DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 was filed in this application after a decision by the Patent Trial and Appeal Board, but before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil action. Since this application is eligible for continued examination under 37 CFR  1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on 7-20-22 has been entered.
1.  Reiterating the PTAB’s decision, literally all rebuttal arguments put forth in the Examiner’s Answer were AFFIRMED (See decision rendered on 5/18/2022):

    PNG
    media_image1.png
    573
    909
    media_image1.png
    Greyscale

2.  Applicant has put forth an amendment that adds little in terms of new  technical design limitations AND the examiner notes that these claims are much broader than those that were previously allowed (see parent applications/patents).
The amendment merely adds in concepts that were already known or implied, ie. first/second nodes interconnected by intermediate nodes, transmit along a network path to the second node, watermark represents the network path over the intermediate nodes by which the connection request is received by the second node from the first node and the watermark is recorded as each intermediate node communicates the connection request along the path of intermediat nodes. 

3.  As found in the PTAB’s decision, the concepts of watermarking/tracking a packet as it traverses a network is well known and understood. 

4a.  The examiner has added a Double Patenting rejection since it appears that it was not put forth during the last round of prosecution.
4b.  TWO DIFFERENT rejections are put forth below.
	i.  Umesawa and Wang
	ii. He and Wang (which was upheld at the board)

5.  Based on the originally filed claims in this application, the examiner believes that a more favorable outcome may occur if the applicant amends as follows (ie. claims 1-49  originally filed claims from 12/29/2015):
i.   Indep 52 + 4 + 6 + 7 + 8 + (10 or 13)
ii.  Indep 52 + 4 + 6 + 7 + 8 + 23 
iii. Indep 52 + 4 + 6 + 7 + 8 + 24 
iv  Indep 52 + 4 + 6 + 25 + (26 or 27)
Any of these combinations/options would recite a highly detailed technical claim that is not found in at least the prior art of record, either alone or in combination.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 52 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 7,990,947. Although the claims at issue are not identical, they are not patentably distinct from each other because they put forth tracking the path of a packet as it traverses a network of intermediate nodes whereby the path is “watermarked” and each node traversed can be tracked and the entire path verified.
     7,990,947 Patent				 Current Application
1. A network communications method utilizing a network watermark process, the network watermark process comprising the step of creating a verifiable communications path through a network of nodes between a first end node and a second end node, the verifiable communications path being collectively created, (a) by the first end node performing the step of sending an outgoing communication including an identification of the second end node to an immediately succeeding node in the verifiable communications path; (b) by each of one or more respective intermediate nodes between the first end node and the second end node in the verifiable communications path, performing the steps of, (i) receiving, by the respective intermediate node, an incoming intermediate communication from an immediately preceding node, the incoming intermediate communication including path data, (ii) verifying the incoming intermediate communication that is received by the respective intermediate node from the immediately preceding node, and (iii) upon the successful verification of the incoming intermediate communication from the immediately preceding node by the respective intermediate node, sending by the respective intermediate node an outgoing intermediate communication to an immediately succeeding node, the outgoing intermediate communication including path data that at least identifies a network communications path from the first end node to the respective intermediate node; and (c) by the second end node performing the steps of, (i) receiving an incoming communication from the immediately preceding node, the incoming communication including path data that at least identifies a network communications path from the first end node to the immediately preceding node, (ii) verifying the incoming communication that is received from the immediately preceding node, and (iii) validating the communications path through the network of nodes between the first end node and the second end node.
52. (currently amended) A network authentication system comprising: a first node and a second node interconnected by a network of intermediate nodes, wherein the first node is configured to transmit a connection_[[-]]request to the second node along a network path over the network of intermediate nodes, to receive and authenticate thefrom the first node based on a network watermark thea received connection_[[-]]request, wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node, and wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes.







Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
REJECTION #1:
Claim 52 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Umesawa et al. US 2005/0094637 and further in view of Wang: Sleepy Watermark Tracking: An active network-based Intrusion Response Framework
As per claim 52, Umesawa et al. US 2005/0094637 teaches a network authentication system (Para #21 teaches authenticating the authority of the connection requestor and if legitimate, provides service) comprising: 
a first node and a second node interconnected by a network of intermediate nodes (Fig. 1 shows Client computers connecting to Server computers and a network #3 in the middle which can be comprised of multiple routers, switches, gateways, etc., and one skilled would inherently understand that they are “intermediate nodes”.  Further note that Para #86 teaches that network #3 in Fig. 1 can be The Internet, which has millions of nodes that can be intermediate to two devices communicating);
[0085]  FIG. 1 shows a communication system to which embodiments of the invention are applicable. As shown, server computers 1 and client computers 2 are connected via a communication network 3 that includes an open network, such as the Internet, and dedicated lines connected thereto., 
wherein the first node is configured to transmit a connection request to the second node along a network path over the network of intermediate nodes (Para #16 teaches the connection requestor (client) is provided service by a server AND Para #18 teaches an actual connection request being sent from the client to the server via the network of intermediate nodes), and 
[0016] In the above-described client/server system including client computers and a server computer, there is a case where when the server computer provides a service to a client computer, it identifies the connection requester (the user of the client computer or the client computer itself), and then provides a service corresponding to the authority of the identified requester.
[0018] (i) In accordance with a connection request from the client computer, a connection is established between the client computer and server computer.
the second node is configured to receive and authenticate the connection request from the first node  (Umesawa teaches that the connection request can be authenticated in multiple ways and by multiple devices, to include the second node/server):
[0004] The present invention also relates to an authentication method for performing communication between a client computer and server computer on a network, a server computer, a client computer and a program.

AUTHENTICATION METHOD #1:  Umesawa teaches that the server can receive the authentication request and then instruct the client to send authentication information (i.e. password, ec.) which can be used to authenticate the client/user:
[0019] (ii) A server application program installed in the server computer transmits, to a client application program installed in the client computer, data that instructs it to return authentication information such as a password (there also exist information items utilizing common- or public-key codes or various coded protocols).
[0020] (iii) After receiving the data, the client application program acquires authentication information, and then transmits it to the server computer (the user of the client computer inputs the authentication information, or the client application program automatically acquires it).
[0021] (iv) The server application program determines whether the acquired authentication information is legitimate, determines the authority of the connection requester if the authentication information is determined to be legitimate, and provides a service corresponding to the authority.

AUTHENTICATION METHOD #2:  Umesawa teaches that the number of SYN transmission can be used to authenticate the user/request:
[0098] In a first embodiment, the connection requesters that are allowed to access a certain server computer 1 are beforehand divided into a plurality of groups, and the number of transmissions of a connection request packet that differs between the groups is determined and used at least as authentication information for each group. In the first embodiment, connection request packets will be referred to as "synchronization (SYN) packets". Assume here that authentication information indicating the number of transmissions of a SYN packet is commonly used as secret information between the certain server computer 1 and each connection requester. Common use of information indicating the number of transmissions may be realized, kept secret from a third party, using an on-line system in which a channel secured by a cipher protocol (provided by, for example, a secure socket layer (SSL) technique) is utilized, or using an off-line system such as mailing. Further, each connection requester may hold different criteria for different servers.

NOTE that Umesawa teaches FIFTEEN different authentication 
possibilities (See Para’s #40 thru 54).

but is silent on 
based on a network watermark recorded in the received connection request, 
wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node, and 
wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes.
Umesawa does not teach tracking/watermarking of a packet (or packets) as they flow through the network via intermediate nodes.
Regarding “…based on a network watermark recorded in the received connection request..”, Wang (Sleepy Watermark Tracing: An Active Network-based Intrusion Response Framework) teaches tracing any/all data packet(s), which would inherently include a connection request that is received by a second node/server:
    PNG
    media_image2.png
    217
    807
    media_image2.png
    Greyscale

 Regarding “..wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node”, Wang teaches recording the connection request path the packet travels over (ie. each router/node it passes through): 

    PNG
    media_image3.png
    531
    805
    media_image3.png
    Greyscale

Regarding “..wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes”, Wang teaches each intermediate node/router records that it has supported the packet’s reception/transmittal and this data is stored in the packet’s watermark and forwarded, which reads on the limitation.
    PNG
    media_image4.png
    293
    792
    media_image4.png
    Greyscale

