DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to double patenting, the double patenting rejection is maintained. Please see below for more explanation.

In response to 35 USC 102 and 35 USC 103, filed 08/24/2022, applicant has newly amended the independent claims. Applicant argues that the Im and Tamura fails to teach “transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address”.
Applicant’s argument have been considered but are moot, because the newly recited amendment does not rely on the newly recited reference being applied to the prior rejection of record or any teaching or matter specifically challenged in the argument.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-6, 8-11, 13-18 and 20-23 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 10781127 in view of Aoki et al. (US 20080072289, hereinafter Aoki).
Although the claims are not identical, they are not patentably distinct from each other because US Patent No. 10781127 does not disclose transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address. 
In an analogous art, Aoki discloses (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]). It would have been obvious to a person having ordinary skill in the art at the time of the invention to incorporate the aforementioned elements in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).

Regarding claims 2 and 4 of the instant application, the claims are rejected as being unpatentable over claim 1 of the patent because claim 1 of the patent anticipates all the elements of claims 2 and 4 of the instant application.

Regarding claim 9 of the instant application, the claims are rejected as being unpatentable over claim 6 of the patent. Claim 9 of the instant application recites the limitation “when the source IP address is forged”, claim 6 of the patent document recites the limitation  “according to a transmission prohibition instruction based on the result of the AND operation”. The result of the AND operation causes the transmission of prohibition instruction corresponds that the result indicated the source IP address is forged.
Although the claims are not identical, they are not patentably distinct from each other because US Patent No. 10781127 does not disclose transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address. 
In an analogous art, Aoki discloses (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]). It would have been obvious to a person having ordinary skill in the art at the time of the invention to incorporate the aforementioned elements in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).

Regarding claim 10 of the instant application, the claims are rejected as being unpatentable over claim 6 of the patent because claim 6 of the patent anticipates all the elements of claim 10 of the instant application.

Regarding claim 14 of the instant application, the claims are rejected as being unpatentable over claim 10 of the patent. Although the claims are not identical, they are not patentably distinct from each other because US Patent No. 10781127 does not disclose transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address. 
In an analogous art, Aoki discloses (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]). It would have been obvious to a person having ordinary skill in the art at the time of the invention to incorporate the aforementioned elements in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).


Regarding claims 15 and 18 of the instant application, the claims are rejected as being unpatentable over claim 10 of the patent because claim 10 of the patent anticipates all the elements of claims 15 and 18 of the instant application.

Regarding claim 22 of the instant application, the claims are rejected as being unpatentable over claims 2 and 10 of the patent because claims 2 of the patent anticipates all the elements of claim 22 of the instant application.

Instant Application – 16/942,208
Patent - 10791127
Claim 1: A method implemented by a terminal device, wherein the method comprises:  
 
obtaining a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP addresses of the terminal device,  
 
wherein N is a positive integer; and 
 
comparing the source IP address with each of the N IP addresses before transmitting the to- be-transmitted packet; and  
 
prohibiting transmitting the to-be-transmitted packet in response to the source IP address being different from all of the N IP addresses. 
 
Claim 2: wherein comparing the source IP address with each of the N IP addresses comprises:  
 
performing an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results;  
 
performing an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and  
 
performing an AND operation on the N OR operation results to obtain an AND operation result. 
 
Claim 4:  The method of claim 2, wherein comparing the source IP address in the to-be- transmitted packet with each of the N IP addresses of the terminal device is performed within one clock cycle. 

