DETAILED ACTION
This is a final office action issued in response to amendments received 7/18/2022.  Claims 1, 3-5, 10, 11 and 18 were amended.  Claims 2 and 12 were previously cancelled.  No new claims were cancelled or added.  Claims 1, 3-11 and 13-21 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant’s arguments regarding the rejection of claims 1, 3-11 and 13-21 under 103 have been considered, but are found unpersuasive.
Applicant argues on page 11 of the Remarks that Land does not teach the claim limitation “determine whether the destination address is of the plurality of electronic devices on the deterministic network” because Land teaches a destination MAC is addressed for a certain virtual link because “a device that is reachable is not the same as a device that is included in a plurality of electronic devices that are on a network”, however the Examiner respectfully disagrees because arguing that Land teaches determining whether a destination MAC is reachable does NOT mean that it cannot also teach determining whether that destination MAC is from a group of devices of a deterministic network.  Land teaches on page 1 that the AFDX is deterministic and on page 2 that an AFDX network consists of 24 AFDX End Systems which are profiled with all routes and addresses predefined and contained in the configuration for both end systems and switches.  Land also discloses that there are 32 bits in MAC destination address that are identical for all end systems in the AFDX deterministic network and 16 bits for the VL, which enables the switch to identify End Systems of the AFDX for the VL (p. 5).  Therefore, upon receiving a AFDX Frame/packet with a destination address to another AFDX End System of the network, a switch would be able to determine an AFDX End System of the AFDX end systems of the deterministic network for the destination address in addition to determining whether that AFDX End System of the End Systems in the AFDX network is reachable (pp. 1-2, 4 & 10).
Applicant further argues on page 12 of the Remarks that Nenov does not teach the claim limitation “responsive to determining the source address is not on the list of the plurality of electronic devices, drop the data packet” because paragraph 20 of Nenov discloses a rule in which packets are dropped if the source address is in a range of source IP addresses, which is the opposite of dropping the packet if the source address is not in a range of source IP addresses, however the Examiner respectfully disagrees.  The claims are rejected under 35 U.S.C. 103, therefore the standard that is applied is one of obviousness not anticipation.  Further, Nenov does not teach that all rules in its disclosure would cause packets to be dropped if their source IP addresses are within a range of IP addresses.  Rather, instead paragraph [0020] of Nenov discloses generating filtering rules for forwarding and discarding packets, which includes rules that specify actions to be applied to a specific range of IP addresses.  Nenov discloses that “[f]or example, in one such implementation, a system may include a database with a rule (e.g. a blocking rule to discard or block further transmission of an incoming packet) associated with a range of source IP addresses”.  Although the example provided by Nenov discloses a situation in which the packets are dropped if the source address is on the list of source IP addresses in the range of source IP addresses in the rule, it would have been obvious to one of ordinary skill that the rule could just as easily be configured to drop packets with IP addresses that are not listed in the range of source IP addresses in the rule because Nenov discloses the action of determining “if the address is within a designated range” and “determining whether a packet matches a rule specifying a range of source addresses” and configuring rules to drop packets (para. [0020]).  
Applicant further argues on page 12 of the Remarks that there is no motivation to combine Nenov’s method of filtering packets using rules that identify ranges of source IP addresses and combining Nenov to Land “would seem to render Land unsuitable for its intended purpose of identifying a source end system”, however the Examiner respectfully disagrees.  It is unclear why providing switches in the AFDX system of Land with the capability to filter packets using rules that are identified as applying to a range of source IP addresses would somehow make that switch unable to identify a source end system?  To the contrary, this functionality would permit the switch of Land to whitelist source IP addresses within a given range and block packets with source IP addresses that are not within a given range, which would complement the intended function of the switch in Land since Land explicitly disclose that the AFDX switch “must perform two vital functions: frame filtering and traffic policing” (p. 9).  In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, it would be obvious to one of ordinary skill in the art that adding the functionality of Nenov of using rules specifying source IP address ranges to filter and drop packets to the switch of Land would increase the security of the system by enabling the switch to enforce a whitelist of source IP addresses where packets with source IP addresses not listed in a rule are discarded.
Applicant further argues on page 13 of the Remarks that Land does not teach the claim limitation “wherein the first characteristic comprises how frequently the first electronic device transmits the data packet; and wherein the first reference value includes a threshold value defining how frequently the first electronic device is permitted to transmit the data packet, wherein the computing device(s) are configured to drop the data packet if the frequency is greater than the threshold value” because Land “teaches away from an end system transmitting data at anything less than a maximum frame rate supported by the medium” because “the maximum frame rate describes a necessary capability of the system rather than a threshold for comparison”, however the Examiner respectfully disagrees.  Land actually explicitly contradicts the Applicant’s statement by disclosing a Bandwidth allocation gap which ranges from a minimum of 1 ms to a maximum of 128 ms, so the system explicitly operates at less than the maximum.  In addition, Applicant’s assertion that maximum allocation gap is “a necessary capability” rather than a threshold is mere attorney argument and lacks support.  The Examiner is interpreting the maximum allocation gap as a threshold for the system because Land discloses that frames exceeding the allocated bandwidth allocation gap are dropped (pp. 6-7).  
Applicant further argues on page 13 of the Remarks that the bandwidth allocation gap is not a threshold because it is “used for scheduling rather than determining a time between frames”, however the Examiner respectfully disagrees.  Pages 6-7 of Land disclose that the bandwidth allocation gap and is used to assign transmission time slots which involves determining the time intervals during which a frame is received and the time intervals between frames (see also Figures 7-8).
Applicant further argues on page 14 of the Remarks that Land does not teach the claim limitation “when a protocol for the deterministic network defines a time-division scheme comprising a first time slot for the first electronic device and a second time slot for the second electronic device, the computing device(s) are be configured to determine whether the data packet was transmitted during the first time slot and drop the data packet if the data packet was not transmitted during the first time slot” because Page 14 of Land discloses that “virtual links over the deterministic network are time-division multiplexed” and “[m]ultiplexing is generally followed by demultiplexing, and dropping a data packet would render demultiplexing unsuitable for its intended purpose”, however the Examiner respectfully disagrees.  This argument appears to be attorney argument that is unsupported by Land.  Land does not disclose demultiplexing, therefore it is unclear if demultiplexing would be part of the system of Land, and if it were, it is unclear at what time or how that would relate to the manner in which Land discloses packets are processed while multiplexing.  Furthermore, Land actually explicitly discloses dropping packets (pp. 6, 9), therefore dropping packets is part of the manner in which packets are processed in Land.
