DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 05/16/2022.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
This application filed on May 16, 2022 claims priority of continuing application 16/856,843 filed on April 23, 2020, which claims priority of continuing application 15/262,979 filed on September 12, 2016.

Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 21 June 2022.
Examiner’s Note
Claim 16 recites “a first computing device..”. Examiner has interpreted a first computing device as computing device 10 of Figures 1 and 2.  The description of computing device 10 in paragraphs 51-52 recites sufficient hardware for the computing device. Thus Claim 16 is compliant for 35 U.S.C 101 software per se.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because
a. Claim 20 is directed to a computer-readable media. However, the body of the claim lacks definite structure indicative of a physical product. Therefore, the claim as a whole appears to be nothing more than computer software, and software per se does not fall within a statutory category.
In addition, the broadest reasonable interpretation of the "computer readable media" covers a transitory propagating signal which is non-statutory subject matter.
"A transitory, propagating signal... is not a "process, machine, manufacture, or composition of matter." Those four categories define the explicit scope and reach of subject matter patentable under 35 U.S.C. § 101; thus, such a signal cannot be patentable subject matter."
The examiner suggests amending the claim(s) to recite a "non-transitory computer-readable medium" or equivalent in order to exclude non-statutory subject matter such as a transitory propagating signal. Any amendment to the claims should be commensurate with its corresponding disclosure.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 16 recites the limitation " the first network device comprising: two or more interfaces…." .  Examiner submits that there is no “A first network device” is defined. There is insufficient antecedent basis for this limitation in the claim.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-7, 9, 12-14 and 16-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3-11, and 18 of U.S. Patent No. 11,336,659. Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-7, 9-10, 12-18, 25-26 and 28 of U.S. Patent No. 10,659,476.  Although the claims at issue are not identical, they are not patentably distinct from each other because please see below.

 
Instant Application - 17/663,597
 
US PAT. # US 11336659 (App. # 16/856,843) 
 
US PAT. # US 10659476 (App. # 15/262,979) 
 
 
TRANSPARENT BRIDGE FOR MONITORING CRYPTO-PARTITIONED WIDE-AREA NETWORK
 
 TRANSPARENT BRIDGE FOR MONITORING CRYPTO-PARTITIONED WIDE-AREA NETWORK
 
 TRANSPARENT BRIDGE FOR MONITORING CRYPTO-PARTITIONED WIDE-AREA NETWORK
 
 
 
 
 
 
 
 
1
A method comprising: receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN), wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN; determining, by the first computing device, contents of a header of the data packet; and determining, by the first computing device and based at least in part on the contents of the header of the data packet, a status of the cipher-text WAN.
1
A method comprising: receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a partitioned wide-area network (WAN); detecting, by the first computing device and based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN; receiving, by the first computing device in the plain-text portion of the first enclave from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time; determining, by the first computing device, a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and performing, by the first computing device and based on the network event and the global view, an operation to correct the status of the partitioned WAN.
1
A method comprising: receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN) that carries data traffic between a plurality of enclaves including the first enslave and the second enclave, wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN; determining, by the first computing device, contents of a header of the data packet, wherein the contents of the header of the data packet comprise one or more of a timestamp, a connection state, or a priority of an associated data flow to the second enclave; detecting, by the first computing device and based at least in part on the one or more of the timestamp, the connection state, or the priority of an associated data flow to the second enclave in the contents of the header of the data packet, a network event affecting a status of the cipher-text WAN, wherein the connection state indicates connection states between the second enclave and each of the other enclaves in the plurality of enclaves;
 
 
 
 
 
 
performing, by the first computing device and based on the network event affecting the status of the cipher-text WAN, an operation to correct the status of the cipher-text WAN; determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to a third computing device in a plain-text portion of a third enclave in the plurality of enclaves, wherein the third enclave communicates with the first enclave and the second enclave via the cipher-text WAN; determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device; determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave; sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and receiving, by the first computing device and from the second computing device, the expected data flow that was received by the second computing device from the third computing device. 
 
2
The method of claim 1, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a first data flow from the second computing device via the cipher-text WAN, wherein the first data flow includes the first data packet; receiving, by the first computing device, a second data flow from a third computing device in a plain-text portion of a third enclave via the cipher-text WAN, wherein the second data flow includes a second data packet, wherein contents of a header of the second data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determining, by the first computing device and based at least in part on the first timestamp, that the status of the cipher-text WAN is a bottleneck at the first enclave.
3
The method of claim 1, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a first data flow from the second computing device via the partitioned WAN, wherein the first data flow includes the first data packet; receiving, by the first computing device, a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the partitioned WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determining, by the first computing device and based at least in part on the first timestamp, that the network event affecting the status of the partitioned WAN is a bottleneck at the first enclave; 
2
The method of claim 1, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a first data flow from the second computing device via the cipher-text WAN, wherein the first data flow includes the first data packet; receiving, by the first computing device, a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the cipher-text WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determining, by the first computing device and based at least in part on the first timestamp, that the network event affecting the status of the cipher-text WAN is a bottleneck at the first enclave. 
 
 
 
3
 wherein performing the operation to correct the status of the partitioned WAN comprises responsive to determining that the network event affecting the status of the partitioned WAN is the bottleneck: determining, by the first computing device, a first priority of the first data flow; determining, by the first computing device, a second priority of the second data flow; comparing, by the first computing device, the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.
 

 
3
The method of claim 2, further comprising: responsive to determining that the status of the cipher-text WAN is the bottleneck: determining, by the first computing device, a first priority of the first data flow; determining, by the first computing device, a second priority of the second data flow; comparing, by the first computing device, the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the third computing device; and responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.
3
 wherein performing the operation to correct the status of the partitioned WAN comprises responsive to determining that the network event affecting the status of the partitioned WAN is the bottleneck: determining, by the first computing device, a first priority of the first data flow; determining, by the first computing device, a second priority of the second data flow; comparing, by the first computing device, the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.
3
The method of claim 2, wherein performing the operation to correct the status of the cipher-text WAN comprises: responsive to determining that the network event affecting the status of the cipher-text WAN is the bottleneck: determining, by the first computing device, a first priority of the first data flow; determining, by the first computing device, a second priority of the second data flow; comparing, by the first computing device, the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device. 
 
4
The method of claim 3, further comprising: responsive to determining that the first priority is equal to the second priority: determining, by the first computing device, a first time indicated by the first timestamp; determining, by the first computing device, a second time indicated by the second timestamp located in the contents of the header of the second data packet; comparing, by the first computing device, the first time and the second time; responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the third computing device; and responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device.
4
The method of claim 3, further comprising: responsive to determining that the first priority is equal to the second priority: determining, by the first computing device, a first time indicated by the first timestamp; determining, by the first computing device, a second time indicated by the second timestamp located in the contents of the header of the third data packet; comparing, by the first computing device, the first time and the second time; responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device.
4
The method of claim 3, further comprising: responsive to determining that the first priority is equal to the second priority: determining, by the first computing device, a first time indicated by the first timestamp; determining, by the first computing device, a second time indicated by the second timestamp located in the contents of the header of the third data packet; comparing, by the first computing device, the first time and the second time; responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device. 
 
5
The method of claim 3, wherein squelching the first data flow comprises: sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and responsive to determining that the third computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device.
5
The method of claim 3, wherein squelching the first data flow comprises: sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and responsive to determining that the fourth computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fifth data packet to the second computing device, wherein the fifth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device.
5
The method of claim 3, wherein squelching the first data flow comprises: sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and responsive to determining that the fourth computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fifth data packet to the second computing device, wherein the fifth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device. 
 
6
The method of claim 1, wherein the contents of the header comprise a timestamp, wherein the method further comprises: receiving, by the first computing device, a bulk data transfer from the second computing device; receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow, and wherein the timestamp indicates a time at which the data packet was sent by the second computing device; determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow; responsive to determining that the delay for the data flow is above a threshold delay:
6
The method of claim 1, wherein the contents of the header comprise a timestamp, wherein the method further comprises: receiving, by the first computing device, a bulk data transfer from the second computing device; receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow, and wherein the timestamp indicates a time at which the data packet was sent by the second computing device; determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow; responsive to determining that the delay for the data flow is above a threshold delay:
6
The method of claim 1, wherein the contents of the header comprise the timestamp, wherein the method further comprises: receiving, by the first computing device, a bulk data transfer from the second computing device; receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow, and wherein the timestamp indicates a time at which the data packet was sent by the second computing device; determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow; responsive to determining that the delay for the data flow is above a threshold delay:
 
6
determining, by the first computing device, that the status of the cipher-text WAN is a performance latency; sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to re-route the data flow through a third computing device in a plain-text portion of a third enclave; and receiving, by the first computing device, the data flow from the third computing device.
6
determining, by the first computing device, that the network event affecting the status of the partitioned WAN is a performance latency; sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to re-route the data flow through a fourth computing device in a plain-text portion of a fourth enclave; and receiving, by the first computing device, the data flow from the fourth computing device.
 
determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a performance latency; sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to re-route the data flow through a fourth computing device in a plain-text portion of a fourth enclave; and receiving, by the first computing device, the data flow from the fourth computing device. 
 