Claim 1: A method comprising:  
 
obtaining, by a terminal device, a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP addresses of the terminal device,  
 
wherein N is a positive integer; and  
 
comparing, by the terminal device, the source IP address in the to-be-transmitted packet with each of the N IP addresses of the terminal device before transmitting the to-be-transmitted packet by:  
 
performing an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results;  
 
performing an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and  
 
performing an AND operation on the N OR operation results to obtain an AND operation result;  
 
and prohibiting, by the terminal device, transmitting the to-be-transmitted packet in response to the source IP address in the to-be-transmitted packet being different from all of the N IP addresses of the terminal device when the AND operation result equals one, wherein comparing the source IP address in the to-be-transmitted packet with each of the N IP addresses of the terminal device is performed within one clock cycle. 
Claim 9: A terminal device comprising:
 a network interface; and 
a processor coupled to the network interface and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP 3Atty. Docket: 4576-43701 (84312178US08) addresses of the terminal device, wherein N is a positive integer; 
compare the source IP address with each of the N IP addresses before transmitting the to-be-transmitted packet; 
determine that the source IP address is forged in response to the source IP address being different from all of the N IP addresses; and
 prohibit transmitting the to-be-transmitted packet via the network interface when the source IP address is forged.
Claim 10: (New) The terminal device of claim 9, wherein the processor is further configured to: perform an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results; 
perform an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and perform an AND operation on the N OR operation results to obtain an AND operation result.
Claim 6: A terminal device comprising: a network interface; and 
a physical hardware processor coupled to the network interface and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP addresses of the terminal device, wherein N is a positive integer;
 compare the source IP address in the to-be-transmitted packet with each of the N IP addresses of the terminal device before transmitting the to-be-transmitted packet by: performing an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results; performing an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and performing an AND operation on the N OR operation results to obtain an AND operation result; 
determine that the source IP address in the to-be-transmitted packet is forged in response to the source IP address in the to-be-transmitted packet being different from all of the N IP addresses of the terminal device based on the AND operation result; prohibit transmitting the to-be-transmitted packet via the network interface based on the result of the AND operation; and set a filtering flag bit indicating that filtering should be performed on the source IP address of the to-be-transmitted packet.
Claim 14: A packet transmission apparatus comprising: 
a network interface; and 
a processor coupled to the network interface and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP addresses of a terminal device, wherein N is a positive integer; 

compare the source IP address with each of the N IP addresses before transmitting the to-be-transmitted packet; 
determine that the source IP address is forged when the source IP address is different from all of the N IP addresses; and prohibit transmitting the to-be-transmitted packet via the network interface when the source IP address is forged.
Claim 15: (New) The apparatus of claim 14, wherein the processor is further configured to: perform an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results; 
perform an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and 
perform an AND operation on the N OR operation results to obtain an AND operation result.

Claim 18: The apparatus of claim 15, wherein the source IP address is compared with each of the N IP addresses within one clock cycle.
Claim 10: A packet transmission apparatus comprising: 
a network interface; and 
a physical hardware processor coupled to the network interface and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet and N IP addresses of a terminal device, wherein N is a positive integer;
 compare the source IP address in the to-be-transmitted packet with each of the N IP addresses of the terminal device before transmitting the to-be-transmitted packet by: performing an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results; performing an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and performing an AND operation on the N OR operation results to obtain an AND operation result, wherein the source IP address in the to-be-transmitted packet with is compared with each of the N IP addresses of the terminal device within one clock cycle; determine that the source IP address in the to-be-transmitted packet is forged when the source IP address in the to-be-transmitted packet is different from all of the N IP addresses of the terminal device based on the AND operation result; and prohibit transmitting the to-be-transmitted packet via the network interface according to a transmission prohibition instruction based on the result of the AND operation.