Applicant further argues on pages 14-15 of the Remarks that Fountain does not teach the limitations of claims 6-7 because the MAC address of Fountain is uncombinable with the system of Land because Land already has a destination MAC address therefore “the MAC value of Fountain is redundant” since Land already discloses a destination address in a header, however the Examiner respectfully disagrees.  In response to applicant's argument that Fountain’s destination MAC addresses could not be physically added to the frames of Land because Land already has destination addresses, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).  Applicant is misunderstanding the nature of the combination in these claims.  The destination addresses of Fountain are not being bodily incorporated into the system of Land, Nenov and Zelle.  Rather, Fountain’s functionality of having an approved range of destination addresses and dropping packets when a received MAC value falls outside the range of authorized destination addresses is being added.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Nenov and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations).
Applicant’s remaining arguments filed 7/18/2022, with respect to the rejection of claims 1, 3-11 and 13-21 under 35 USC § 102 have been fully considered but are moot because newly added limitations to the claims disclose “responsive to determining the data packet is not corrupted, determine whether the source address is on a list of a plurality of electronic devices on the deterministic network” which requires a new ground of rejection necessitated by amendments.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3, 5, 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Nenov (US 2018/0255096) and Zelle (US 4,942,574).
Land discloses the limitations of claim 1 substantially as follows:
	A network switch for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload , where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determine whether the source address is of a plurality of electronic devices on the deterministic network (pp. 1, 3- 6, 10, Figs. 1, 3, 6: receiving/determining from an originating/source AFDX address of an AFDX Avionics End system from multiple AFDX end systems of the deterministic network (i.e. one of a plurality of electronic devices) packets sent over the virtual link); 
determine whether the destination address is of the plurality of electronic devices on the deterministic network, wherein the source address is different from the destination address  (pp. 1, 3-6, 10, Figs. 1, 3, 6, 10: determining whether destination addresses corresponding to the terminating AFDX Avionics End system, from the AFDX end systems of the deterministic network, to which the frames are sent over the virtual link is reachable, where the sending and receiving AFDX Avionics end systems are different (i.e. different source and destination addresses)); 
responsive to determining the source address of the plurality of electronic devices on the deterministic network (pp. 2, 4, 10: responsive to determining an originating/source AFDX address of an AFDX Avionics End System of the multiple AFDX End Systems, process the frame/packet);
responsive to determining the destination address is not of the plurality of the plurality of electronic devices on the deterministic network, drop the data packet (pp. 2, 4, 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to [[the]] a first electronic device on the deterministic network and the destination address corresponds to [[the]] a second electronic device on the deterministic network, wherein the first electronic device is different from the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission (i.e. actual values) as permitted frame parameters for a data frame (i.e. first characteristic of the data packets) against a maximum frame size and prior sequence number (i.e. first reference values) required for the permitted frame parameters (i.e. for the first characteristic)); and 
responsive to determining, transmit the data packet to the destination address (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. characteristic) is within the maximum frame size (i.e. corresponds to the reference value) and the sequence numbers (i.e. characteristic) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 1 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on the error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address is on a list of a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address is on a list of a second electronic device of the plurality of electronic devices;
responsive to determining the source address is not on the list of 
responsive to determining the destination address is not on the list of the plurality of electronic devices on the network, drop the data packet;
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network,
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload.
However, in the same field of endeavor Nenov discloses the limitations of claim 1 as follows:
packet comprising a header and payload, and a destination address (Nenov, paras. [0019]-[0020], [0026], [0035], [041]: a security device comprising a switch receives packets comprising a header and a payload, where the header comprises a destination IP address); 
determine whether the source address is on a list of a plurality of electronic devices (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining whether a source IP address of an computing/electronic device is within a listed range of source IP addresses of computing devices that are recognized or allowed to be transmitted/not blocked (i.e. is on a list of a plurality of electronic devices))
determine whether the destination address is on the list of the plurality of electronic devices, wherein the source address is different from the destination address  (Nenov, paras. [0020], [0035], [0045], [0064]: determining whether a destination IP address of a computing device is within a listed range of IP addresses of computing devices that are allowed/not blocked, where the address of the source device is different from the address of the destination device);
responsive to determining the source address is not on the list of the plurality of electronic devices, drop the data packet (Nenov, paras. [0020], [0035], [0045], [0064], [0067]-[0068]: responsive to determining that the source IP address is not recognized or within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets);
responsive to determining the destination address is not on the list of the plurality of electronic devices on the deterministic network, drop the packet (Nenov, paras. [0020], [0035], [0045], [0064]: responsive to determining that the destination IP address is not within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets); 
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining the source IP address and destination IP address are within a range of IP addresses that are allowed to be transmitted),
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (paras. [0020], [0026], [0035], [0042], [0045], [0057]: comparing the value of the size (i.e. value of first characteristic) of the data packet against a range of payload sizes to determine if the size of the data packet is within the range of permitted sizes (i.e. corresponds to a first reference value)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (paras. [0020], [0026], [0035], [0045], [0057]-[0060]: responsive to determining that the size of the data packet corresponds to the range of permitted sizes for the packets and therefore the packet meets that rule (and is not blocked), determine whether values of the payload content (i.e. actual values) for determining whether the packet is part of an attack attempt (i.e. second characteristic) match content specified in a rule as indicating that the packet is not part of an attack attempt (i.e. correspond to second reference value)); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload (paras. [0035], [0045], [0057]-[0060]: responsive to determining that the values of the payload content for determining whether the packet is part of an attack attempt correspond to content in the rule specifying that the packet is not part of an attack attempt, transmit the packet to the destination IP address or modify the packet to replace the payload with a predetermined payload, where the content of the payload being matched to the rule content is in the payload (i.e. actual value for the second characteristic is in the payload). 
Nenov is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Nenov’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics that may be part of an attack attempt are dropped or prevented from being transmitted until after all authentication checks on the data packet have been completed.
	Neither Land or Nenov disclose the remaining limitations of claim 1 as follows:
packet comprising a header and payload, the header including at least an error-detecting code, a source address and a destination address; 
the header including at least an error-detecting code;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 1 as follows:
packet comprising a header, the header including at least an error-detecting code, a source address and a destination address; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: packet comprising header comprising source and destination address fields & determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Nenov and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Nenov and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

