Appeal 2007-2120
Application 09/911,149
sends the SPI and SA information to PF_KEY module 830 for storage in a
security policy database (SPD) and SAD respectively (Carman, col. 17, ll.
56-60; Fig. 9).
After Security Association Resource Manager (SARM) 814 sets the
appropriate gear that IPsec module 820 should apply when generating an
authentication tag, the IPsec module processes outbound IP packets by
retrieving the appropriate SPI from the SPD in PF_KEY module 830. The
retrieved SPI is then used to access the SAD to retrieve the appropriate
authentication gear information. Then, IPSec module 820 (1) computes the
authentication tag using the selected gear; (2) constructs the authentication
header; and (3) forwards the processed IP packet to the next processing
function (Carman, col. 17, l. 61 - col. 18, l. 56; Fig. 9 (Steps 918-922)
(emphasis added)).
As this passage indicates, Carman teaches storing the SA in the SAD;
a database that would certainly include a memory region with a specific
memory address value, as claimed. But we fail to see how this specific
memory address value is assigned as the SPI value itself.
Although Carman indicates generally that the retrieved SPI is “used”
to access the SAD to retrieve the appropriate gear information, Carman does
not further explain what exactly constitutes this “use” of the SPI. Certainly,
the SPI’s index function suggests that it functions, at least in part, as an
index or pointer to data contained within the SAD. But Carman does not say
whether the SPI is hashed or used with any other value to retrieve the SA
from the SAD. Therefore, Carman is, at best, ambiguous on whether the SPI
is the “sole value” used to access the SAD as the Examiner asserts.
6
Page: Previous 1 2 3 4 5 6 7 8 Next
Last modified: September 9, 2013