Instant Application – 16/942,208
Patent - 10791127
Claim 3:  The method of claim 2, further comprising setting a filtering flag bit indicating that filtering should be performed on the source IP address of the to-be-transmitted packet. 
Claim 5: obtaining, by the terminal device, the source IP address in the to-be-transmitted packet and the N IP addresses of the terminal device, the method further comprises setting, by the terminal device, the terminal device to a filtering state, wherein the filtering state is used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet. 
 Claim 5: The method of claim 1, wherein prohibiting transmitting the to-be-transmitted packet comprises transmitting a transmission prohibition instruction to a physical coding sublayer (PCS) at a physical layer (PHY), and wherein the transmission prohibition instruction instructs the PCS to prohibit transmitting the to-be-transmitted packet.
Claim 2: The method of claim 1, wherein prohibiting transmitting the to-be-transmitted packet comprises transmitting, by the terminal device, a transmission prohibition instruction to a physical coding sublayer (PCS) at a physical layer (PHY), and wherein the transmission prohibition instruction is used to instruct the PCS to prohibit transmitting the to-be-transmitted packet.
Claim 6: The method of claim 1, wherein prohibiting transmitting the to-be-transmitted packet comprises prohibiting adding the to-be-transmitted packet to a packet queue used to store a packet to be transmitted by the terminal device.
Claim 3: The method of claim 1, wherein prohibiting transmitting the to-be-transmitted packet comprises prohibiting, by the terminal device, adding the to-be-transmitted packet to a packet queue, and wherein the packet queue is used to store a packet to be transmitted by the terminal device.
Claim 8: The method of claim 1, wherein before obtaining the source IP address and the N IP addresses, the method further comprises setting the terminal device to a filtering state used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 5: The method of claim 1, wherein before obtaining, by the terminal device, the source IP address in the to-be-transmitted packet and the N IP addresses of the terminal device, the method further comprises setting, by the terminal device, the terminal device to a filtering state, wherein the filtering state is used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 11: The terminal device of claim 10, wherein the processor is further configured to prohibit adding the to-be-transmitted packet to a packet queue used to store a packet to be transmitted by the terminal device.

Claim 23: The terminal device of claim 10, wherein the processor is further configured to prohibit adding the to-be-transmitted packet to a packet queue used to store a packet to be transmitted by the terminal device.
Claim 7: The terminal device of claim 6, wherein the physical hardware processor is further configured to prohibit adding the to-be-transmitted packet to a packet queue, and wherein the packet queue is used to store a packet to be transmitted by the terminal device.
Claim 13: The terminal device of claim 10, wherein the processor is further configured to set 4Atty. Docket: 4576-43701 (84312178US08) the terminal device to a filtering state used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 9: The terminal device of claim 6, wherein the physical hardware processor is further configured to set the terminal device to a filtering state, and wherein the filtering state is used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 16: The apparatus of claim 15, wherein the processor is further configured to set the packet transmission apparatus to a filtering state used to instruct the packet transmission apparatus to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 13: The apparatus of claim 12, wherein the physical hardware processor is further configured to set the packet transmission apparatus to a filtering state, and wherein the filtering state is used to instruct the packet transmission apparatus to perform filtering on the source IP address in the to-be-transmitted packet.
Claim 17: The apparatus of claim 15, wherein the processor is further configured to prompt, according to the AND operation result, an event of prohibiting transmitting the to-be-transmitted packet.
Claim 14: The apparatus of claim 10, wherein the physical hardware processor is further configured to prompt, according to the AND result, an event of prohibiting transmitting the to-be-transmitted packet.
Claim 20: The apparatus of claim 14, wherein the processor is further configured to: generate an interrupt signal; and prompt, according to the interrupt signal, an event that the source IP address in the to-be- transmitted packet is forged.
Claim 12: The apparatus of claim 11, wherein the physical hardware processor is further configured to: generate an interrupt signal; and prompt, according to the interrupt signal, an event that the source IP address in the to-be-transmitted packet is forged.
 Claim 22: The terminal device of claim 10, wherein the processor is further configured to transmit a transmission prohibition instruction to a physical coding sublayer (PCS) at a physical layer (PHY), and wherein the transmission prohibition instruction instructs the PCS to prohibit transmitting the to-be-transmitted packet.
Claim 2: The method of claim 1, wherein prohibiting transmitting the to-be-transmitted packet comprises transmitting, by the terminal device, a transmission prohibition instruction to a physical coding sublayer (PCS) at a physical layer (PHY), and wherein the transmission prohibition instruction is used to instruct the PCS to prohibit transmitting the to-be-transmitted packet.


Claim Objections
Applicant is advised that should claim 11 be found allowable, claim 23 will be objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki et al. (US 20080072289, hereinafter Aoki). 