	Regarding claim 3, Land, Nenov and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 3 as follows:
The network switch of either of claims 1, 
wherein the first characteristic comprises how frequently the first electronic device transmits the data packet; and wherein the first reference value includes a threshold value defining how frequently the first electronic device is permitted to transmit the data packet, wherein the computing device(s) are configured to drop the data packet if the frequency is greater than the threshold value (Land, pp. 6-7, 9-10: comparing the time interval in which a time frame is received (i.e. describing characteristic) as part of determining how frequently data packet is transmitted) and comparing the time interval with a maximum delay value and permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein when the time interval for the frame exceeds the bandwidth allocation gap, the data packets are dropped).

Regarding claim 5, Land, Nenov and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 5 as follows:
The network switch of claim 1,
wherein when a protocol for the deterministic network defines a time-division scheme comprising a first time slot for the first electronic device and a second time slot for the second electronic device, the computing device(s) are be configured to determine whether the data packet was transmitted during the first time slot and drop the data packet if the data packet was not transmitted during the first time slot (pp. 4, 6, 9-10: virtual links over the deterministic network are time-division multiplexed (i.e. time-division scheme) such that a transmission time slot is assigned for originating and terminating  AFDX Avionics End systems (i.e. for first and second electronic devices), where the transmission time slot is within an assigned bandwidth allocation gap and determining whether the data frame is transmitted from an AFXD End System within the time slot/allocation gap (i.e. determining whether packet sent during first time slot), and dropping the data packets when the time interval exceeds the allocation gap).