7
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to a third computing device in a plain-text portion of a third enclave; determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device; determining, by the first computing device, that the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave;
10
The method of claim 1, further comprising: determining, by the first computing device, that the first computing device is not receiving an expected data flow from a third computing device due to the network event; wherein performing, by the first computing device and based on the network event, the operation to correct the status of the partitioned WAN comprises: determining, by the first computing device, that the second computing device is connected to the third computing device in a plain-text portion of a third enclave, wherein the third enclave communicates with the first enclave and the second enclave via the partitioned WAN; 
7
The method of claim 1, wherein the contents of the header comprise the connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device and that the second computing device is bidirectionally connected to a fourth computing device in a plain-text portion of a fourth enclave;
 
7
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and receiving, by the first computing device, the expected data flow from the second computing device.
10
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and receiving, by the first computing device and from the second computing device, the expected data flow that was received by the second computing device from the third computing device.
7
determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN; sending, by the first computing device, a third data packet to the fourth computing device, wherein the third data packet comprises an indication for the second computing device to send a data flow to the first computing device; and receiving, by the first computing device, the data flow from the second computing device.
 
8
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device and that the second computing device is bidirectionally connected to a third computing device in a plain-text portion of a third enclave; 
 
 
7
The method of claim 1, wherein the contents of the header comprise the connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device and that the second computing device is bidirectionally connected to a fourth computing device in a plain-text portion of a fourth enclave; 
 
8
determining, by the first computing device, that the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN; sending, by the first computing device, a second data packet to the third computing device, wherein the second data packet comprises an indication for the second computing device to send a data flow to the first computing device; and receiving, by the first computing device, the data flow from the second computing device.
 
 
7
determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN; sending, by the first computing device, a third data packet to the fourth computing device, wherein the third data packet comprises an indication for the second computing device to send a data flow to the first computing device; and receiving, by the first computing device, the data flow from the second computing device.
 
9
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that a third computing device in a plain-text portion of a third enclave has lost connection with the first computing device; determining, by the first computing device, that the status of the cipher-text WAN is a dropped direct connection between the first enclave and the third enclave; determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the third enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the third enclave; and sending, by the first computing device, a data flow intended for the third computing device to a first connected enclave of the sequence of one or more connected enclaves.
8
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave; sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.
12
The method of claim 1, wherein the contents of the header comprise the connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave; sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route. 
 
10
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to the first computing device; determining, by the first computing device, that the first computing device is not currently receiving an expected multicast flow from the second computing device; determining, by the first computing device, that the status of the cipher-text WAN is a misconfiguration of a rendezvous point within the cipher-text WAN; attempting, by the first computing device, to recover a connection to a multicast tree for the second computing device.
 
 
9
The method of claim 1, wherein the contents of the header comprise the connection state, wherein the method further comprises: determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to the first computing device; determining, by the first computing device, that the first computing device is not currently receiving an expected multicast flow from the second computing device; determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a misconfiguration of a rendezvous point within the cipher-text WAN; attempting, by the first computing device, to recover a connection to a multicast tree for the second computing device.
 
11
 The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to the first computing device; receiving, by the first computing device, a multicast flow from the second computing device; determining, by the first computing device, a packet loss rate for the data flow; and responsive to determining that the packet loss rate exceeds a threshold packet loss rate: determining, by the first computing device, that the status of the cipher-text WAN is one of a cyber-attack or a misconfiguration of a router in the cipher-text WAN; and attempting, by the first computing device, to restore a Cumulative Network Performance for the multicast flow.
 
 
10
The method of claim 1, wherein the contents of the header comprise the connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to the first computing device; receiving, by the first computing device, a multicast flow from the second computing device; determining, by the first computing device, a packet loss rate for the data flow; and responsive to determining that the packet loss rate exceeds a threshold packet loss rate; determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is one of a cyber-attack or a misconfiguration of a router in the cipher-text WAN; and attempting, by the first computing device, to restore a Cumulative Network Performance for the multicast flow.
 
12
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a data flow from the second computing device, wherein the data flow includes the first data packet; determining, by the first computing device, a first delay for the data flow; responsive to determining that the first delay exceeds a threshold delay, determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a third computing device in a plain-text portion of a third enclave; sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to send the data flow to the first computing device via the third computing device;
7
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a data flow from the second computing device, wherein the data flow includes the first data packet; determining, by the first computing device, a first delay for the data flow; responsive to determining that the first delay exceeds a threshold delay, determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a fourth computing device in a plain-text portion of a fourth enclave; sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to send the data flow to the first computing device via the fourth computing device;
25
The first computing device of claim 15, wherein the contents of the header comprise the connection state, wherein the data packet comprises a first data packet, and wherein the one or more processors are further configured to: receive a data flow from the second computing device, wherein the data flow includes the first data packet; determine a first delay for the data flow; responsive to determining that the first delay exceeds a threshold delay, determine, based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a fourth computing device in a plain-text portion of a fourth enclave; send a third data packet to the second computing device,
 
12
receiving, by the first computing device, the data flow from the third computing device; determining, by the first computing device, a second delay for the data flow; responsive to determining that the second delay does not exceed the threshold delay, continuing, by the first computing device, to receive the data flow from the third computing device; and responsive to determining that the second delay exceeds the threshold delay: determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave; and initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
7
receiving, by the first computing device, the data flow from the fourth computing device; determining, by the first computing device, a second delay for the data flow; responsive to determining that the second delay does not exceed the threshold delay, continuing, by the first computing device, to receive the data flow from the fourth computing device; and responsive to determining that the second delay exceeds the threshold delay: determining, by the first computing device, that the network event affecting the status of the partitioned WAN is a packet flooding attack on the first enclave; and initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
25
wherein the third data packet comprises an indication for the second computing device to send the data flow to the first computing device via the fourth computing device; receive the data flow from the fourth computing device; determine a second delay for the data flow; responsive to determining that the second delay does not exceed the threshold delay, continue to receive the data flow from the fourth computing device; and responsive to determining that the second delay exceeds the threshold delay: determine that the network event affecting the status of the cipher-text WAN is a packet flooding attack on the first enclave; and initiate a filtering process to resolve the packet flooding attack.
 
13
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave; sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.
8
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises: determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave; sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.
26
The first computing device of claim 15, wherein the contents of the header comprise the connection state, and wherein the one or more processors are further configured to: determine, based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave; send a deadline-critical data flow directly to the second computing device; and simultaneously send the deadline-critical data flow to the second computing device via the multi-hop route.
 
14
The method of claim 1, wherein the contents of the header comprise a priority of an associated data flow to the second enclave, wherein the associated data flow is part of a multicast stream originating in the first enclave, wherein the method further comprises: receiving, by the first computing device, an additional data packet from each of one or more additional enclaves, wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave,
9
The method of claim 1, wherein the contents of the header comprise a priority of an associated data flow to the second enclave, wherein the associated data flow is part of a multicast stream originating in the first enclave, wherein the method further comprises: receiving, by the first computing device, an additional data packet from each of one or more additional enclaves, wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave, 
13
The method of claim 1, wherein the contents of the header comprise the priority of the associated data flow to the second enclave, wherein the associated data flow is part of a multicast stream originating in the first enclave, wherein the method further comprises: receiving, by the first computing device, an additional data packet from each of one or more additional enclaves, wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave, 
 
14
and wherein each associated data flow has a same bandwidth usage; determining, by the first computing device, a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows; responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave: squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with the lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and upon the first computing device completing a transmission of a respective data flow, reactivating, by the first computing device, the previously squelched data flow with the highest respective priority.
9
and wherein each associated data flow has a same bandwidth usage; determining, by the first computing device, a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows; responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave: squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with a lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and upon the first computing device completing a transmission of a respective data flow, reactivating, by the first computing device, the previously squelched data flow with a highest respective priority.
13
and wherein each associated data flow has a same bandwidth usage; determining, by the first computing device, a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows; responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave: squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with the lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and upon the first computing device completing a transmission of a respective data flow, reactivating, by the first computing device, the previously squelched data flow with the highest respective priority. 
 