Regarding claim 1, Im discloses A method implemented by a terminal device (Par. [0138]. The IP spoofing detection apparatus 4 of FIG. 14 may be used to be disposed on the S1-U interface between the eNB 40 and the S-GW 60 which transmit and receive the GTP-U packets in the LTE network.), wherein the method comprises: 
obtaining a source Internet Protocol (IP) address in a to-be-transmitted packet (Par. [0098], Further, the source IP address, e.g., "192.168.5.5" of the IP packet may be inserted into the payload of the GTP-U packet of the UL-Data, and the packet information extracting unit 112a may extract (i.e. obtaining) the source IP address from the payload of the GTP-U packet of the UL-Data. ) and N IP addresses of the terminal device ( Par. [0095]. The packet information extracting unit 112a may extract the UL-TEID from the payload of the CP Resp message. Further, the user equipment IP address, e.g., "192.168.5.5" allocated to the user equipment may be inserted into the payload of the CP Resp message. The packet information extracting unit 112a may extract (i.e. obtaining) the user equipment IP address from the payload of the CP Resp message), wherein N is a positive integer; and 
comparing the source IP address with each of the N IP addresses before transmitting the to- be-transmitted packet (Par. [0099], The abnormal packet detecting unit 122 may refer to the user equipment IP address corresponding to the extracted UL-TEID, e.g., "0xab000003" from the tunnel information table, and detect the IP spoofing packet by comparing the source IP address with the user equipment IP address.); and 
prohibiting transmitting the to-be-transmitted packet in response to the source IP address being different from all of the N IP addresses (Par. [0061], The packet processing unit 113 forwards or drops (i.e. prohibiting) the GTP-U packet according to the detection result of the IP spoofing packet obtained by the abnormal packet detecting unit 122. ).
Im does not explicitly teach but Aoki teaches transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]).
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).

Regarding claim 9, Im discloses A terminal device (Par. [0138]…the S1-U interface between the eNB 40 and the S-GW 60 which transmit and receive the GTP-U packets in the LTE network.) comprising: 
a network interface (Par. [0138], The IP spoofing detection apparatus 4 of FIG. 14 may be used to be disposed on the S1-U interface between the eNB 40 and the S-GW 60 which transmit and receive the GTP-U packets in the LTE network.); and 
a processor coupled to the network interface (Par. [0140], The steps and/or actions of a method described in connection with the aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two.) and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet (Par. [0098], Further, the source IP address, e.g., "192.168.5.5" of the IP packet may be inserted into the payload of the GTP-U packet of the UL-Data, and the packet information extracting unit 112a may extract (i.e. obtain) the source IP address from the payload of the GTP-U packet of the UL-Data. ) and N IP addresses of the terminal device ( Par. [0095]. The packet information extracting unit 112a may extract the UL-TEID from the payload of the CP Resp message. Further, the user equipment IP address, e.g., "192.168.5.5" allocated to the user equipment may be inserted into the payload of the CP Resp message. The packet information extracting unit 112a may extract (i.e. obtaining) the user equipment IP address from the payload of the CP Resp message), wherein N is a positive integer; 
compare the source IP address with each of the N IP addresses before transmitting the to- be-transmitted packet (Par. [0099], The abnormal packet detecting unit 122 may refer to the user equipment IP address corresponding to the extracted UL-TEID, e.g., "0xab000003" from the tunnel information table, and detect the IP spoofing packet by comparing the source IP address with the user equipment IP address.); and 
determine that the source IP address is forged in response to the source IP address being different from all of the N IP addresses (Par. [0060], The abnormal packet detecting unit 122 detects whether the GTP-U packet is an IP spoofing packet based on the packet information of the GTP-U packet extracted by the packet information extracting unit 112. IP spoofing means a behavior of a sender of forging the source IP address to an IP address other than the allocated IP address and transmitting the forged IP packet.); and 
prohibit transmitting the to-be-transmitted packet via the network interface when the source IP address is forged (Par. [0061], The packet processing unit 113 forwards or drops (i.e. prohibit) the GTP-U packet according to the detection result (i.e. indicating that IP address was forged) of the IP spoofing packet obtained by the abnormal packet detecting unit 122. ).
Im does not explicitly teach but Aoki teaches transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]).
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).