	Regarding claim 10, Land discloses the limitations substantially as follows:
A method for auditing communications on a deterministic network (pp. 2-3, Fig. 1: switch for checking/auditing received data packets (i.e. communications) on a deterministic network), the method comprising: 
receiving, at a network switch of the deterministic network, a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload, where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determining, by the network switch, whether the source address is on an list of a plurality of electronic devices on the deterministic network (pp. 3- 6, Figs. 1, 3, 6: receiving/determining from an originating/source AFDX address of an AFDX Avionics End system from multiple AFDX end systems of the deterministic network (i.e. one of a plurality of electronic devices) packets sent over the virtual link); 
determining, by the network switch, whether the destination address is on the list of the plurality of electronic devices on the deterministic network, wherein the source address is different from the destination address (pp. 3-6, Figs. 1, 3, 6, 10: determining whether destination addresses corresponding to the terminating AFDX Avionics End system, from the AFDX end systems of the deterministic network, to which the frames are sent over the virtual link is reachable, where the sending and receiving AFDX Avionics end systems are different (i.e. different source and destination addresses)); 
responsive to determining the source address is not on the list of the plurality of electronic devices on the deterministic network, drop the data packet (pp. 2, 10: responsive to determining an originating/source AFDX address of an AFDX Avionics End System of the multiple AFDX End Systems, process the frame/packet);
responsive to determining the destination address is not on the list of the plurality of electronic devices on the deterministic network, drop the data packet (pp. 2, 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to [[the]] a first electronic device on the deterministic network and the destination address corresponds to [[the]] a second electronic device on the deterministic network, wherein the first electronic device is different from the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission (i.e. actual values) as permitted frame parameters for a data frame (i.e. first characteristic of the data packets) against a maximum frame size and prior sequence number (i.e. first reference values) required for the permitted frame parameters (i.e. for the first characteristic)); and 
responsive to determining, transmit the data packet to the destination address (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 10 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on the error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address is on a list of a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address is on a list of a second electronic device of the plurality of electronic devices;
responsive to determining the source address is not on the list of 
responsive to determining the destination address is not on the list of the plurality of electronic devices on the network, drop the data packet;
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network,
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload.
However, in the same field of endeavor Nenov discloses the limitations of claim 10 as follows:
packet comprising a header and payload, and a destination address (Nenov, paras. [0019]-[0020], [0026], [0035], [041]: a security device comprising a switch receives packets comprising a header and a payload, where the header comprises a destination IP address); 
determine whether the source address is on a list of a plurality of electronic devices (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining whether a source IP address of an computing/electronic device is within a listed range of source IP addresses of computing devices that are recognized or allowed to be transmitted/not blocked (i.e. is on a list of a plurality of electronic devices))
determine whether the destination address is on the list of the plurality of electronic devices, wherein the source address is different from the destination address  (Nenov, paras. [0020], [0035], [0045], [0064]: determining whether a destination IP address of a computing device is within a listed range of IP addresses of computing devices that are allowed/not blocked, where the address of the source device is different from the address of the destination device);
responsive to determining the source address is not on the list of the plurality of electronic devices, drop the data packet (Nenov, paras. [0020], [0035], [0045], [0064], [0067]-[0068]: responsive to determining that the source IP address is not recognized or within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets);
responsive to determining the destination address is not on the list of the plurality of electronic devices on the deterministic network, drop the packet (Nenov, paras. [0020], [0035], [0045], [0064]: responsive to determining that the destination IP address is not within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets); 
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining the source IP address and destination IP address are within a range of IP addresses that are allowed to be transmitted),
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (paras. [0020], [0026], [0035], [0042], [0045], [0057]: comparing the value of the size (i.e. value of first characteristic) of the data packet against a range of payload sizes to determine if the size of the data packet is within the range of permitted sizes (i.e. corresponds to a first reference value)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (paras. [0020], [0026], [0035], [0045], [0057]-[0060]: responsive to determining that the size of the data packet corresponds to the range of permitted sizes for the packets and therefore the packet meets that rule (and is not blocked), determine whether values of the payload content (i.e. actual values) for determining whether the packet is part of an attack attempt (i.e. second characteristic) match content specified in a rule as indicating that the packet is not part of an attack attempt (i.e. correspond to second reference value)); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload (paras. [0035], [0045], [0057]-[0060]: responsive to determining that the values of the payload content for determining whether the packet is part of an attack attempt correspond to content in the rule specifying that the packet is not part of an attack attempt, transmit the packet to the destination IP address or modify the packet to replace the payload with a predetermined payload, where the content of the payload being matched to the rule content is in the payload (i.e. actual value for the second characteristic is in the payload). 
Nenov is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Nenov’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics that may be part of an attack attempt are dropped or prevented from being transmitted until after all authentication checks on the data packet have been completed.
Neither Land or Nenov disclose the remaining limitations of claim 10 as follows:
packet comprising a header and payload, the header including at least an error-detecting code,a source address and a destination address;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 10 as follows:
packet comprising a header, the header including at least an error-detecting code, a source address and a destination address; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: packet comprising header comprising source and destination address fields & determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Nenov and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Nenov and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