15
The method of claim 1, wherein the first computing device comprises a portion of an inline network encryption device.
 
 
14
The method of claim 1, wherein the first computing device comprises a portion of an inline network encryption device.
 
16
A first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE), the first network device comprising: two or more interfaces, wherein at least a first interface is configured to communicate with a first group of one or more client devices in the first enclave and at least a second interface is configured to communicate with a cipher-text wide-area network (WAN); and one or more processors configured to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via the cipher-text WAN, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN; determine contents of a header of the data packet; and determine, based at least in part on the contents of the header of the data packet, a status of the cipher-text WAN.
11
A first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE), the first computing device comprising: two or more interfaces, wherein at least a first interface is configured to communicate with a first group of one or more client devices in the first enclave and at least a second interface is configured to communicate with a partitioned wide-area network (WAN); and one or more hardware processors configured to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via the partitioned WAN; detecting, based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN; receive, from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, 
15
A first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE), the first computing device comprising: two or more interfaces, wherein at least a first interface is configured to communicate with a first group of one or more client devices in the first enclave and at least a second interface is configured to communicate with a cipher-text wide-area network (WAN); and one or more hardware processors configured to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via the cipher-text WAN, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN that carries data traffic between a plurality of enclaves including the first enslave and the second enclave; determine contents of a header of the data packet, wherein the contents of the header of the data packet comprise one or more of a timestamp, a connection state, or a priority of an associated data flow to the second enclave; detecting, based at least in part on the one or more of the timestamp, the connection state, or the priority of an associated data flow to the second enclave in the contents of the header of the data packet, a network event affecting a status of the cipher-text WAN,
 
 
 
11
wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time; determine a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and perform, based on the network event and the global view, an operation to correct the status of the partitioned WAN.
 
wherein the connection state indicates connection states between the second enclave and each of the other enclaves in the plurality of enclaves that communicate with each other via the cipher-text WAN; and perform, based on the network event affecting the status of the cipher-text WAN, an operation to correct the status of the cipher-text WAN; determine, based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to a third computing device in a plain-text portion of a third enclave in the plurality of enclaves, wherein the third enclave communicates with the first enclave and the second enclave via the cipher-text WAN; determine that the first computing device is not currently receiving an expected data flow from the third computing device; determine that the network event affecting the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave; send a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and receive, from the second computing device, the expected data flow that was received by the second computing device from the third computing device. 
 
17
The first computing device of claim 16, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the one or more processors are further configured to: receive a first data flow from the second computing device via the cipher-text WAN, wherein the first data flow includes the first data packet; receive a second data flow from a third computing device in a plain-text portion of a third enclave via the cipher-text WAN, wherein the second data flow includes a second data packet, wherein contents of a header of the second data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determine, based at least in part on the first timestamp, that the status of the cipher-text WAN is a bottleneck at the first enclave.
3
The method of claim 1, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the method further comprises: receiving, by the first computing device, a first data flow from the second computing device via the partitioned WAN, wherein the first data flow includes the first data packet; receiving, by the first computing device, a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the partitioned WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determining, by the first computing device and based at least in part on the first timestamp, that the network event affecting the status of the partitioned WAN is a bottleneck at the first enclave; 
16
The first computing device of claim 15, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the one or more processors are further configured to: receive a first data flow from the second computing device via the cipher-text WAN, wherein the first data flow includes the first data packet; receive a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the cipher-text WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp; and responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave: determine, based at least in part on the first timestamp, that the network event affecting the status of the cipher-text WAN is a bottleneck at the first enclave. 
 
18
The first computing device of claim 17, the one or more processors are further configured to: responsive to determining that the status of the cipher-text WAN is the bottleneck: determine a first priority of the first data flow; determine a second priority of the second data flow; compare the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelch the second data flow from the third computing device; and responsive to determining that the second priority is greater than the first priority, squelch the first data flow from the second computing device.
3
 wherein performing the operation to correct the status of the partitioned WAN comprises responsive to determining that the network event affecting the status of the partitioned WAN is the bottleneck: determining, by the first computing device, a first priority of the first data flow; determining, by the first computing device, a second priority of the second data flow; comparing, by the first computing device, the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.
17
The first computing device of claim 16, the one or more processors are further configured to: responsive to determining that the network event affecting the status of the cipher-text WAN is the bottleneck: determine a first priority of the first data flow; determine a second priority of the second data flow; compare the first priority and the second priority; responsive to determining that the first priority is greater than the second priority, squelch the second data flow from the fourth computing device; and responsive to determining that the second priority is greater than the first priority, squelch the first data flow from the second computing device. 
 
19
The first computing device of claim 18, the one or more processors are further configured to: responsive to determining that the first priority is equal to the second priority: determine a first time indicated by the first timestamp; determine a second time indicated by the second timestamp located in the contents of the header of the second data packet; compare the first time and the second time; responsive to determining that the first time is earlier than the second time, squelch the second data flow from the third computing device; and responsive to determining that the second time is earlier than the first time, squelch the first data flow from the second computing device.
4
The method of claim 3, further comprising: responsive to determining that the first priority is equal to the second priority: determining, by the first computing device, a first time indicated by the first timestamp; determining, by the first computing device, a second time indicated by the second timestamp located in the contents of the header of the third data packet; comparing, by the first computing device, the first time and the second time; responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the fourth computing device; and responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device.
18
The first computing device of claim 17, the one or more processors are further configured to: responsive to determining that the first priority is equal to the second priority: determine a first time indicated by the first timestamp; determine a second time indicated by the second timestamp located in the contents of the header of the third data packet; compare the first time and the second time; responsive to determining that the first time is earlier than the second time, squelch the second data flow from the fourth computing device; and responsive to determining that the second time is earlier than the first time, squelch the first data flow from the second computing device. 
 
20
A computer-readable storage medium storing instructions that, when executed, cause one or more processors of a first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE) to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN), wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN; determine contents of a header of the data packet; and determine, based at least in part on the contents of the header of the data packet, a status of the cipher-text WAN.
18
A non-transitory computer-readable storage medium storing instructions that, when executed, cause one or more processors of a first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE) to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a partitioned wide-area network (WAN); detecting, based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN, wherein a connection state indicates connection states between the second enclave and each of the other enclaves in a plurality of enclaves;
28
 A non-transitory computer-readable storage medium storing instructions that, when executed, cause one or more processors of a first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE) to: receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN) that carries data traffic between a plurality of enclaves including the first enslave and a second enclave, wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN; determine contents of a header of the data packet, wherein the contents of the header of the data packet comprise one or more of a timestamp, a connection state, or a priority of an associated data flow to the second enclave; detecting, based at least in part on the one or more of the timestamp, the connection state, or the priority of an associated data flow to the second enclave in the contents of the header of the data packet, a network event affecting a status of the cipher-text WAN,
 
 
 
18
receive, from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time; determine a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and perform, based on the network event affecting the status of the partitioned WAN and the global view, an operation to correct the status of the partitioned WAN.
28
wherein the connection state indicates connection states between the second enclave and each of the other enclaves in the plurality of enclaves; perform, based on the network event affecting the status of the cipher-text WAN, an operation to correct the status of the cipher-text WAN; and determine, based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to a third computing device in a plain-text portion of a third enclave in the plurality of enclaves, wherein the third enclave communicates with the first enclave and the second enclave via the cipher-text WAN; determine that the first computing device is not currently receiving an expected data flow from the third computing device; determine that the network event affecting the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave; send a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device, and receive, from the second computing device, the expected data flow that was received by the second computing device from the third computing device. 
 







Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”).

