain security policies (for example, first domain security policy 112 and second domain security policy 122) between first domain 171 and second domain 181. Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains) and/or bidirectional data access between domains. Optionally, data manager 100 may enable data access within the same domain, such as between different groups of an organization of first domain 171” [0027]);
applying, by the first intermediate node, a first data filter to determine that the first data item complies with a data security requirement of the fragmented CDS (e.g. Bomgardner “First domain security process 110 uses first domain security policy 112 to secure and process data 101 received from first domain 171” [0028]; “first domain security policy 112 includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security needs or desires of first domain 171” [0030]; [0032]; [0033]); 
transmitting, by the first intermediate node, the first data item to a second intermediate node operating in a second physical device in the fragmented CDS (e.g. Bomgardner “first domain security process 110 can receive data 101, execute the rules in policy 112 and render the results. Second domain security process 120 can receive the results from first domain security process 110” [0031] separate microprocessor for second domain security policy [0050]; second processor to execute a second security policy [0066]);
applying, by the second intermediate node, a second data filter to redundantly determine that the first data item complies with the data security requirement of the fragmented CDS (e.g. Bomgardner “second domain security process 120 uses second domain security policy 122 to secure and process data 101 received from first domain 171 via first domain security process 110. Data manger 100 may send some, all, or none of data 101 to second domain 181 based second domain security policy 122. It should be noted that respective first domain security policy 112 and second domain security policy 122 enable data 101 to be secured according to security policies related to respective first domain 171 and second domain 181” [0029]; “second domain security policy 122 (which data manager 100 receives from second domain 181) includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security practices of a second organization in control of second domain 181” [0030]; “Second domain security process 120 can receive the results from first domain security process 110 and execute the rules in policy 122 to further search for and remove any sensitive information from rendered data” [0031]; [0032]; [0033]); and
transmitting, by the second intermediate node, the first data item to a recipient node in a second security domain via the first assured pipeline (e.g. Bomgardner enable secure data transfer or data services to second domain, send all data to second domain [0028]; “send some, all, or none of data 101 to second domain 181 based second domain security policy 122” [0029]);
But Bomgardner does not specifically disclose:
a first assured pipeline.
However, the analogous art Boebert does disclose a first assured pipeline (e.g. Boebert establishing an assured pipeline between domains [0051]; [0135]; [0144]; [0149]).  Bomgardner and Boebert are analogous art because they are from the same field of endeavor in securing data communication between different domains.
(e.g. see Boebert, “step of establishing an assured pipeline includes the steps of placing processes within domains, wherein the step of placing processes within domains includes the step of assigning processes received from the external network to an external domain, assigning types to files and restricting access by processes within the external domain to certain file types” [0051] “Type Enforcement is used to implement data flow structures called Assured Pipelines. Assured pipelines are made possible by the so-called "small process" model of computation used by Unix… Type Enforcement supplants this with the rigorously controlled, configurable structure of assured pipelines” [0135]; “An example of an assured pipeline appears in the diagram shown in FIG. 5a. The flow of data between processes in FIG. 5a is controlled by the access enforcement mechanism of the Intel Pentium processor. Virtual memory translation circuitry within the Pentium processor includes a mechanism for assigning access privileges to pages of virtual memory. This ensures that control is imposed on every fetch from, or store to, the machine memory. In this way, the protection is made continuous” [0144]; “The diagram in FIG. 5a then shows how these hardware-enforced accesses are used to force data flowing from internal network 82 to the Internet to go through a filter process, without any possibility that the filter is bypassed or that filtered data is tampered with by possibly vulnerable software on the Internet side of the filter” [0149]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Bomgardner and Boebert before him or her, to modify the disclosure of Bomgardner with the teachings of Boebert to include a first assured pipeline as claimed because Bomgardner provides a method and system for cross-domain security transactions with policy filtering for data sent between different domains (Bomgardner [Abstract]-[0068]) which could be connected through assured pipelines (Boebert [0051]; [0135]; [0144]; [0149]).  The suggestion/motivation for doing so would have been to ensure control is imposed on data transfers and protection is made continuous by filter processes that are not bypassed (Boebert [0144]; [0149]).  Therefore, it would have been obvious to combine Bomgardner and Boebert to obtain the invention as specified in the instant claim(s).