Regarding claim 18, Land discloses the limitations substantially as follows:
An aerial vehicle (p. 1: switch is part of an avionics system such as an airbus (i.e. aerial vehicle)) comprising: 
a deterministic communication network (p. 1: deterministic network); 
one or more electronic device communicatively coupled to the communication network (Figs. 1, 6: avionics endpoint systems); and 
a network switch communicatively coupled to the communication network, the network switch comprising one or more computing device(s) configured to: 
receive a data packet comprising a payload, including at least a source address and a destination address, the payload comprising one or more entries, (pp. 3-4, Figs. 3-4: receiving at an AFDX switch frame packets (i.e. data packets) comprising a payload , where the frame format for each AFDX data frame/packet comprises a source address, destination address, payload and virtual link (VL) MAC destination addresses, and where the payload is made up of 1471 Bytes (i.e. multiple entries)); 
determine whether the source address is of a plurality of electronic devices on the deterministic network (pp. 3- 6, Figs. 1, 3, 6: receiving/determining from an originating/source AFDX address of an AFDX Avionics End system from multiple AFDX end systems of the deterministic network (i.e. one of a plurality of electronic devices) packets sent over the virtual link); 
determine whether the destination address is of the plurality of electronic devices on the deterministic network, wherein the source address is different from the destination address  (pp. 3-6, Figs. 1, 3, 6, 10: determining whether destination addresses corresponding to the terminating AFDX Avionics End system, from the AFDX end systems of the deterministic network, to which the frames are sent over the virtual link is reachable, where the sending and receiving AFDX Avionics end systems are different (i.e. different source and destination addresses)); 
responsive to determining the source address of the plurality of electronic devices on the deterministic network (pp. 2, 10: responsive to determining an originating/source AFDX address of an AFDX Avionics End System of the multiple AFDX End Systems, process the frame/packet);
responsive to determining the destination address is not of the plurality of the plurality of electronic devices on the deterministic network, drop the data packet (pp. 2, 10: responsive to determining that the destination MAC is not reachable (i.e. does not correspond to one of the plurality of electronic devices on the deterministic network), discard the frame/packet);
responsive to determining the source address corresponds to [[the]] a first electronic device on the deterministic network and the destination address corresponds to [[the]] a second electronic device on the deterministic network, wherein the first electronic device is different from the second electronic device, compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic (pp. 3, 5, 10: responsive to determining the source address of the originating source system and the destination address of the End System, comparing a frame size, sequence number and time of transmission (i.e. actual values) as permitted frame parameters for a data frame (i.e. first characteristic of the data packets) against a maximum frame size and prior sequence number (i.e. first reference values) required for the permitted frame parameters (i.e. for the first characteristic)); and 
responsive to determining, transmit the data packet to the destination address (pp. 3-6: transmitting the data frames to the destination addresses when the frame size (i.e. actual values) is within the maximum frame size (i.e. reference value) and the sequence numbers (i.e. actual values) are properly incremented from the prior sequence number (i.e. when the actual values of the characteristic correspond to the reference values).
Land does not explicitly disclose the remaining limitations of claim 18 as follows:
packet comprising a header and payload, the header including at least an error-detecting code , a source address and a destination address; 
determine whether the data packet is corrupted based, at least in part, on the error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address is on a list of a first electronic device of a plurality of electronic devices;
responsive to determining that the data packet is not corrupted, determine whether the destination address is on a list of a second electronic device of the plurality of electronic devices;
responsive to determining the source address is not on the list of 
responsive to determining the destination address is not on the list of the plurality of electronic devices on the network, drop the data packet;
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network,
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value; 
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value; and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload.
However, in the same field of endeavor Nenov discloses the limitations of claim 18 as follows:
packet comprising a header and payload, and a destination address (Nenov, paras. [0019]-[0020], [0026], [0035], [041]: a security device comprising a switch receives packets comprising a header and a payload, where the header comprises a destination IP address); 
determine whether the source address is on a list of a plurality of electronic devices (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining whether a source IP address of an computing/electronic device is within a listed range of source IP addresses of computing devices that are recognized or allowed to be transmitted/not blocked (i.e. is on a list of a plurality of electronic devices))
determine whether the destination address is on the list of the plurality of electronic devices, wherein the source address is different from the destination address  (Nenov, paras. [0020], [0035], [0045], [0064]: determining whether a destination IP address of a computing device is within a listed range of IP addresses of computing devices that are allowed/not blocked, where the address of the source device is different from the address of the destination device);
responsive to determining the source address is not on the list of the plurality of electronic devices, drop the data packet (Nenov, paras. [0020], [0035], [0045], [0064], [0067]-[0068]: responsive to determining that the source IP address is not recognized or within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets);
responsive to determining the destination address is not on the list of the plurality of electronic devices on the deterministic network, drop the packet (Nenov, paras. [0020], [0035], [0045], [0064]: responsive to determining that the destination IP address is not within the range of IP addresses of computing devices that are allowed to communicate/are not blocked, dropping the packets); 
determining the source address corresponds to a [[the]] first electronic device on the list of the plurality of electronic devices on the network and the destination address corresponds to [[the]] a second electronic device on the list of the plurality of electronic devices on the network (Nenov, paras. [0020]-[0021], [0025], [0035], [0045], [0064], [0067]-[0068]: determining the source IP address and destination IP address are within a range of IP addresses that are allowed to be transmitted),
compare an actual value for a first characteristic of the data packet against a first reference value for the first characteristic to determine whether the actual value for the first characteristic corresponds to the first reference value (paras. [0020], [0026], [0035], [0042], [0045], [0057]: comparing the value of the size (i.e. value of first characteristic) of the data packet against a range of payload sizes to determine if the size of the data packet is within the range of permitted sizes (i.e. corresponds to a first reference value)
responsive to determining the actual value for the first characteristic of the data packet corresponds to the first reference value, determine whether an actual value for a second characteristic of the one or more entries in the payload corresponds to a second reference value (paras. [0020], [0026], [0035], [0045], [0057]-[0060]: responsive to determining that the size of the data packet corresponds to the range of permitted sizes for the packets and therefore the packet meets that rule (and is not blocked), determine whether values of the payload content (i.e. actual values) for determining whether the packet is part of an attack attempt (i.e. second characteristic) match content specified in a rule as indicating that the packet is not part of an attack attempt (i.e. correspond to second reference value)); and
responsive to determining the actual value of the second characteristic corresponds to the second reference value, transmit the data packet to the destination address, wherein the actual value for the second characteristic is in the payload (paras. [0035], [0045], [0057]-[0060]: responsive to determining that the values of the payload content for determining whether the packet is part of an attack attempt correspond to content in the rule specifying that the packet is not part of an attack attempt, transmit the packet to the destination IP address or modify the packet to replace the payload with a predetermined payload, where the content of the payload being matched to the rule content is in the payload (i.e. actual value for the second characteristic is in the payload). 
Nenov is combinable with Land because both are from the same field of endeavor of improving the method by which packets are processed at switches.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Nenov’s method of transmitting the data packets in response to validating the first and second characteristics of the data packet with the system of Land in order to increase the security of the system by ensuring that unauthorized data packets with invalid characteristics that may be part of an attack attempt are dropped or prevented from being transmitted until after all authentication checks on the data packet have been completed.
Neither Land or Nenov disclose the remaining limitations of claim 18 as follows:
packet comprising a header and payload, the header including at least an error-detecting code, a source address and a destination address;
determine whether the data packet is corrupted based, at least in part, on an error-detecting code;
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device;
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device;
However, in the same field of endeavor Zelle discloses the remaining limitations of claim 18 as follows:
packet comprising a header, the header including at least an error-detecting code, a source address and a destination address; determine whether the data packet is corrupted based, at least in part, on an error-detecting code (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, l. 65 – col. 63, l. 3: packet comprising header comprising source and destination address fields & determining whether a data pack is corrupted based on a cyclic redundancy code or header check sequence included in the header passes inspection);
responsive to determining that the data packet is not corrupted, determine whether the source address corresponds to a first electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35; col. 36, l. 65 – col. 37, l. 6; col. 40, ll. 5-21; col. 46, ll. 62-68; col. 62, ll. 27-35 & col. 62, l. 65 – col. 63, l. 3: responsive to determining that the data packet is not corrupted, determining whether the source address field corresponds to a source (i.e. first electronic device) that is properly logged with access to the network);
responsive to determining that the data packet is not corrupted, determine whether the destination address corresponds to a second electronic device (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66; col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the data packet is not corrupted, determining whether the destination address field and port value corresponds to a legal end user (i.e. first electronic device));
responsive to determining the source address or the destination does not correspond to one of the plurality of electronic devices, drop the data packet (col. 14, ll. 24-34; col. 15, ll. 15-35 & 64-66, col. 46, ll. 45-55; col. 47, ll. 44-50: responsive to determining that the source address or the destination does not correspond to a legal address of a device, dropping the packet);
Zelle is combinable with Nenov and Land because all three are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Zelle’s method of determining whether a data packet is corrupt based upon analyzing error-detecting code in a header of the data packet with the system of Nenov and Land in order to “prevent[] misdelivery of information due to corrupted headers” (Zelle, col. 15, ll. 26-27). 

