DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim1-17 and 21-23 rejected on the ground of nonstatutory double patenting as being unpatentable over claim1-23 of U.S. Patent No. 11,108,812. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both drawn to forwarding elements such that a first and second processing stage implements a connection validation circuit to perform data forwarding operations. .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 recite(s) a network element composed of various software instances. The claim recites a plurality of ports, and message processing stages (first and second).  It is unclear whether the applicant is claiming a network element or a date plane circuit. It is recommended to the applicant to move the data plane circuit to the body of the claim and actively claim the circuit performing the actions of the data plan. For example: A network forwarding element component comprising:
A data plane circuit for forwarding data messages within a network, the data plane element comprising… 
Allowable Subject Matter
Claim 3 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The prior art, either alone or in combination does not expressly disclose a data plane including connection validation operations as disclosed as of that of claims 3 or 13 (and the intervening claims). 
Dependent claims 4-5 and 14-17 are objected to for being dependent upon an already objected to claim. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2 and 6-12 are rejected under 35 U.S.C. 103 as being unpatentable over Keogh (US 9,413,783) in view of Bosco et al (US 2013/0007880).
Regarding claim 1, Keogh discloses a circuit comprising:
a plurality of programmable message processing stages to process data tuples associated with the received data messages, a first set of message processing stages programmed to implement a connection-validation circuit to validate source internet protocol (IP) addresses of a set of received data messages, while a second set of programmable message processing stages is programmed to perform data message forwarding operations in order to forward the data messages within the network [column 12 lines 19-51, column 5 lines 28-50];
Please note that in this example the prior art discloses hardware technologies used to review, filter and forward different packets according to the different data processing rules. 
However, Keogh does not expressly disclose but Bosco et al disclose a data plane for forwarding messages comprising a plurality of ports to receive and transmit data messages [figure 6, 0021, 0006, 0024];
Please note that in this example the prior art discloses a data plane tool utilized to process different packets according to different data layers.
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Keogh by implementing the system in a data plane, for the purpose of forwarding traffic according to different processing regulations, based upon the beneficial teachings provided by Bosco et al, see for example [0021, 0023].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 2, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein the message processing stages comprise programmable components, the first set of programmable message processing stages implements the connection-validation circuit once the programmable components of the first set of programmable message processing stages are programmed to perform connection validation operations of the connection-validation circuit, and the second set of programmable message processing stages performs the data message forwarding operations of the data-plane circuit once the set of programmable components of the second set of programmable message processing stages are programmed to process data tuples associated with the received messages to forward the data messages within the network [column 12 lines 19-51, column 5 lines 28-50];
Please note that in this example the prior art discloses hardware technologies used to review, filter and forward different packets according to the different data processing rules. 
Regarding claim 6, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein the set of received data messages comprises acknowledgment (ACK) data messages of a transmission control protocol [column 22 lines 25-38, column 7 lines 42-57].
Regarding claim 7, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein the connection-validation circuit comprises a source internet protocol (IP) address whitelist to store data indicating that particular source IP addresses have been validated [column 4 lines 25-36].
Regarding claim 8, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein the whitelist is implemented as a bloom filter and the connection-validation circuit comprises a plurality of hash-calculation circuits to calculate hash values based on at least a source IP address of a received data message used to implement the bloom filter [column 4 lines 62-column 5 lines16].
Please note that in this example it is notoriously well known that the time the claimed invention was effectively filed to implement a Bloom Filter with hash values. 
Regarding claim 9, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein an entry corresponding to a particular IP address is added to the whitelist when an ACK data message received from the particular source IP address has been validated by the connection-validation circuit based on a sequence number of the ACK data message (i.e., added to the protocol table) [column 13 lines 31-51, column 7 lines 42-59].
Regarding claim 10, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses that wherein entries of the bloom filter are cleared at least one of periodically and based on detecting an event (i.e., added to the protocol table) [column 13 lines 31-51].
Regarding claim 11, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses wherein the connection-validation circuit determines, for a source IP address of a received synchronization (SYN) data message, that the whitelist indicates that the source IP has been validated and forwards the SYN data message to a destination address of the SYN data message [column 13 lines 31-51, column 7 lines 42-59].
Regarding claim 12, Keogh and Bosco et al disclose all the limitations of claim 1. Keogh further discloses the connection-validation circuit further to: determine, for a source IP address of a received synchronization (SYN) data message, that the whitelist does not indicate that the source IP has been validated; generate a SYN-ACK data message in response to the received SYN data message; and forward the SYN-ACK data message to the source of the SYN data message [column 13 lines 31-51, column 7 lines 42-59].
Claim 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Keogh (US 9,413,783) in view of Tremblay et al (US 2012/0331160).
Regarding claim 21, Keogh discloses an apparatus comprising: a forwarding element comprising circuitry to:
generate a SYN-ACK data message in response to the received SYN data message and send the generated SYN-ACK data message to sender of the SYN data message [column 13 lines 31-51, column 7 lines 42-59, column 4 lines 9-25];
Please note that in this example SYN-ACK message may be sent in response to the SYN packet. 
However, Keogh does not expressly disclose but Tremblay et al disclose receive a synchronization (SYN) data message for a destination device separate from the forwarding element [0009, 0010, 0011];
Please note that in this example the prior art discloses hardware technologies used to review, filter and forward different packets according to the different data processing rules.  Also note that SYN messages may be sent directly to the server (destination device). 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Keogh by receiving SYN separately, for the purpose of forwarding traffic according to different processing regulations, based upon the beneficial teachings provided by Tremblay et al, see for example [0010, 0011].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 22, Keogh and  Tremblay et al disclose all the limitations of claim 21. Keogh further discloses wherein the forwarding element comprises circuitry to: based on identification of a sender of the SYN data message as a permitted sender, forwarding the SYN data message to the destination device [column 13 lines 31-51, column 7 lines 42-59].
Regarding claim 23, Keogh and  Tremblay et al disclose all the limitations of claim 21. Keogh further discloses wherein the generated SYN-ACK data message is identified as response to the SYN data message from a destination compute node [column 13 lines 31-51, column 7 lines 42-59].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Robertson et al (US 2020/0252435)discloses a method for performing cryptographic security audit can allow cryptographic parameters of traffic flows to be used to define and enforce policies between configurable zones in a network. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948.  The examiner can normally be reached on Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/Primary Examiner, Art Unit 2436