Referring to Claims 1, 16 and 30:
Regarding Claim 1, Brewer teaches,
A method comprising: receiving, by a first computing device (Fig. 1(30), ¶18)  in a plain-text portion of a first enclave (Fig, 1(16), ¶18, Examiner submits that network 16 is a first enclave) behind a first inline network encryptor (INE) (Fig. 1(32), “Interface unit 32 may be configured for performing a plurality of functions including, by way of example and not by way of limitation, altering encoding of information received in a communication composed in a third encoding scheme at a third locus 33 to express the received communication in the second encoding scheme for presentation at a fourth locus 35. Interface unit 32 may also operate to alter encoding of information received in a communication composed in the second encoding scheme at fourth locus 35 to express the received communication in the third encoding scheme for presentation at third locus 33. Such a coding-decoding capability may permit interface unit 32 to establish, by way of example and not by way of limitation, that ciphered (i.e., encrypted) text may be presented at fourth locus 35 for handling by second communication network 14, and plain text may be presented at third locus 33 for handling by third communication network 16), a data packet (Fig. 3(202), ¶36, i.e. a data packet is received by a first computing device) from a second computing device (Fig, 1(12), ¶17, Examiner submits that network 12 is a second enclave) in a plain-text portion of a second enclave behind a second INE (Fig. 1(23), ¶17) via a cipher-text wide-area network (WAN) (Fig. 1 (14), ¶17, “that ciphered (i.e., encrypted) text may be presented at second locus 25 for handling by second communication network 14”, ¶18, “that ciphered (i.e., encrypted) text may be presented at fourth locus 35 for handling by second communication network 14”, i.e. communication network 14 (WAN) is a cipher-text wide area network), [wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices] communicate through the cipher-text WAN via the first computing device (Fig. 1(30), ¶18, ¶32), wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device (Fig. 1(20), ¶17, ¶29), and wherein the first computing device (Fig. 1(30))  communicates with the second computing device (Fig. 1(20))  using the cipher-text WAN (Fig. 1(14), ¶17, ¶18, Fig. 3(202), ¶36);
determining, by the first computing device, contents of a header of the data packet (Fig. 3(206), ¶37); and 
Brewer does not teach explicitly,
wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices [communicate through the cipher-text WAN via the first computing device]
determining, by the first computing device and based at least in part on the contents of the header of the data packet, a status of the cipher-text WAN.
However, Keith teaches,
wherein the first enclave further includes a first group of one or more client devices (Fig. 1A (102, 102b, 102n), ¶35), wherein the second enclave further includes a second group of one or more client devices (Fig. 1A (106a, 106b, 106n), ¶35), wherein the first group of one or more client devices (¶35, “the network environment has one or more clients 102a-102n (also generally referred to as local machine(s) 102, or client(s) 102) in communication with one or more servers 106a-106n (also generally referred to as server(s) 106, or remote machine(s) 106) via one or more networks 104, 104', 104''. In some embodiments, a client 102 communicates with a server 106 via one or more network optimization appliances 200, 200' (generally referred to as appliance 200)”) [communicate through the cipher-text WAN via the first computing device]
determining, by the first computing device and based at least in part on the contents of the header of the data packet, a status of the cipher-text WAN (Fig. 8 (810, 820), ¶313-¶315, i.e. based on the traffic class marking in the header of the data packet, latency of the traffic is determined. The latency of the traffic helps in determining the status of the network).
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).

Regarding Claim 16, it is a device claim of above method Claim 1, therefore 
Claim 16 is rejected with the same rationale as applied against method Claim 1
above.
In addition Brewer teaches two or more interfaces (Fig. 1 (32, 22), ¶17-¶18).
Regarding Claim 20, it is a computer-readable storage medium claim of above method Claim 1, therefore Claim 30 is rejected with the same rationale as applied against method Claim 1 above.

Regarding Claim 15, rejection of Claim 1 is included and Brewer teaches,
The method of claim 1, wherein the first computing device comprises a portion of an inline network encryption device (Fig. 1(32), “Interface unit 32 may be configured for performing a plurality of functions including, by way of example and not by way of limitation, altering encoding of information received in a communication composed in a third encoding scheme at a third locus 33 to express the received communication in the second encoding scheme for presentation at a fourth locus 35. Interface unit 32 may also operate to alter encoding of information received in a communication composed in the second encoding scheme at fourth locus 35 to express the received communication in the third encoding scheme for presentation at third locus 33. Such a coding-decoding capability may permit interface unit 32 to establish, by way of example and not by way of limitation, that ciphered (i.e., encrypted) text may be presented at fourth locus 35 for handling by second communication network 14, and plain text may be presented at third locus 33 for handling by third communication network 16, i.e. interface is part of router 30 a first device).


Claims 2-4, 14 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Jourdain et al. (US PGPUB. # US 2006/0182039, hereinafter "Jourdain").

Referring to Claims 2 and 17:
Regarding Claim 2, rejection of Claim 1 is included and Brewer teaches,
The method of claim 1, [wherein the contents of the header comprise a first timestamp], wherein the data packet comprises a first data packet (¶25, “Messages or communications are transmitted in packets as will be understood by one skilled in the art of communication system design”, Fig. 3(206), ¶37, i.e. data packet comprise a first data packet), and wherein the method further comprises:
receiving, by the first computing device (Fig. 1(30), ¶18), a first data flow from the second computing device (Fig. 1(20), ¶17) via the cipher-text WAN , wherein the first data flow includes the first data packet (Fig. 1(14), ¶17, ¶18, Fig. 3(202, 206),  ¶36-¶37);
receiving, by the first computing device (Fig. 1(30), ¶18), [a second data flow from a third computing device in a plain-text portion of a third enclave] via the cipher-text WAN (Fig. 1(14), ¶17, ¶18, Fig. 3(202), ¶36), [wherein the second data flow includes a second data packet, wherein contents of a header of the second data packet comprise a second timestamp;] and
Brewer does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a first timestamp, [wherein the data packet comprises a first data packet];
[receiving, by the first computing device], a second data flow from a third computing device in a plain-text portion of a third enclave [via the cipher-text WAN], wherein the second data flow includes a second data packet, wherein contents of a header of the second data packet comprise a second timestamp;
responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave:
determining, by the first computing device and based at least in part on the first timestamp, that the status of the cipher-text WAN is a bottleneck at the first enclave.
However, Keith teaches,
The method of claim 1, wherein the contents of the header comprise a first timestamp (¶148, i.e. header comprises a first timestamp), [wherein the data packet comprises a first data packet];
[receiving, by the first computing device], a second data flow from a third computing device in a plain-text portion of a third enclave (Fig. 1B(102, 106), ¶46-¶47, ¶56, “in order to seamlessly splice communications from a client 102 to a server 106 via a pooled transport layer connection, the appliance 205 translates or multiplexes communications by modifying sequence number and acknowledgment numbers at the transport layer protocol level”, i.e. client device is a third computing device in plain-text portion. The client device communicates (second data flow) with the server via appliance 205) [via the cipher-text WAN], wherein the second data flow includes a second data packet (¶56, “For example, in the case of an in-bound packet (that is, a packet received from a client 102)", i.e. second data flow includes a second data packet), wherein contents of a header of the second data packet comprise a second timestamp (¶148, i.e. header of second data packet comprises a second timestamp);
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).
Combination of Brewer and Ketih does not teach explicitly,
responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave:
determining, by the first computing device and based at least in part on the first timestamp, that the status of the cipher-text WAN is a bottleneck at the first enclave.
However, Jourdain teaches,
responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave (Fig. 8 (807), ¶74):
determining, by the first computing device and based at least in part on the first timestamp, that the status of the cipher-text WAN is a bottleneck at the first enclave (¶55, ¶67, Fig. 7(707), ¶72). 
Brewer, Keith and Jourdain are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith to determine bottleneck based on timestamp system of Jourdain.
The motivation/suggestion for doing so would be to provide a simple and effective system of bottleneck bandwidth determination. (Jourdain - ¶6).

Regarding Claim 17, rejection of Claim 16 is included and Claim 17 is rejected with the same rationale as applied against Claim 2 above.