Claims 6-7, 13-14 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Nenov (US 2018/0255096) and Zelle (US 4,942,574), as applied to claim 18, further in view of Fountain (US 2014/0310354).
Regarding claims 6 and 20, Land, Nenov and Zelle disclose the network switch of claim 1 and the aerial vehicle of claim 18.
Neither Land, Nenov or Zelle discloses the limitations of claims 6 and 20 as follows:
wherein the second characteristic comprises an approved range of values for the data.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claims 6 and 20 as follows:
wherein the second characteristic comprises an approved range of values for the data (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the destination addresses (i.e. second characteristic) for the data comprise an approved range of destination addresses)).
Fountain is combinable with Land, Nenov and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Nenov and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations). 

Regarding claim 7, Land, Nenov, Fountain and Zelle disclose the network switch of claims 1 and 6.
Fountain discloses the limitations of claim 7 as follows:
The network switch of claim 6, wherein the computing device(s) are further configured to reject the data packet when the actual value of the second characteristic falls outside the approved range of values (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: dropping/rejecting frames when the MAC value (i.e. actual value) of the destination address falls outside the range of authorized destination addresses).
The same motivation to combine utilized in claim 6 is equally applicable in the instant claim.

Regarding claim 13, Land, Nenov and Zelle disclose the limitations of claim 10.
Neither Land, Nenov or Zelle discloses the limitations of claim 13 as follows:
The method of claim 11, wherein the second characteristic comprises a range of allowable values for the data.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claim 13 as follows:
The method of claim 11, wherein the second characteristic comprises a range of allowable values for the data (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the destination addresses (i.e. second characteristic) for the data comprise an approved range of destination addresses)).
Fountain is combinable with Land, Nenov and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Nenov and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations). 

Regarding claim 14, Land, Nenov, Fountain and Zelle disclose the limitations of claims 10 and 13.
Fountain discloses the limitations of claim 14 as follows:
The method of claim 13, wherein the network switch is further configured to reject the data packet when the actual value for the second characteristic falls outside the range of allowable values (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: dropping/rejecting frames when the MAC value (i.e. actual value) of the destination address falls outside the range of authorized destination addresses).
The same motivation to combine utilized in claim 6 is equally applicable in the instant claim.