As to Claim 11:
Bomgardner discloses the system of claim 8, the operations further comprising:
enforcing attribute-based access control for the first data item along the first assured pipeline (e.g. Bomgardner “first domain security policy 112 can include criteria to remove the business's confidential and/or competitive information from data 101 before sharing the data 101 with the pubic sector organization. Second domain security policy 122 can include less stringent checks (such as the removal of any personal identification information) which the public sector organization needs or requires. In this way, data manager 100 enables sharing of data 101 across the different domains in a secure fashion and, in particular, according to the needs and desires of the different organizations” [0033]; “First domain security policy 512A can include rules to validate user information (for example, rules to validate authenticity of the user information) and to determine whether a particular user may access the requested second domain service 585” [0055]).
As to Claim 12:
Bomgardner discloses the system of claim 8, the operations further comprising:
enforcing a one-way data flow policy along the first assured pipeline (e.g. Bomgardner “Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains)” [0027]).
As to Claim 14:
Bomgardner discloses a method (e.g. Bomgardner method [0001]; [0059]) comprising:
receiving, by a first intermediate node operating in a first physical device (e.g. Bomgardner receiving data at first domain security process which is executed on separate microprocessor [0050]; first processor [0066]) in a fragmented cross-domain solution (CDS) (e.g. Bomgardner cross-domain security structure providing security mechanisms between multiple domains [0004]), a data item originating at a source node (e.g. Bomgardner a user process resident in a first domain sends service request information data [0055]) in a first security domain (e.g. “In some embodiments, data manager 100 is communicatively coupled to multiple domains (for example, first domain 171 and second domain 181) over a network 105 which can include, but is not limited to, a wired network and/or a wireless network. Each domain may be configured in a separate security domain under the control of an organization. The organization uses security domain assets to secure the domain data” [0026]; “Data manager 100 enables enforcement of security policies between multiple domains. As will be described further below, data manager 100 includes security processes (for example, first domain security process 110 and second domain security process 120) to enforce associated domain security policies (for example, first domain security policy 112 and second domain security policy 122) between first domain 171 and second domain 181. Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains) and/or bidirectional data access between domains. Optionally, data manager 100 may enable data access within the same domain, such as between different groups of an organization of first domain 171” [0027]);
applying, by the first intermediate node, a first data filter to determine that the first data item complies with a data security requirement of the fragmented CDS (e.g. Bomgardner “First domain security process 110 uses first domain security policy 112 to secure and process data 101 received from first domain 171” [0028]; “first domain security policy 112 includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security needs or desires of first domain 171” [0030]; [0032]; [0033]); 
transmitting, by the first intermediate node, the first data item to a second intermediate node operating in a second physical device in the fragmented CDS (e.g. Bomgardner “first domain security process 110 can receive data 101, execute the rules in policy 112 and render the results. Second domain security process 120 can receive the results from first domain security process 110” [0031] separate microprocessor for second domain security policy [0050]; second processor to execute a second security policy [0066]);
applying, by the second intermediate node, a second data filter to redundantly determine that the first data item complies with the data security requirement of the fragmented CDS (e.g. Bomgardner “second domain security process 120 uses second domain security policy 122 to secure and process data 101 received from first domain 171 via first domain security process 110. Data manger 100 may send some, all, or none of data 101 to second domain 181 based second domain security policy 122. It should be noted that respective first domain security policy 112 and second domain security policy 122 enable data 101 to be secured according to security policies related to respective first domain 171 and second domain 181” [0029]; “second domain security policy 122 (which data manager 100 receives from second domain 181) includes rules to search for and remove sensitive information from data (which can include data 101) in accordance with the security practices of a second organization in control of second domain 181” [0030]; “Second domain security process 120 can receive the results from first domain security process 110 and execute the rules in policy 122 to further search for and remove any sensitive information from rendered data” [0031]; [0032]; [0033]); and
transmitting, by the second intermediate node, the first data item to a recipient node in a second security domain via the first assured pipeline (e.g. Bomgardner enable secure data transfer or data services to second domain, send all data to second domain [0028]; “send some, all, or none of data 101 to second domain 181 based second domain security policy 122” [0029]);
But Bomgardner does not specifically disclose:
a first assured pipeline.
However, the analogous art Boebert does disclose a first assured pipeline (e.g. Boebert establishing an assured pipeline between domains [0051]; [0135]; [0144]; [0149]).  Bomgardner and Boebert are analogous art because they are from the same field of endeavor in securing data communication between different domains.