Referring to Claims 3 and 18:
Regarding Claim 3, rejection of Claim 2 is included and for the same motivation Brewer teaches,
The method of claim 2, further comprising:
[responsive to determining that the status of the cipher-text WAN is the bottleneck]:
determining, by the first computing device (Fig. 1(30), ¶18), [a first priority of the first dataflow];
determining, by the first computing device (Fig. 1(30), ¶18), [a second priority of the second data flow];
Brewer does not teach explicitly,
responsive to determining that the status of the cipher-text WAN is the bottleneck:
[determining, by the first computing device], a first priority of the first dataflow;
[determining, by the first computing device], a second priority of the second data flow;
comparing, by the first computing device, the first priority and the second priority;
responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the third computing device; and
responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.
However, Keith teaches,
[responsive to determining that the status of the cipher-text WAN is the bottleneck]:
[determining, by the first computing device], a first priority of the first dataflow (¶10, Fig. 8(820), ¶312, “determine whether the data packets comprise a traffic class marking (Step 820)”, ¶314, i.e. traffic class marking defines priority of the data packet and the first priority is determined);
[determining, by the first computing device], a second priority of the second data flow (¶10, Fig. 8(820), ¶312, “determine whether the data packets comprise a traffic class marking (Step 820)”, ¶314, i.e. traffic class marking defines priority of the data packet and the second priority is determined);
comparing, by the first computing device, the first priority and the second priority (Fig. 8(830), ¶312, “sort the data packets according to identified traffic class markings (Step 830)”,¶319, i.e. in order to sort the packet by priority the first and second priority are being compared);
responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the third computing device (¶293, “if there are two delay-sensitive flows (e.g. two VoIP streams) associated with a QoS that guarantees a minimum latency, the protocol can prioritize the streams by fairly distributing bandwidth amongst both streams, or prioritizing one stream over another (e.g. give priority to corporate VoIP over Skype.TM.)", i.e. first data flow (VOIP) gets priority over Skype); and
responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device (¶315, “For example, business applications (i.e. MICROSOFT WORD document or MICROSOFT POWER POINT document) having embedded multimedia may require multimedia data to be transmitted with minimum latency while other aspects of the application data (i.e. text) may not require a minimum latency transmission.”, ¶316, “For example, audio within a multimedia stream can be transmitted according to a transmission scheme that prioritizes audio higher than the graphics portion of the multimedia stream”, i.e. second data flow (audio) gets priority over graphics portion).
Combination of Brewer and Keith does not teach explicitly,
responsive to determining that the status of the cipher-text WAN is the bottleneck:
However, Jourdain teaches,
responsive to determining that the status of the cipher-text WAN is the bottleneck (¶55, ¶67, Fig. 7(707), ¶72).

Regarding Claim 18, rejection of Claim 17 is included and Claim 18 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 4 and 19:
Regarding Claim 4, rejection of Claim 3 is included and for the same motivation Brewer teaches,
The method of claim 3, further comprising:
[responsive to determining that the first priority is equal to the second priority]:
determining, by the first computing device (Fig. 1(30), ¶18), [a first time indicated by the first timestamp];
determining, by the first computing device (Fig. 1(30), ¶18), [a second time indicated by the second timestamp located in the contents of the header of the second data packet];
Brewer does not teach explicitly,
responsive to determining that the first priority is equal to the second priority:
[determining, by the first computing device], a first time indicated by the first timestamp;
[determining, by the first computing device], a second time indicated by the second timestamp located in the contents of the header of the second data packet;
comparing, by the first computing device, the first time and the second time;
responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the third computing device; and
responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device.
However, Keith teaches,
responsive to determining that the first priority is equal to the second priority (¶320, “the start list is first sorted by traffic class, e.g. sorted by "minimum latency traffic" and "non-minimum latency traffic", i.e. examiner submits that all packets sorted in bucket “minimum latency traffic” have same priority and all packets stored in bucket “non-minimum latency traffic” have same priority):
[determining, by the first computing device], a first time indicated by the first timestamp (¶320, ¶323);
[determining, by the first computing device], a second time indicated by the second timestamp located in the contents of the header of the second data packet (¶320, ¶323);
comparing, by the first computing device, the first time and the second time (¶323, “the sort uses a first-in-first-out (FIFO) method of placing those packets with the oldest timestamp at the beginning of the queue. Thus, the first data packets in the queue are those packets identified as being "minimum-latency" traffic having the earliest timestamp” i.e. timestamp is compared);
responsive to determining that the first time is earlier than the second time (¶323, “the sort uses a first-in-first-out (FIFO) method of placing those packets with the oldest timestamp at the beginning of the queue. Thus, the first data packets in the queue are those packets identified as being "minimum-latency" traffic having the earliest timestamp” i.e. timestamp is compared), squelching, by the first computing device, the second data flow from the third computing device (¶293, “if there are two delay-sensitive flows (e.g. two VoIP streams) associated with a QoS that guarantees a minimum latency, the protocol can prioritize the streams by fairly distributing bandwidth amongst both streams, or prioritizing one stream over another (e.g. give priority to corporate VoIP over Skype.TM.)", i.e. first data flow (VOIP) gets priority over Skype); and
responsive to determining that the second time is earlier than the first time (¶323, “the sort uses a first-in-first-out (FIFO) method of placing those packets with the oldest timestamp at the beginning of the queue. Thus, the first data packets in the queue are those packets identified as being "minimum-latency" traffic having the earliest timestamp” i.e. timestamp is compared), squelching, by the first computing device, the first data flow from the second computing device (¶315, “For example, business applications (i.e. MICROSOFT WORD document or MICROSOFT POWER POINT document) having embedded multimedia may require multimedia data to be transmitted with minimum latency while other aspects of the application data (i.e. text) may not require a minimum latency transmission.”, ¶316, “For example, audio within a multimedia stream can be transmitted according to a transmission scheme that prioritizes audio higher than the graphics portion of the multimedia stream”, i.e. second data flow (audio) gets priority over graphics portion).

Regarding Claim 19, rejection of Claim 18 is included and Claim 19 is rejected with the same rationale as applied against Claim 4 above.

Regarding Claim 14, rejection of Claim 1 is included and Brewer teaches,
The method of claim 1, wherein the contents of the header comprise a priority of an associated data flow to the second enclave, wherein the associated data flow is part of a multicast stream originating in the first enclave, wherein the method further comprises:
receiving, by the first computing device (Fig. 1(30), ¶18), an additional data packet from each of one or more additional enclaves (Fig. 1(14), ¶17, ¶18, Fig. 3(202, 206),  ¶36-¶37), [wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave, and wherein each associated data flow has a same bandwidth usage];
determining, by the first computing device (Fig. 1(30), ¶18), [a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows];
Brewer does not teach explicitly,
[receiving, by the first computing device, an additional data packet from each of one or more additional enclaves], wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave, and wherein each associated data flow has a same bandwidth usage;
[determining, by the first computing device], a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows;
responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave:
squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with the lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and
upon the first computing device completing a transmission of a respective dataflow, reactivating, by the first computing device, the previously squelched data flow with the highest respective priority.
However, Keith teaches,
[receiving, by the first computing device, an additional data packet from each of one or more additional enclaves], wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves (¶10, Fig. 8(820), ¶312, “determine whether the data packets comprise a traffic class marking (Step 820)”, ¶314, i.e. traffic class marking defines priority of the data packet and the respective priority is determined), wherein each respective associated data flow is part of the multicast stream originating in the first enclave (¶238), and wherein each associated data flow has a same bandwidth usage (¶115, ¶140);
[determining, by the first computing device], a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows;
responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave:
squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with the lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth (¶293, “if there are two delay-sensitive flows (e.g. two VoIP streams) associated with a QoS that guarantees a minimum latency, the protocol can prioritize the streams by fairly distributing bandwidth amongst both streams, or prioritizing one stream over another (e.g. give priority to corporate VoIP over Skype.TM.)", i.e. first data flow (VOIP) gets priority over Skype); and
upon the first computing device completing a transmission of a respective dataflow, reactivating, by the first computing device, the previously squelched data flow with the highest respective priority (¶321-¶322).
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).
Combination of Brewer and Keith does not teach explicitly,
[determining, by the first computing device], a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows;
responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave:
However, Jourdain teaches,
[determining, by the first computing device], a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows (¶25-¶26);
responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave (Fig. 8 (807), ¶74):
Brewer, Keith and Jourdain are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith to determine bottleneck based on timestamp system of Jourdain.
The motivation/suggestion for doing so would be to provide a simple and effective system of bottleneck bandwidth determination. (Jourdain - ¶6).

Claims 5 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Jourdain et al. (US PGPUB. # US 2006/0182039, hereinafter "Jourdain"), and further in view of Olenz et al. (US PGPUB. # US 2015/0029862, hereinafter “Olenz”).