	Regarding claim 19, Land, Nenov and Zelle disclose the limitations of the aerial vehicle of claim 18.
Land disclose the limitations of claim 19 as follows:
wherein the first characteristic comprises a preapproved destination address for the data packet (Land, pp. 3-4: all addresses for packets are predefined/preapproved), 
Neither Land, Nenov or Zelle disclose the remaining limitations of claim 19 as follows:
wherein the first reference value includes one or more destination addresses approved to receive the data packet, and wherein when the actual value for the first characteristic does not match the first reference value, the one or more computing device(s) are configured to reject the data packet.  
However, in the same field of endeavor, Fountain teaches the remaining limitations of claim 19 as follows:
wherein the first reference value includes one or more destination addresses approved to receive the data packet, and wherein when the actual value for the first characteristic does not match the first reference value, the one or more computing device(s) are configured to reject the data packet (Fountain, paras. [0024], [0042]-[0044], [0052], [0057], Fig. 2: wherein the authorized destination addresses (i.e. reference values) are authorized to receive the frame/packet and when the MAC address (i.e. actual value) for the MAC destination (i.e. first characteristic) does not match the authorized destination addresses (i.e. reference values), the computing devices do not route the frames (i.e. reject the packets)).  
Fountain is combinable with Land, Nenov and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of rejecting data packets that do not have approved destination addresses with the system of Land, Nenov and Zelle in order to increase the flexibility of the system while maintaining the security of the system by allowing data packets to be sent that match a range of approved destinations but preventing data packets to be sent that have destinations outside the approved range of approved destinations). 

	Regarding claim 21, Land, Johnson, and Zelle disclose the limitations of claim 1.
Neither Land, Nenov or Zelle disclose the limitations of claim 21 as follows:
The network switch of claim 1, wherein the second characteristic comprises a data type of the one or more entries of the data included in the payload.
However, in the same field of endeavor, Fountain discloses the remaining limitations of claim 21 as follows:
The network switch of claim 1, wherein the second characteristic comprises a data type of the one or more entries of the data included in the payload (Fountain, para. [0058]: checking message type ID of the payload to uniquely identify the data in the packet).
Fountain is combinable with Land, Nenov and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fountain’s method of comparing message type ID’s in the payload with the system of Land, Nenov and Zelle in order to provide additional methods for uniquely identifying and verifying the data transmitted in the data packets). 

Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Nenov (US 2018/0255096) and Zelle (US 4,942,574), as applied to claim 1, further in view of Pavaskar (US 2016/0154391).
Regarding claim 4, Land, Nenov and Zelle disclose the network switch of claim 1.
Land discloses the limitations of claim 4 as follows:
The network switch of claim 1, 
wherein the actual value of the first characteristic is an amount of time lapsing since the network switch last received the data packet from the first electronic device, (Land, pp. 6-7: determining a time value (i.e. actual value) as the amount of time that has passed since a frame was received (i.e. amount of time lapse since network switch received frame/data packet) and dropping the packet if the frame comparing the time interval in which a time frame is received (i.e. actual value) to determine how much time passes before a new data packet is received (i.e. describing characteristic of amount of time lapse since last packet received)) 
Land, Nenov and Zelle do not explicitly disclose the remaining limitations of claim 4 as follows:
and wherein the computing device(s) are further configured to reject the data packet if the actual value of the first characteristic is less 
However, in the same field of endeavor, Pavaskar discloses the remaining limitations of claim 4 as follows:
and wherein the computing device(s) are further configured to reject the data packet if the actual value of the first characteristic is less (paras. [0052], [0139]: a packet is lost/rejected if the time of its retrieval is before/less than the time the time it takes to receive a new data packet (i.e. threshold value)) 
Pavaskar is combinable with Nenov, Land and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Pavaskar’s method of rejecting packets that have not been retrieved prior to reception of a new data packet with the system of Nenov, Land and Zelle in order to avoid network congestion by limiting the amount of time a data packet is processed and the number of data packets processed at a given time.

	Regarding claim 11, Land, Nenov and Zelle disclose the limitations of claim 10.
Land discloses the limitations of claim 11 as follows:
The method of claim 10, 
wherein the first characteristic comprises how frequently the first electronic device transmits the data packet; wherein the first reference value includes a threshold value defining how frequently the first electronic device is allowed to transmit the data packet, wherein the actual value for the first characteristic is equal to an amount of time lapsing since the network switch last received the data packet from the first electronic device, and wherein the method further comprises rejecting, by the network switch, the data packet (Land, pp. 6-7: comparing the time interval in which a time frame is received (i.e. actual value) as part of determining how frequently data packet is transmitted (i.e. describing characteristic)) and comparing the time interval of reception of the frame with a permitted bandwidth allocation gap/minimum interval for transmission (i.e. reference value as a threshold) defining a minimum time interval or the least amount of time permitted between transmissions of data frames, wherein the time interval equals the amount of time that has passed since the last transmission/frame received and dropping/rejecting frames/data packets when the time interval exceeds the bandwidth allocation gap).
Neither Land, Nenov or Zelle discloses the remaining limitations of claim 11 as follows:
rejecting the data packet when the actual value for the first characteristic is less than the threshold value
However, in the same field of endeavor, Pavaskar discloses the remaining limitations of claim 11 as follows:
rejecting, by the network switch, the data packet when the actual value for the first characteristic is less than the threshold value (paras. [0052], [0139]: a packet is lost/rejected if the time of its retrieval is before/less than the time the time it takes to receive a new data packet (i.e. threshold value)) 
Pavaskar is combinable with Nenov, Land and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Pavaskar’s method of rejecting packets that have not been retrieved prior to reception of a new data packet with the system of Nenov, Land and Zelle in order to avoid network congestion by limiting the amount of time a data packet is processed and the number of data packets processed at a given time.