Regarding claim 14, Im discloses A packet transmission apparatus (Par. [0138], the S-GW 60 which transmit and receive the GTP-U packets in the LTE network) comprising: 
a network interface (Par. [0138], The IP spoofing detection apparatus 4 of FIG. 14 may be used to be disposed on the S1-U interface between the eNB 40 and the S-GW 60 which transmit and receive the GTP-U packets in the LTE network.); and 
a processor coupled to the network interface (Par. [0140], The steps and/or actions of a method described in connection with the aspects disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two.) and configured to: 
obtain a source Internet Protocol (IP) address in a to-be-transmitted packet (Par. [0098], Further, the source IP address, e.g., "192.168.5.5" of the IP packet may be inserted into the payload of the GTP-U packet of the UL-Data, and the packet information extracting unit 112a may extract (i.e. obtain) the source IP address from the payload of the GTP-U packet of the UL-Data. ) and N IP addresses of the terminal device ( Par. [0095]. The packet information extracting unit 112a may extract the UL-TEID from the payload of the CP Resp message. Further, the user equipment IP address, e.g., "192.168.5.5" allocated to the user equipment may be inserted into the payload of the CP Resp message. The packet information extracting unit 112a may extract (i.e. obtaining) the user equipment IP address from the payload of the CP Resp message), wherein N is a positive integer; 
compare the source IP address with each of the N IP addresses before transmitting the to- be-transmitted packet (Par. [0099], The abnormal packet detecting unit 122 may refer to the user equipment IP address corresponding to the extracted UL-TEID, e.g., "0xab000003" from the tunnel information table, and detect the IP spoofing packet by comparing the source IP address with the user equipment IP address.); and 
determine that the source IP address is forged when the source IP address is different from all of the N IP addresses (Par. [0060], The abnormal packet detecting unit 122 detects whether the GTP-U packet is an IP spoofing packet based on the packet information of the GTP-U packet extracted by the packet information extracting unit 112. IP spoofing means a behavior of a sender of forging the source IP address to an IP address other than the allocated IP address and transmitting the forged IP packet.); and 
prohibit transmitting the to-be-transmitted packet via the network interface when the source IP address is forged (Par. [0061], The packet processing unit 113 forwards or drops (i.e. prohibit) the GTP-U packet according to the detection result (i.e. indicating that IP address was forged) of the IP spoofing packet obtained by the abnormal packet detecting unit 122. ).
Im does not explicitly teach but Aoki teaches transmitting to a monitoring device, an alarm packet carrying an IP address and a media access control (MAC) address of the terminal device, wherein the alarm packet instructs the monitoring device to identify and monitor the terminal device according to the IP address and the MAC address (Par. [0087], While the monitoring is continued if the predetermined operation is not performed, the notification of occurrence of abnormality at the terminal device is transmitted to the network management server if it is detected that the predetermined operation is performed (S26). The network management server which has received the notification acknowledges that the unauthorized operation may be performed, and performs processing for, e.g., disconnecting the terminal device from the network. Par. [0073], a snooping mechanism for sniffing the packet on the network may be used to monitor all the packets transmitted on the network and acquire the information on such as a transmission source IP address, a transmission destination IP address, a transmission source MAC address (the MAC address of the transmission source terminal if it is in an identical segment or of the router if it is in a different segment), and a transmission destination MAC address for the respective received packets. Par [0011]).
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references in order to prevent leakage of the information resulting from the spoofing, other methods may be combined, such as tightening access authorization to the terminal (Aoki, Par. [0007]).

Claims 2, 10, 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, in view of Bybell (U.S. Patent No. 9864700 B1), hereinafter Bybell and further in view of ( B. Holdsworth and R.C. Woods. Digital Logic Design. Fourth Edition.  2003), hereinafter Holdsworth. 