AND
    PNG
    media_image5.png
    267
    781
    media_image5.png
    Greyscale

Additional (trust routers, ie. intermediary devices)

    PNG
    media_image6.png
    237
    788
    media_image6.png
    Greyscale

Operation of Sleepy Watermark Tracing:

    PNG
    media_image7.png
    219
    823
    media_image7.png
    Greyscale


    PNG
    media_image8.png
    623
    779
    media_image8.png
    Greyscale


    PNG
    media_image9.png
    264
    808
    media_image9.png
    Greyscale


    PNG
    media_image10.png
    837
    777
    media_image10.png
    Greyscale


    PNG
    media_image11.png
    712
    802
    media_image11.png
    Greyscale

6.  CONCLUSIONS

    PNG
    media_image12.png
    592
    755
    media_image12.png
    Greyscale


    PNG
    media_image13.png
    146
    770
    media_image13.png
    Greyscale

Thusly, the above pasages from Wang teach tracing each/every packet’s journey through a network of intermediate nodes between sender and receiver.
Note that Chari et al. US 6,704,301, pertinent but not cited, teaches a connection request that ALSO includes information about all intermediate nodes traversed between sender and receiver, which is similar to applicant’s design/claims.   Chari has knowledge beforehand about the nodes that will be traversed which is slightly different than using a watermark to track the packet’s path, hence one skilled sees a choice in design (ie. obvious to try modifications with predictable results):
(5) For another embodiment, when a client wishes to connect the server, it sends a connection request, through the known path to the server. This connection request includes the known path to the server. When the server receives the request, it becomes aware of the path to the requesting client, as well as all intervening nodes. The server uses this information to respond to the request, and add the data to its routing table/client tree.

It would have been obvious to one skilled in the art at the time of the invention, to modify Umesawa, such that it is based on a network watermark recorded in the received connection request AND wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node AND wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes, to provide the ability to trace any packet (eg. connection request, etc.) that is sent through the network and determine that it was a valid path of intermediate nodes for intrusion security/detection purposes.

Rejection #2:
Claim 52 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over He US 2014/0109202 and further in view of Wang: Sleepy Watermark Tracking: An active network-based Intrusion Response Framework
As per claim 52, He US 2014/0109202 teaches a network authentication system (Para #3 teaches authentication within a network) comprising: 
a first node and a second node interconnected by a network of intermediate nodes (Figure 1a shows devices/nodes such as #102a, b, n, connected to other devices/nodes #106a, b, n via other “intermediate” nodes, ie. nodes in the networks such as routers, etc. and the appliance #200, etc.), 
[0030] Although FIG. 1A shows a network 104 and a network 104' between the clients 102 and the servers 106, the clients 102 and the servers 106 may be on the same network 104. The networks 104 and 104' can be the same type of network or different types of networks. The network 104 and/or the network 104' can be a local-area network (LAN), such as a company Intranet, a metropolitan area network (MAN), or a wide area network (WAN), such as the Internet or the World Wide Web. In one embodiment, network 104' may be a private network and network 104 may be a public network. In some embodiments, network 104 may be a private network and network 104' a public network. In another embodiment, networks 104 and 104' may both be private networks. In some embodiments, clients 102 may be located at a branch office of a corporate enterprise communicating via a WAN connection over the network 104 to the servers 106 located at a corporate data center.
[0031] The network 104 and/or 104' be any type and/or form of network and may include any of the following: a point to point network, a broadcast network, a wide area network, a local area network, a telecommunications network, a data communication network, a computer network, an ATM (Asynchronous Transfer Mode) network, a SONET (Synchronous Optical Network) network, a SDH (Synchronous Digital Hierarchy) network, a wireless network and a wireline network. In some embodiments, the network 104 may comprise a wireless link, such as an infrared channel or satellite band. The topology of the network 104 and/or 104' may be a bus, star, or ring network topology. The network 104 and/or 104' and network topology may be of any such network or network topology as known to those ordinarily skilled in the art capable of supporting the operations described herein.
wherein the first node is configured to transmit a connection request to the second node along a network path over the network of intermediate nodes, and 
[0008] In third aspect, the present invention is a method for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client, the method comprising: intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request.