Regarding Claim 5, rejection of Claim 3 is included and combination of Brewer, Keith and Jourdain does not teach explicitly,
The method of claim 3, wherein squelching the first data flow comprises:
sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and
responsive to determining that the third computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device.
However, Olenz teaches,
The method of claim 3, wherein squelching the first data flow comprises:
sending, by the first computing device (Fig. 1 (IC_D)), a third data packet to the second computing device (Fig. 1 (IC-C)), wherein the third data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device (Fig. 1(130), ¶31-¶32, ¶34, i.e. an indication is sent to pause traffic); and
responsive to determining that the third computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device (Fig. 1, ¶35, i.e. start sending data indicates that the data flow is resumed based on the timer (indicator)).
Brewer, Keith, Jourdain and Olenz are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith to determine bottleneck based on timestamp system of Jourdain, and control the network by sending pause and resume indication system of Olenz.
The motivation/suggestion for doing so would be to provide a simple and effective system of bottleneck bandwidth determination and control the traffic by pause and resume data flow.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Peter Ashwood-Smith (US PGPUB. # US 2016/0226758, hereinafter "Ashwood").

Regarding Claim 6, rejection of Claim 1 is included, and Brewer teaches,
The method of claim 1, [wherein the contents of the header comprise a timestamp], wherein the method further comprises:
receiving, by the first computing device (Fig. 1(30), ¶18), [a bulk data transfer] from the second computing device (Fig. 1(20), ¶17);
receiving, by the first computing device (Fig. 1(30), ¶18), a data flow (Fig. 3(202), ¶36, i.e. a data flow is received by a first computing device) from the second computing device (Fig. 1(20), ¶17), wherein the data packet is associated with the data flow (Fig. 3(202), ¶36, i.e. a data packet is associated with the dataflow), and wherein the timestamp indicates a time at which the data packet was sent by the second computing device;
Brewer does not teach explicitly.
The method of claim 1, wherein the contents of the header comprise a timestamp, wherein the method further comprises:
[receiving, by the first computing device, a bulk data transfer [from the second computing device];
[receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow], and wherein the timestamp indicates a time at which the data packet was sent by the second computing device;
determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow;
responsive to determining that the delay for the data flow is above a threshold delay:
determining, by the first computing device, that the status of the cipher-textWAN is a performance latency;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to re-route the data flow through a third computing device in a plain-text portion of a third enclave; and
receiving, by the first computing device, the data flow from the third computing device.
However, Keith teaches,
The method of claim 1, wherein the contents of the header comprise a timestamp (¶148, i.e. header comprises a first timestamp), wherein the method further comprises:
[receiving, by the first computing device, a bulk data transfer (¶89, ¶105, ¶166, ¶198, i.e. Examiner submits that file transfer protocol is used for bulk data transfer) [from the second computing device];
[receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow], and wherein the timestamp indicates a time at which the data packet was sent by the second computing device (¶320, ¶323);
determining, by the first computing device, that the status of the cipher-text WAN is a performance latency (¶166, i.e. latency is determined);
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).
Combination of Brewer and Keith does not teach explicitly,
determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow;
responsive to determining that the delay for the data flow is above a threshold delay:
determining, by the first computing device, that the status of the cipher-text WAN is a performance latency;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to re-route the data flow through a third computing device in a plain-text portion of a third enclave; and
receiving, by the first computing device, the data flow from the third computing device.
However, Ashwood teaches,
determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow (Fig. 7(710), ¶47, i.e. delay for the dataflow is determined);
responsive to determining that the delay for the data flow is above a threshold delay (Fig. 7(712), ¶47, i.e. delay is above threshold):
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to re-route the data flow through a third computing device in a plain-text portion of a third enclave (¶48, “the network controller 110 may send an instruction to an appropriate node 160 in the network to reroute the flow from a first source route R1 to a second source route R2, the instruction identifying the packet P.sub.i+k+1 after which the rerouting is to take place”, i.e. indication to reroute packet is sent); and
receiving, by the first computing device, the data flow from the third computing device (¶48, “The node 160, upon receiving the instruction from the network controller 110, will route packets P.sub.i+1 through P.sub.i+k+1 along the first source route R1, and will route packet P.sub.i+k+2 along the second source route R2”, i.e. dataflow from the node 160 (third computing device) to first device started through a new route).
Brewer, Keith and Ashwood are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determining delay in data flow based on threshold system of Ashwood.
The motivation/suggestion for doing so would be to provide congestion free traffic in a networking system.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Hilla et al. (US PGPUB. # US 2006/0221974, hereinafter "Hilla").

Regarding Claim 7, rejection of Claim 1 is included, and Brewer does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to a third computing device in a plain-text portion of a third enclave;
determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device;
determining, by the first computing device, that the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and
receiving, by the first computing device, the expected data flow from the second computing device.
However, Keith teaches,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, [based at least in part on the connection state in the data packet] received from the second computing device that the second computing device is connected to a third computing device in a plain-text portion of a third enclave (Fig. 1A (106a, 106b, 106n), ¶35, “the network environment has one or more clients 102a-102n (also generally referred to as local machine(s) 102, or client(s) 102) in communication with one or more servers 106a-106n (also generally referred to as server(s) 106, or remote machine(s) 106) via one or more networks 104, 104', 104''. In some embodiments, a client 102 communicates with a server 106 via one or more network optimization appliances 200, 200' (generally referred to as appliance 200)”);
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).
Combination of Brewer and Keith does not teach explicitly,
[determining, by the first computing device], based at least in part on the connection state in the data packet [received from the second computing device that the second computing device is connected to a third computing device in a plain-text portion of a third enclave]
determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device;
determining, by the first computing device, that the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and
receiving, by the first computing device, the expected data flow from the second computing device.
However Hilla teaches,
[determining, by the first computing device], based at least in part on the connection state in the data packet (Abstract, ¶52) [received from the second computing device that the second computing device is connected to a third computing device in a plain-text portion of a third enclave]
determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device (¶43, ¶47, Fig. 3A, ¶48) ;
determining, by the first computing device, that the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave (¶21, ¶115);
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device (Fig. 5(540), ¶116); and
receiving, by the first computing device, the expected data flow from the second computing device (¶119).
Brewer, Keith and Hilla are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith to include optimize data flow system of Hilla.
The motivation/suggestion for doing so would be to dynamic load-balancing process that distributes data packets among a bundle of communication links based on the actual utilization of those links other than fill level. There is also a need for a dynamic load-balancing process that selects data packets from different packet flows so that a data flow directed to a filled port does not overly limit capacity of the bundle. (Hilla - ¶22).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Weill et al. (US PGPUB. # US 2007/0121615, hereinafter "Weill"), and further in view of Korsnusky et al. (US PGPUB. # US 2011/0214157, hereinafter “Korsunsky”).

Regarding Claim 8, rejection of Claim 1 is included, and Brewer does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device and that the second computing device is bidirectionally connected to a third computing device in a plain-text portion of a third enclave;
determining, by the first computing device, that the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN;
sending, by the first computing device, a second data packet to the third computing device, wherein the second data packet comprises an indication for the second computing device to send a data flow to the first computing device; and
receiving, by the first computing device, the data flow from the second computing device.
However Keith teaches,
[determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device] and that the second computing device is bidirectionally connected to a third computing device in a plain-text portion of a third enclave (Fig. 1A (106a, 106b, 106n), ¶35);
Brewer and Keith are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith.
The motivation/suggestion for doing so would be to utilize policies to provide an optimized hierarchical fair service algorithm that creates levels of priority within delay-sensitive traffic and fairness among the data flows within those priorities. (Keith - ¶8).
Combination of Brewer and Keith does not teach explicitly,
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device and [that the second computing device is bidirectionally connected to a third computing device in a plain-text portion of a third enclave];
determining, by the first computing device, that the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN;
sending, by the first computing device, a second data packet to the third computing device, wherein the second data packet comprises an indication for the second computing device to send a data flow to the first computing device; and
receiving, by the first computing device, the data flow from the second computing device.
However, Weill teaches,
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is unidirectionally connected to the first computing device (¶30, ¶47-¶48).
Brewer, Keith and Weill are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill.
The motivation/suggestion for doing so would be to implement deep-packet inspection (DPI) services in a MPLS-VPN configured computer network. (Weill - ¶1).
Combination of Brewer, Keith and Weill does not teach explicitly,
determining, by the first computing device, that the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN;
sending, by the first computing device, a second data packet to the third computing device, wherein the second data packet comprises an indication for the second computing device to send a data flow to the first computing device; and
receiving, by the first computing device, the data flow from the second computing device.
However, Korsunsky teaches,
determining, by the first computing device, that the status of the cipher-text WAN is a malicious configuration of one or more routers in the cipher-text WAN (¶62, ¶123, ¶125);
sending, by the first computing device, a second data packet to the third computing device, wherein the second data packet comprises an indication for the second computing device to send a data flow to the first computing device (¶617); and
receiving, by the first computing device, the data flow from the second computing device (¶619).
Brewer, Keith, Weill and Korsunsky are considered to be analogous art as they both pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill and rerouting the package when malicious attack is determined system of Korsunsky.
The motivation/suggestion for doing so would be to provide unified threat management techniques, including techniques that address critical types of threats. Critical threats include, for example, viruses, network security holes, network communications, content inspection, intrusions, and other attacks that can be blocked by firewalls.  (Korsunsky - ¶7).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Perlman, Radia (WIPO PUB. # WO 2014/077905, hereinafter “Radia”).