(e.g. see Boebert, “step of establishing an assured pipeline includes the steps of placing processes within domains, wherein the step of placing processes within domains includes the step of assigning processes received from the external network to an external domain, assigning types to files and restricting access by processes within the external domain to certain file types” [0051] “Type Enforcement is used to implement data flow structures called Assured Pipelines. Assured pipelines are made possible by the so-called "small process" model of computation used by Unix… Type Enforcement supplants this with the rigorously controlled, configurable structure of assured pipelines” [0135]; “An example of an assured pipeline appears in the diagram shown in FIG. 5a. The flow of data between processes in FIG. 5a is controlled by the access enforcement mechanism of the Intel Pentium processor. Virtual memory translation circuitry within the Pentium processor includes a mechanism for assigning access privileges to pages of virtual memory. This ensures that control is imposed on every fetch from, or store to, the machine memory. In this way, the protection is made continuous” [0144]; “The diagram in FIG. 5a then shows how these hardware-enforced accesses are used to force data flowing from internal network 82 to the Internet to go through a filter process, without any possibility that the filter is bypassed or that filtered data is tampered with by possibly vulnerable software on the Internet side of the filter” [0149]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Bomgardner and Boebert before him or her, to modify the disclosure of Bomgardner with the teachings of Boebert to include a first assured pipeline as claimed because Bomgardner provides a method and system for cross-domain security transactions with policy filtering for data sent between different domains (Bomgardner [Abstract]-[0068]) which could be connected through assured pipelines (Boebert [0051]; [0135]; [0144]; [0149]).  The suggestion/motivation for doing so would have been to ensure control is imposed on data transfers and protection is made continuous by filter processes that are not bypassed (Boebert [0144]; [0149]).  Therefore, it would have been obvious to combine Bomgardner and Boebert to obtain the invention as specified in the instant claim(s).
As to Claim 17:
Bomgardner discloses the method of claim 14, further comprising:
enforcing attribute-based access control for the first data item along the first assured pipeline (e.g. Bomgardner “first domain security policy 112 can include criteria to remove the business's confidential and/or competitive information from data 101 before sharing the data 101 with the pubic sector organization. Second domain security policy 122 can include less stringent checks (such as the removal of any personal identification information) which the public sector organization needs or requires. In this way, data manager 100 enables sharing of data 101 across the different domains in a secure fashion and, in particular, according to the needs and desires of the different organizations” [0033]; “First domain security policy 512A can include rules to validate user information (for example, rules to validate authenticity of the user information) and to determine whether a particular user may access the requested second domain service 585” [0055]).
As to Claim 18:
Bomgardner discloses the method of claim 14, further comprising:
enforcing a one-way data flow policy along the first assured pipeline (e.g. Bomgardner “Data manager 100 may enable unidirectional data access from one domain to another domain (or from one domain to multiple domains)” [0027]).
Claims 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bomgardner in view of Boebert as applied to Claims 1 and 14, and further in view of Huang et al. (US 20040100957 A1, hereinafter Huang).
As to Claim 7:
Bomgardner in view of Boebert discloses the one or more non-transitory machine-readable media of claim 1, wherein transmitting the first data item to the second intermediate node in the first assured pipeline of the fragmented CDS (e.g. Bomgardner “first domain security process 110 can receive data 101, execute the rules in policy 112 and render the results. Second domain security process 120 can receive the results from first domain security process 110” [0031] separate microprocessor for second domain security policy [0050]; second processor to execute a second security policy [0066]), but does not specifically disclose:
transmitting the first data item to a plurality of neighboring nodes.
However, the analogous art Huang does disclose transmitting the first data item to a plurality of neighboring nodes (e.g. Huang message flooding to neighboring nodes based on location [Abstract]; [0010]; neighborhood flooding optimization to reach neighbors with message [0053]).  Bomgardner, Boebert, and Huang are analogous art because they are from the same field of endeavor in data communication between different nodes.