the second node is configured to receive and authenticate the connection request from the first node (Figure 5 teaches that the “request” is sent and a response is received which comprises an acceptance of the authentication (cookie) from the second node ) 
[0122] Referring now to FIG. 5, one embodiment of a method for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client is shown. In brief overview, the method comprises: intercepting, by a client agent executing on a client, a connection request from the client (step 501); establishing, by the client agent, a transport layer virtual private network connection with a network appliance (step 503); transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie (step 505); receiving, by the client agent, an HTTP response, the HTTP response comprising an acceptance of the authentication cookie; (step 507) 

but is silent on 
based on a network watermark recorded in the received connection request, 
wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node, and 
wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes.
Umesawa does not teach tracking/watermarking of a packet (or packets) as they flow through the network via intermediate nodes.
Regarding “…based on a network watermark recorded in the received connection request..”, Wang (Sleepy Watermark Tracing: An Active Network-based Intrusion Response Framework) teaches tracing any/all data packet(s), which would inherently include a connection request that is received by a second node/server:

    PNG
    media_image2.png
    217
    807
    media_image2.png
    Greyscale

 Regarding “..wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node”, Wang teaches recording the connection request path the packet travels over (ie. each router/node it passes through): 

    PNG
    media_image3.png
    531
    805
    media_image3.png
    Greyscale

Regarding “..wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes”, Wang teaches each intermediate node/router records that it has supported the packet’s reception/transmittal and this data is stored in the packet’s watermark and forwarded, which reads on the limitation.
    PNG
    media_image4.png
    293
    792
    media_image4.png
    Greyscale

AND
    PNG
    media_image5.png
    267
    781
    media_image5.png
    Greyscale




Additional (trust routers, ie. intermediary devices)

    PNG
    media_image6.png
    237
    788
    media_image6.png
    Greyscale

Operation of Sleepy Watermark Tracing:

    PNG
    media_image7.png
    219
    823
    media_image7.png
    Greyscale


    PNG
    media_image8.png
    623
    779
    media_image8.png
    Greyscale


    PNG
    media_image9.png
    264
    808
    media_image9.png
    Greyscale

    PNG
    media_image10.png
    837
    777
    media_image10.png
    Greyscale


    PNG
    media_image11.png
    712
    802
    media_image11.png
    Greyscale

6.  CONCLUSIONS

    PNG
    media_image12.png
    592
    755
    media_image12.png
    Greyscale


    PNG
    media_image13.png
    146
    770
    media_image13.png
    Greyscale

Thusly, the above pasages from Wang teach tracing each/every packet’s journey through a network of intermediate nodes between sender and receiver.
Note that Chari et al. US 6,704,301, pertinent but not cited, teaches a connection request that ALSO includes information about all intermediate nodes traversed between sender and receiver, which is similar to applicant’s design/claims.   Chari has knowledge beforehand about the nodes that will be traversed which is slightly different than using a watermark to track the packet’s path, hence one skilled sees a choice in design (ie. obvious to try modifications with predictable results):
(5) For another embodiment, when a client wishes to connect the server, it sends a connection request, through the known path to the server. This connection request includes the known path to the server. When the server receives the request, it becomes aware of the path to the requesting client, as well as all intervening nodes. The server uses this information to respond to the request, and add the data to its routing table/client tree.

It would have been obvious to one skilled in the art at the time of the invention, to modify He, such that it is based on a network watermark recorded in the received connection request AND wherein the network watermark represents the network path over the network of intermediate nodes by which the connection request is received by the second node from the first node AND wherein the network watermark is recorded in the received connection request as each intermediate node communicates the connection request along the path over the network of intermediate nodes, to provide the ability to trace any packet (eg. connection request, etc.) that is sent through the network and determine that it was a valid path of intermediate nodes for intrusion security/detection purposes.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is found in the PTO-892.
All references deal with packet tracing through a network (which is well known).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN M. D'AGOSTA whose telephone number is (571)272-7862. The examiner can normally be reached 8am to 4pm (IFW).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Edan (Dan) Orgad can be reached on 571-272-7884. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/STEPHEN M D AGOSTA/Primary Examiner, Art Unit 2414