Regarding Claim 9, rejection of Claim 1 is included, and combination of Brewer and Keith does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that a third computing device in a plain-text portion of a third enclave has lost connection with the first computing device;
determining, by the first computing device, that the status of the cipher-text WAN is a dropped direct connection between the first enclave and the third enclave;
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the third enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the third enclave; and
sending, by the first computing device, a data flow intended for the third computing device to a first connected enclave of the sequence of one or more connected enclaves.
However, Radia teaches,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that a third computing device in a plain-text portion of a third enclave has lost connection with the first computing device (Page 2, Lines 11-16);
determining, by the first computing device, that the status of the cipher-text WAN is a dropped direct connection between the first enclave and the third enclave (Page 15, Lines 16-20);
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the third enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the third enclave (Page 4, Lines 25-35, Page 5, Lines 21-35, Page 6, Lines 1-2); and
sending, by the first computing device, a data flow intended for the third computing device to a first connected enclave of the sequence of one or more connected enclaves (Page 14, Lines 2-11).
Brewer, Keith and Radia are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and reroute the package using multi-hop route when a packet is lost system of Radia.
The motivation/suggestion for doing so would be to route packet from source endpoint to a destination end point via multiple sub-paths connecting pairs of stepping stone switches, with each sub-path traversing one or more conventional switches and constituting a logical Hop in the Hop=by-Hop route (Radia - Abstract).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Weill et al. (US PGPUB. # US 2007/0121615, hereinafter "Weill"), and further in view of Wijnands et al. (US PGPUB. # US 2013/0322436, hereinafter “Wijnands”).

Regarding Claim 10, rejection of Claim 1 is included, and combination of Brewer and Keith does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to the first computing device;
determining, by the first computing device, that the first computing device is not currently receiving an expected multicast flow from the second computing device;
determining, by the first computing device, that the status of the cipher-text WAN is a misconfiguration of a rendezvous point within the cipher-text WAN;
attempting, by the first computing device, to recover a connection to a multicast tree for the second computing device.
However, Weill teaches,
determining, by the first computing device, based at least in part on the connection state in the data packet received from the second computing device that the second computing device is connected to the first computing device (¶30, ¶47-¶48).
Brewer, Keith and Weill are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill.
The motivation/suggestion for doing so would be to implement deep-packet inspection (DPI) services in a MPLS-VPN configured computer network. (Weill - ¶1).
Combination of Brewer, Keith and Weill does not teach explicitly,
determining, by the first computing device, that the first computing device is not currently receiving an expected multicast flow from the second computing device;
determining, by the first computing device, that the status of the cipher-text WAN is a misconfiguration of a rendezvous point within the cipher-text WAN;
attempting, by the first computing device, to recover a connection to a multicast tree for the second computing device.
However, Wijnands teaches,
determining, by the first computing device, that the first computing device is not currently receiving an expected multicast flow from the second computing device (Fig. 5, ¶25-¶26);
determining, by the first computing device, that the status of the cipher-text WAN is a misconfiguration of a rendezvous point within the cipher-text WAN (¶26);
attempting, by the first computing device, to recover a connection to a multicast tree for the second computing device (Fig. 6A, ¶38-¶39).
Brewer, Keith, Weill and Wijnands are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill and converge the network to deliver the packet system of Wijnands.
The motivation/suggestion for doing so would be to loop dampening in computer networks, particularly to loop dampening for multipoint-to-multipoint (MP2MP) bidirectional tunnels.  (Wijnands - ¶1).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Weill et al. (US PGPUB. # US 2007/0121615, hereinafter "Weill"), and further in view of Jyotikumar Menon (US PGPUB. # US 2008/0276001, hereinafter “Menon”).

Regarding Claim 11, rejection of Claim 1 is included, and combination of Brewer and Keith does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to the first computing device;
receiving, by the first computing device, a multicast flow from the second computing device;
determining, by the first computing device, a packet loss rate for the data flow; and
responsive to determining that the packet loss rate exceeds a threshold packet loss rate:
determining, by the first computing device, that the status of the cipher-text WAN is one of a cyber-attack or a misconfiguration of a router in the cipher-text WAN; and
attempting, by the first computing device, to restore a Cumulative Network Performance for the multicast flow.
However, Weill teaches,
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to the first computing device (¶30, ¶47-¶48).
Brewer, Keith and Weill are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill.
The motivation/suggestion for doing so would be to implement deep-packet inspection (DPI) services in a MPLS-VPN configured computer network. (Weill - ¶1).
Combination of Brewer, Keith and Weill does not teach explicitly,
receiving, by the first computing device, a multicast flow from the second computing device;
determining, by the first computing device, a packet loss rate for the data flow; and
responsive to determining that the packet loss rate exceeds a threshold packet loss rate:
determining, by the first computing device, that the status of the cipher-text WAN is one of a cyber-attack or a misconfiguration of a router in the cipher-text WAN; and
attempting, by the first computing device, to restore a Cumulative Network Performance for the multicast flow.
However, Menon teaches,
receiving, by the first computing device, a multicast flow from the second computing device (Fig. 2, ¶42);
determining, by the first computing device, a packet loss rate for the data flow (¶16, ; and
responsive to determining that the packet loss rate exceeds a threshold packet loss rate (¶104):
determining, by the first computing device, that the status of the cipher-text WAN is one of a cyber-attack or a misconfiguration of a router in the cipher-text WAN (¶105); and
attempting, by the first computing device, to restore a Cumulative Network Performance for the multicast flow (¶109-¶112).
Brewer, Keith, Weill and Menon are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill restoring packet flow by configuring router system of Menon.
The motivation/suggestion for doing so would be to ensure that the testing of the network infrastructure include mechanisms to subjectively evaluate the consumer's quality of experience. (Menon - ¶3).

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Peter Ashwood-Smith (US PGPUB. # US 2016/0226758, hereinafter "Ashwood"), and further in view of Weill et al. (US PGPUB. # US 2007/0121615, hereinafter "Weill"), and further in view of Park et al. (US PGPUB. # US 2011/0131646, hereinafter “Park”).