Regarding claim 2, the combination of Im and Aoki teach the method of claim 1. 
Im discloses a method of comparing the source IP addresses with each of the N IP addresses. the combination of Im and Aoki fails to disclose the particular of the comparing, as in claim 2 that specifies:
 wherein comparing the source IP address with each of the N IP addresses comprises: 
performing an exclusive OR operation on the source IP address and each of the N IP addresses to obtain N exclusive OR operation results; 
performing an OR operation on each of the N exclusive OR operation results to obtain N OR operation results; and 
performing an AND operation on the N OR operation results to obtain an AND operation result.
However, this corresponds to a well-known technique available in the art of equality comparators, as evidenced by Bybell, that teaches a multi-bit logic comparator in Figure 3. Bybell teaches a comparator that can be used for comparing two multi-bit inputs. For example, the two inputs can be the source IP address and one of the N IP address recited in the claimed invention. If more than one such comparators are used, for example, to compare the source IP address with more than one IP addresses, it would be necessary to feed the outputs of the comparators to another logic component to get a single output indicating that there was a match or not. The said logic component depends on the desired output (either 0 or  1).  Holdsworth, for instance, teaches  a 4-bit identity comparator in page 135, Figure 5.35. the comparator taught by Holdsworth uses a NAND gate in the last stage, but an AND gate can also be used for the same purpose. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Bybell using the teaching of Holdsworth and further modify the combined teaching of Bybell and Holdsworth using an AND gate instead of a NAND gate as described above. Doing so will provide the known advantages of simplifying the circuit, reducing power consumption, reducing real estate etc. while maintaining the same concept  and getting the similar outcome of comparing bits. 

Apparatus Claims 10 and 15 relate to the apparatus using the method as claimed in method claim 2. Therefore, Apparatus Claims 10 and 15 are rejected for the same reason of obviousness as claim 2 above.

Regarding claim 17, the combination of Im-Aoki-Bybell and Holdsworth teaches the apparatus of claim 15.
Im further discloses  wherein the processor is further configured to prompt, according to the AND operation result, an event of prohibiting transmitting the to-be-transmitted packet (Par. [0061], The packet processing unit 113 (i.e. the processor) forwards or drops (i.e. prohibit) the GTP-U packet according to the detection result (i.e. the AND operation result ) of the IP spoofing packet obtained by the abnormal packet detecting unit 122. ).

Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, in view of Bybell, in view of Holdsworth, and further in view of Hammond et. al. ( U.S Patent Application Publication No. 2015/0071283 A1), hereinafter Hammond.

Regarding claim 3, the combination of Im-Aoki-Bybell and Holdsworth teaches the method of claim 2. The combination teaches a method of prohibiting transmission of packets based on the result of IP address matching. The combinations does not teach setting a filtering flag bit to indicate filtering should be performed.
However, Hammond teaches setting a filtering flag bit indicating that filtering should be performed ( Par. [0034],  Each filter is enabled by setting the appropriate filtering bit in the SPH. DSG, LLC, IP filter, and IP Route functions are all enabled via separate bits. The egress filter 204 performs IP filtering of the Ethernet frames EF from the ingress filter 202 and operates on any frame having an "egress bit" set in the SPH header of the frame.) on the source IP address of the to-be-transmitted packet ( Par. [0033], The egress filter 204 further filters these Ethernet frames EF and modifies the special packet header SPH accordingly. In operation, the egress filter 204 further filters the Ethernet frames EF based on the routing map exiting the ingress filter 202 as well as the EF data provided to the ingress filter.).
Hammond and the combined teaching of Im-Aoki-Bybell and Holdsworth in claim 2 are considered analogous references to the claimed invention since they pertain to a method of filtering packets based on IP address information. Therefore it would have been obvious to combine the references to get the advantage of avoiding delay in transmission of packets by quickly filtering them (Hammond, Par. [0005]).

Claims 4, 18 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, in view of Bybell, in view of Holdsworth, and further in view of Park et. al. ( U.S Patent Application Publication No. 2004/0024757 A1), hereinafter Park.