(e.g. see Boebert, “A method and apparatus for message flooding is provided that takes advantage of the availability of node locations. The transmission of a flood message by a node is based on location information of neighboring nodes.” [Abstract]; “Message flooding within a communication system is well known. In particular, the message flooding procedure is often the basis of on-demand route discovery and network initialization… As discussed, the purpose to flood the network in a routing algorithm is essentially to find a path to send data to destinations or draw data from the sources. The message content is usually a request of route discovery” [0002]; “To address the need for flooding within a communication system, a method and apparatus for flooding is provided herein. In accordance with the preferred embodiment of the present invention message flooding is provided that takes advantage of the availability of the node locations. The transmission of a flood message by a node is based on location information/coverage areas of neighboring nodes” [0010]; “neighborhood flooding optimization works similarly to the above-described home flooding procedure. As discussed above, neighborhood flooding occurs when a node rebroadcasts a flood message through a different coordinator to reach neighbors under the different coordinator. In this scenario, when node A receives a flood message through the coordination of node M, and node A is in the range of another coordinator N, node A will try to send a request to node N in order to rebroadcast this message to its neighbors that are also in the range of N” [0053]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Bomgardner, Boebert, and Huang before him or her, to modify the combination of Bomgardner and Boebert with the teachings of Huang to include transmitting the first data item to a plurality of neighboring nodes as claimed because Bomgardner provides a method and system for cross-domain security transactions with policy filtering for data sent between devices on different domains (Bomgardner [Abstract]-[0068]) which could implement neighborhood message flooding optimization (Huang [Abstract]; [0002]; [0010]; [0053]).  The suggestion/motivation for doing so would have been to provide on-demand route discovery, network initialization, and finding paths to send data to destinations (Huang [0002]).  Therefore, it would have been obvious to combine Bomgardner, Boebert, and Huang to obtain the invention as specified in the instant claim(s).
As to Claim 20:
Bomgardner in view of Boebert discloses the method of claim 14, wherein transmitting the first data item to the second intermediate node in the first assured pipeline of the fragmented CDS (e.g. Bomgardner “first domain security process 110 can receive data 101, execute the rules in policy 112 and render the results. Second domain security process 120 can receive the results from first domain security process 110” [0031] separate microprocessor for second domain security policy [0050]; second processor to execute a second security policy [0066]), but does not specifically disclose:
transmitting the first data item to a plurality of neighboring nodes.
However, the analogous art Huang does disclose transmitting the first data item to a plurality of neighboring nodes (e.g. Huang message flooding to neighboring nodes based on location [Abstract]; [0010]; neighborhood flooding optimization to reach neighbors with message [0053]).  Bomgardner, Boebert, and Huang are analogous art because they are from the same field of endeavor in data communication between different nodes.
(e.g. see Boebert, “A method and apparatus for message flooding is provided that takes advantage of the availability of node locations. The transmission of a flood message by a node is based on location information of neighboring nodes.” [Abstract]; “Message flooding within a communication system is well known. In particular, the message flooding procedure is often the basis of on-demand route discovery and network initialization… As discussed, the purpose to flood the network in a routing algorithm is essentially to find a path to send data to destinations or draw data from the sources. The message content is usually a request of route discovery” [0002]; “To address the need for flooding within a communication system, a method and apparatus for flooding is provided herein. In accordance with the preferred embodiment of the present invention message flooding is provided that takes advantage of the availability of the node locations. The transmission of a flood message by a node is based on location information/coverage areas of neighboring nodes” [0010]; “neighborhood flooding optimization works similarly to the above-described home flooding procedure. As discussed above, neighborhood flooding occurs when a node rebroadcasts a flood message through a different coordinator to reach neighbors under the different coordinator. In this scenario, when node A receives a flood message through the coordination of node M, and node A is in the range of another coordinator N, node A will try to send a request to node N in order to rebroadcast this message to its neighbors that are also in the range of N” [0053]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Bomgardner, Boebert, and Huang before him or her, to modify the combination of Bomgardner and Boebert with the teachings of Huang to include transmitting the first data item to a plurality of neighboring nodes as claimed because Bomgardner provides a method and system for cross-domain security transactions with policy filtering for data sent between devices on different domains (Bomgardner [Abstract]-[0068]) which could implement neighborhood message flooding optimization (Huang [Abstract]; [0002]; [0010]; [0053]).  The suggestion/motivation for doing so would have been to provide on-demand route discovery, network initialization, and finding paths to send data to destinations (Huang [0002]).  Therefore, it would have been obvious to combine Bomgardner, Boebert, and Huang to obtain the invention as specified in the instant claim(s).
Allowable Subject Matter
Claims 2, 3, 6, 9, 10, 13, 15, 16, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Kuckelman et al. (US 20110314536 A1) is cited for testing firewall functionality in a cross-domain system utilized to control data transfer.
Mraz et al. (US 20140337410 A1) is cited for cross-domain transferring of files from a client to a server in accordance to security policies.
Redlich et al. (US 20150156206 A1) is cited for filtering data streams in enterprise networks to defend against threats and attacks. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

07.01.2022