Regarding Claim 12, rejection of Claim 1 is included and Brewer teaches,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the data packet comprises a first data packet, and wherein the method further comprises:
receiving, by the first computing device (Fig. 1(30), ¶18), a data flow from the second computing device (Fig. 3(202), ¶36, i.e. a data flow is received by a first computing device), wherein the data flow includes the first data packet (Fig. 3(202), ¶36, i.e. a data packet is associated with the dataflow);
Combination of Brewer and Keith does not teach explicitly,
determining, by the first computing device, a first delay for the data flow;
responsive to determining that the first delay exceeds a threshold delay, determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a third computing device in a plain-text portion of a third enclave;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to send the data flow to the first computing device via the third computing device;
receiving, by the first computing device, the data flow from the third computing device;
determining, by the first computing device, a second delay for the data flow;
responsive to determining that the second delay does not exceed the threshold delay, continuing, by the first computing device, to receive the data flow from the third computing device; and
responsive to determining that the second delay exceeds the threshold delay:
determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave; and
initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
However, Ashwood teaches,
determining, by the first computing device, a first delay for the data flow (Fig. 7(710), ¶47, i.e. a first delay for the dataflow is determined);
responsive to determining that the first delay exceeds a threshold delay (Fig. 7(712), ¶47, i.e. delay is above threshold), [determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a third computing device in a plain-text portion of a third enclave];
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to send the data flow to the first computing device via the third computing device (¶48, “the network controller 110 may send an instruction to an appropriate node 160 in the network to reroute the flow from a first source route R1 to a second source route R2, the instruction identifying the packet P.sub.i+k+1 after which the rerouting is to take place”, i.e. indication to reroute packet is sent);
receiving, by the first computing device, the data flow from the third computing device (¶48, “The node 160, upon receiving the instruction from the network controller 110, will route packets P.sub.i+1 through P.sub.i+k+1 along the first source route R1, and will route packet P.sub.i+k+2 along the second source route R2”, i.e. dataflow from the node 160 (third computing device) to first device started through a new route);
determining, by the first computing device, a second delay for the data flow (Fig. 7(710), ¶47, i.e. a second delay for the dataflow is determined);
responsive to determining that the second delay does not exceed the threshold delay , continuing, by the first computing device, to receive the data flow from the third computing device (Fig. 7 (710, 712), “At 710, the first node 150 monitors an elapsed time corresponding to the time passed since the end of the last data packet Pi in the flow was sent and determines if this elapsed time is greater than Dt. If so, the data packets are routed to the second source route R2, if not the first node 150 routes the data packets of the flow to the first source route R1 until a period of time having a duration There is detected. More specifically, when a time elapsed from a time t.i+tP associated with the end of transmission of data packet Pi to the time tR associated with the reception of the command to reroute is greater than the transmission delay difference Dt, that is tR-(t.sub.i+tP)>Dt, the first node 150 routes the next data packet in the flow to the second source route R2. On the other hand, when this time elapsed is smaller than the transmission delay difference Dt, tR-(ti+tP).ltoreq.Dt, the first node 150 routes the data packets in the flow to the second source route R2 when a time between consecutive packets in the flow corresponding to the threshold time value There’s detected at 712”); and
responsive to determining that the second delay exceeds the threshold delay (Fig. 7(712), ¶47, i.e. second delay is above threshold):
determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave; and
initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
Brewer, Keith and Ashwood are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determining delay in data flow based on threshold system of Ashwood.
The motivation/suggestion for doing so would be to provide congestion free traffic in a networking system.
Combination of Brewer, Keith and Ashwood does not teach explicitly,
[responsive to determining that the first delay exceeds a threshold delay], determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a third computing device in a plain-text portion of a third enclave;
determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave; and
initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
However, Weill teaches,
[responsive to determining that the first delay exceeds a threshold delay], determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a third computing device in a plain-text portion of a third enclave (¶30, ¶47-¶48).
Brewer, Keith, Ashwood and Weill are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determining delay in data flow based on threshold system of Ashwood and determine connection status based on data packet state inspection system of Weill.
The motivation/suggestion for doing so would be to implement deep-packet inspection (DPI) services in a MPLS-VPN configured computer network. (Weill - ¶1).
Combination of Brewer, Keith, Ashwood and Weill does not teach explicitly,
determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave; and
initiating, by the first computing device, a filtering process to resolve the packet flooding attack.
However, Park teaches,
determining, by the first computing device, that the status of the cipher-text WAN is a packet flooding attack on the first enclave (¶37-¶41); and
initiating, by the first computing device, a filtering process to resolve the packet flooding attack (¶41, ¶51).
Brewer, Keith, Ashwood, Weill and Park are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determining delay in data flow based on threshold system of Ashwood and determine connection status based on data packet state inspection system of Weill, and filter packet after determining packet flooding attack system of Park.
The motivation/suggestion for doing so would be to prevent network attacks, which allow for preventing attacks without using a large memory in the event of defense against network attacks, and a packet transmission and reception processing apparatus and method using the same.  (Park - ¶6).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Brewer, JR. et al (US PGPUB. # US 2010/0091650, hereinafter Brewer), and further in view of Seth Keith (US PGPUB. # US 2013/0077486, hereinafter “Keith”), and further in view of Weill et al. (US PGPUB. # US 2007/0121615, hereinafter "Weill"), and further in view of Patil et al. (US PGPUB. # US 2016/0150459, hereinafter “Patil”).

Regarding Claim 13, rejection of Claim 1 is included and combination of Brewer and Keith does not teach explicitly,
The method of claim 1, wherein the contents of the header comprise a connection state, wherein the method further comprises:
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave;
sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and
simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.
However, Weill teaches,
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device (¶30, ¶47-¶48), [a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave];
Brewer, Keith and Weill are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill.
The motivation/suggestion for doing so would be to implement deep-packet inspection (DPI) services in a MPLS-VPN configured computer network. (Weill - ¶1).
Combination of Brewer, Keith and Weill does not teach explicitly,
[determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device], a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave;
sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and
simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.
However, Patil teaches,
[determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device], a multi-hop route between the first enclave and the second enclave (Fig. 1, ¶42), wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave (¶43);
sending, by the first computing device, a deadline-critical data flow directly to the second computing device (Fig. 1, ¶47); and
simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route (Fig. 1, ¶48).
Brewer, Keith, Weill and Patil are considered to be analogous art as they all pertain to provide network optimization using various techniques. Therefore it would have been obvious to one of ordinary skill in the art, before the invention was filed, to modify the cipher text wide-area network system of Brewer to include first group of client communicating with second group of client in wide-area network system of Keith and determine connection status based on data packet state inspection system of Weill and utilize multi-hop to communicate data flow system of Patil.
The motivation/suggestion for doing so would be that the data path that offers an improved link metric and/or a minimum hop count may be established by routing traffic along a data path employing a plurality of networks (e.g., WLAN, cellular or Ethernet) between the source device and the destination device.  (Patil - Abstract).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Halme et al. (US PGPUB. # US 2002/0097724) discloses, a network element cluster having a plurality of nodes distribution decisions are determined (255) on the basis of certain field(s) of data packets according to predetermined criteria, and data packets are distributed (251) to nodes of the network element cluster according to the distribution decisions. Data packets are processed (252) said nodes of the network element cluster, and the processing involves selecting (253) at least partly arbitrary value(s) for at least one of the field(s) of at least one data packet. Such value(s) are selected (256) for at least one of said certain field(s) of a third data packet, that distribution decisions determined according to the predetermined criteria for a plurality of first data packets and a plurality of second data packets are the same, said pluralities of first and second data packets belonging to a first set of data packets and said third data packet being related to said first set of data packets.
Mathews et al. (US PAT. # US 7,111,072) discloses, a flexible, scalable hardware and software platform that allows a service provider to easily provide internet services, virtual private network services, firewall services, etc., to a plurality of customers. One aspect provides a method and system for delivering security services. This includes connecting a plurality of processors in a ring configuration within a first processing system, establishing a secure connection between the processors in the ring configuration across an internet protocol (IP) connection to a second processing system to form a tunnel, and providing both router services and host services for a customer using the plurality of processors in the ring configuration and using the second processing system. a packet routing system and method is described that includes a processor identifier in each packet to route the packets to a physical processor, and a logical queue identifier to route the packets to the destination object within that processor.
Labonte et al. (US PGPUB. # US 2016/0301618) discloses, a method for managing port bandwidth in network devices. The method includes determining a first and a second ingress bandwidth of a first and a second network chip, respectively, determining an egress bandwidth of an egress port of a third network chip, determining a first and a second weight for the first and the second network chip, respectively, where the first and the second weight are determined based on a bandwidth including the first and second ingress bandwidth, processing a first data packet, received by a first ingress port administrated by the first network chip, based on the first weight and the egress bandwidth, and processing a second data packet, received by a second ingress port administrated by the second network chip, based on the second weight, and the egress bandwidth, where the destination of the first and the second data packet is the egress port.
Shake et al. (US PGPUB. # US 2008/0279181) discloses, a packet transfer method in a network apparatus that transfers packets is disclosed. In the packet transfer method, a sending side apparatus generates two copies of a send packet, provides a sequence number identifying the same sending sequence to each of the copied packets, provides an identifier corresponding to a send/receive pair to each of the copied packets to send the packets, and a receiving side apparatus receives each of the packets with two receiving units; recognizes the identifiers each corresponding to a send/receive pair; identifies packets having the same information and the sequence based on the sequence number when the identifiers are the same; selects one of the packets of the same sequence so as to send the packet downstream, and discards another packet, wherein, when only one of the packets of the same sequence arrives, the arriving packet is sent downstream.
Hoy et al. (US PGPUB. # US 2017/0171158) discloses, a method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. A method in a first VPN agent manages a first VPN tunnel in a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. The VPN agent receives a request from a VPN manager. The request includes a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels. The VPN agent creates the first VPN tunnel according to the first set of requirements. A modification request is received from the VPN manager containing a second set of requirements. The VPN agent tunes the first VPN tunnel according to a second set of requirements. The tuning of the first VPN tunnel can include merging the first VPN tunnel with a second VPN tunnel, or splitting the first VPN tunnel into a first and second VPN tunnels.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498