Regarding claim 4, the combination of Im-Aoki-Bybell and Holdsworth teaches the method of claim 2. The combination teaches a method of comparing IP addresses. The combination does not teach performing the comparison in one clock cycle.
However, Park teaches wherein comparing the source IP address in the to-be- transmitted packet with each of the N IP addresses of the terminal device is performed within one clock cycle ( Par. [0025], The CAM used to realize an IP address look-up function through hardware implements a precise match search task in one clock cycle. The CAM compares, in parallel, an inputted search key with all entries within it, that is, all elements stored in segments physically split within it.).
Park and the combined teaching of Im-Aoki-Bybell and Holdsworth in claim 2 are considered analogous references to the claimed invention since they pertain to a method of filtering packets. Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combined the references above to get the advantage of quick filtering and avoiding latency as taught by Park ( Park, Par. [0025], quick search is enabled, and generally, a very short latency time within 10.about.20 ns (nanoseconds) is required ).

Apparatus claim 18 relates to the apparatus using the method as claimed in method claim 4. Therefore, apparatus claim 18 is rejected for the same reason of obviousness as used for claim 4 above.

Terminal device claim 21 relates to the terminal device using the method as claimed in method claim 4. Therefore, terminal device claim 21 is rejected for the same reason of obviousness as used for claim 4 above.


Claims 5 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, and in further view of McGrath et. al. ( U.S Patent Application Publication No. 2013/0254869 A1), hereinafter McGrath.

Regarding claim 5, the combination of Im-Aoki teach the method of claim 1. Im discloses prohibiting the transmission of to-be-transmitted packets. The combination of Im-Aoki do not explicitly teach transmitting instructions to a physical coding sublayer (PCS) at a physical layer (PHY) to prohibit transmission of packets.
However, McGrath teaches wherein prohibiting transmitting the to-be-transmitted packet comprises transmitting a transmission prohibition instruction to a physical coding sublayer (PCS) at a physical layer (PHY) (Par. [0029], The protective circuit can in this case be provided to override bus lines, e.g. by setting the error bus line, and thereby stop transmission (i.e. transmitting a transmission prohibition instruction). The invention can be implemented with a simple semiconductor circuit, such as a field programmable gate array, FPGA, requiring only a limited amount of resources. Alternatively the invention could be integrated into a PHY circuit, MAC circuit, CPU, other circuit of the electronic device or a combination of these.), and wherein the transmission prohibition instruction instructs the PCS to prohibit transmitting the to-be-transmitted packet (Par. [0029], A preferred implementation of the invention is a circuit connected between the Ethernet PHY and the Ethernet MAC. Ethernet frames are sent by the Ethernet MAC and unwanted frames are dropped or discarded by the Ethernet PHY and are not transmitted by the Ethernet PHY, thereby these unwanted frames do not impact network traffic, since they are stopped during transmission.).
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references in order to avoid transmission of unwanted packets in a network without delaying data traffic (McGrath, Par. [0014]).

Terminal device claim 22 relates to the terminal device using the method as claimed in method claim 5. Therefore, terminal device claim 22 is rejected for the same reason of obviousness as used for claim 5 above.


Claims 6, 11 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, and in further view of Zinin (U.S Patent Application Publication No. 2004/0196843 A1), hereinafter Zinin.

Regarding claim 6, Im discloses the  method of claim 1. Im further discloses prohibiting transmission of packets when the source IP address is different from the destination IP address. The combination of Im-Aoki do not explicitly teach prohibiting adding the to-be-transmitted packets to a packet queue.
However, Zinin teaches prohibiting adding the to-be-transmitted packet to a packet queue used to store a packet to be transmitted by the terminal device (Par. [0067], The next step is a small modification to the router's forwarding logic to normally allow only control-encapsulated IPv4 packets to be sent to the control plane (other packets may be put on a heavily rate-limited queue or dropped). Note that this check has O(1) complexity, and can easily be performed at line rate. This step ensures that when an attacker injects forged packets into the network, those packets do not affect the control plane infrastructure of the network.). 
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combined the references to make sure that packets in a queue that are detected to be spoofing or forged are not transmitted to the destination.