Claims 8-9 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Ian Land and Jeff Elliott, “Architecting ARINC 6654, Part 7 (AFDX) Solutions”, XILINX, May 22, 2009 (part of Applicant’s Admitted Prior Art (AAPA) (hereafter “Land”) in view of Nenov (US 2018/0255096)  and Zelle (US 4,942,574), as applied to claims 1 and 10, further in view of Barron (US 2002/0210754) and Frattura (US 2010/0268933).
Regarding claims 8 and 15, Land, Nenov and Zelle disclose the network switch of claim 1 and the aerial vehicle of claim 18.
Land discloses the limitations of claims 8 and 15 as follows:
wherein the first electronic device is included within a first subnetwork of the deterministic network and the second electronic device is included within a second subnetwork of the deterministic network (Figs. 1, 6: originating AFDX End System is part of avionics subsystem on one side of the AFDX switch while the receiving AFDX End Systems are part of a different/second Avionics subsystem on the other side of the switch),
Neither Land, Nenov and Zelle discloses the limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, and wherein a portion of the data included in the payload of the data packet is classified as secret data.
However, in the same field of endeavor Barron discloses the remaining limitations of claims 8 and 15 as follows:
wherein the first subnetwork is rated for data classified as secret and non-secret data and the second subnetwork is rated for non-secret data, (paras. [0017]-[0018]: communications with security transform device (i.e. first subnetwork) are for encrypted (i.e. data classified as secret) and unencrypted/non-secret data, while communications with nodes 102-104 (i.e. second subnetwork) are for unencrypted/non-secret data, while packets over the network with the security transform device are encrypted (i.e. portion of payload of packets is secret).
Barron is combinable with Land, Nenov and Zelle because all four are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Barron’s method of handling non-secret/unencrypted and secret/encrypted data with the system of Land, Nenov and Zelle in order to save resources and provide a means of providing different levels of security for packet data by not encrypting all packet data but rather only providing encryption of packet data when “encryption is desired” (Barron, para. [0018]). 
Neither Land, Fountain, Zelle or Barron disclose the remaining limitations of claims 8 and 15 as follows:
and wherein a portion of the data included in the payload of the data packet is classified as secret data (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
Frattura is combinable with Land, Nenov, Zelle and Barron because all five are from the same field of validating data packets prior to transmitting packets over a network.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of determining portions of a payload that are secret or confidential with the system of Land, Nenov, Zelle and Barron in order to distinguish between secret data requiring additional security measures and non-secret data.

Regarding claim 9, Land, Nenov, Zelle, Barron and Frattura disclose the network switch of claim 1.
Frattura discloses the limitations of claim 9 as follows:
The network switch of claim 8, wherein the computing device(s) are configured to redact or obfuscate the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Nenov, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Regarding claim 16, Land, Nenov, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 16 as follows:
The method of claim 15, wherein the method further comprises redacting, by the one or more computing device(s) the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling portions of payload, by a computing device, where the portions comprise data considered to be secret, classified, confidential, privileged or private). 
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of redacting portions of payload with the system of Land, Nenov, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Regarding claim 17, Land, Nenov, Zelle, Barron and Frattura disclose the limitations of claim 10.
Barron discloses the limitations of claim 17 as follows:
The method of either of claim 15 or 16, wherein the method further comprises obfuscating, by the one or more computing device(s), the portion of the data classified as secret data prior to transmitting the data packet to the second electronic device (paras. [0008], [0010], [0012], [0020]-[0021], [0040]: deleting/shaving or replacing or blanking or scrambling (i.e. obfuscating) portions of payload, by a computing device, where the portions of payload data are considered to be (i.e. classified as) secret, classified, confidential, privileged or private).
It would have obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Fratturas method of obfuscating portions of payload with the system of Land, Nenov, Zelle and Barron in order to increase the security of the system by further altering the secret data to provide additional protection against unauthorized parties reconstructing the secret data upon intercepting packets comprising the secret data.

Prior Art Considered But Not Relied Upon
Prior art not relied upon but applied/considered includes:
1) Burwell (US 2004/0131064) disclosing switches on a deterministic network receives frames with a header comprising source & destination MAC addresses and filtering the source and destination addresses so that they are first identified and verified, wherein packets with verified source and destination addresses may be blocked if the source and destination identifiers are not part of a group of user devices permitted to communicate with one another. (paras. [0086], [0116], [0130]).

Conclusion 
For the above reasons, claims 1, 3-11 and 13-21 are rejected.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438