Apparatus claim 11 relates to the apparatus using the method as claimed in method claim 6. Therefore, apparatus claim 11 is rejected for the same reason of obviousness as used for claim 6 above.

Terminal device claim 213relates to the terminal device using the method as claimed in method claim 6. Therefore, terminal device claim 23 is rejected for the same reason of obviousness as used for claim 6 above.


Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Im in view Aoki, and in further view of Tamura et. al. ( U.S Patent Application Publication No. 2005/0198519 A1), hereinafter Tamura.


Regarding claim 20, the combination of Im-Aoki teach the apparatus of claim 14. The combination of Im-Aoki do not explicitly teach a processor generating an interrupt signal to prompt an event when a forged IP address is detected.
However, Tamura teaches wherein the processor is further configured to: generate an interrupt signal (Par. [0054], As for each packet identified by the combination of the packet type, destination port number and destination IP address and whose number of sent packets exceeds the corresponding threshold, and each packet identified by the combination of the packet type, destination port number and destination IP address and whose number of sent source IP address spoofing packets exceeds the corresponding threshold, it generates an Egress filtering setting event (i.e. interrupt signal) for the DDoS attack, and stores the Egress filtering setting event into the event data storage 150a (step S17). ); and prompt, according to the interrupt signal, an event that the source IP address in the to-be- transmitted packet is forged ( Par. [0054], The Egress filtering setting event for the DDoS attack includes data concerning the packet judged to exceed the threshold (here, the packet type, port number and destination IP address). In addition, it transmits data of the unauthorized access detection event via the switch 12a and backbone network 1000 to the management apparatus 16 (step S19). The data of the unauthorized access detection event includes data of the packet judged to exceed the threshold (i.e. forged packet).).
Im and Tamura are considered analogous references to the claimed invention since they pertain to a method of filtering packets in a network. Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references so appropriate action can be taken to packets that are identified to have forged IP addresses before they are transmitted.

Claims 8, 13 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Im in view of Aoki, and in further view of Abir ( U.S Patent Application Publication No. 2003/0126252 A1), hereinafter Abir.

Regarding claim 8, the combination of Im-Aoki teach the method of claim 1. The combination of Im-Aoki do not explicitly teach setting the terminal device to a filtering state before obtaining the source IP address and the N IP addresses.
However, Abir teaches wherein before obtaining the source IP address and the N IP addresses, the method further comprises setting the terminal device to a filtering state used to instruct the terminal device to perform filtering on the source IP address in the to-be-transmitted packet ( Par. [0017], For example, many DOS attack tools generate excessive Internet traffic using spoofed IP addresses. To minimize the transmission of packets with an invalid, or spoofed, IP address, routers can be configured to filter outgoing packets allowing only packets with valid source IP addresses to leave. Similarly, to prevent receiving packets (i.e. before obtaining) with an invalid, or spoofed, IP address, routers can be configured to validate (i.e. setting the terminal device to a filtering state ) the IP address on incoming packets.).
Therefore, it would have been obvious to one of ordinary skilled in the art, before the effective filing date of the claimed invention to combine the above references in order to minimize or avoid sending packets that have spoofed or forged IP addresses.

Apparatus claims 13 and 16 relate to the apparatus using the method as claimed in method claim 8. Therefore, apparatus claims 13 and 16 are rejected for the same reason of obviousness as used for claim 8 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Sharma (U.S Patent Application Publication No. 2006/0149965 A1) teaches a method of notifying, by a member of a network, to other members, that a rogue member exists.
Oh  (U.S Patent No. 6255856 B1) teaches a comparator circuit using XOR and NOR gates in Fig. 5.
Doyle (US 7134012) teaches determining if a packet has a spoofed source Internet Protocol (IP) address. A source media access control (MAC) address of the packet and the source IP address are evaluated to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet. The packet is determined to have a spoofed source IP address if the evaluation indicates that the source IP address is not bound to the source MAC address.

 Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496