SYSTEM AND METHOD FOR GENERATING SYMMETRIC KEY TO IMPLEMENT MEDIA ACCESS CONTROL SECURITY CHECK

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Responsive to Patent board Decision of 07/01/2025, a new rejection of claim 20 under 35 USC 103 is made. Prosecution on the merits of this application is reopened on claims 1-20 are considered unpatentable for the reasons indicated below: The same grounds of rejections for claims 1-19 and affirmed by the board on 07/01/2025 are repeated below. The board decision dated 07/01/2025, page 15, stated regarding claim 20, “The Examiner does not explain how emitting a pairing secret causes a handshake procedure”. While the claim does not limit the process of “handshake procedure”, the examiner has specific knowledge of the existence of a particular reference or references which indicate expressly “handshake” and namely the how, as evidence nonpatentability. MPEP 1214.04 and 37 CFR 1.198. New grounds of rejection are set forth below. This rejection has been approved by the Technology Center Director signing below. Amy Cohen Johnson /AMY COHEN JOHNSON/TC2400 Group Director, Art Unit 2400 Claim Objections Claims 1, 9 and 15 are objected to because of the following informalities: the claim recites ”wherein the second unique identifier is a (media access control) MAC address” the claim language MAC should be in parathesis and not the other way around. The claim limitation should be ”wherein the second unique identifier is a Media Access Control (MAC) address”. Appropriate correction is required. Claim Interpretation Questions on giving claims under examination their broadest reasonable interpretation (BRI) consistent with the specification as it would be interpreted by one of ordinary skill in the art. MPEP 2111 and 2111.01. MPEP 2111.04, for claim language that may raise a question as to the limiting effect of the language in a claim. Claim 20 recites “20. The non-transitory computer-readable medium of claim 15, wherein the first device has a button that causes the first device to perform a handshake to negotiate the symmetric key with the peer device when the button is pressed.” Claim 15, to which claim 20 depends on is drawn to “A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a first device, cause the one or more processors to:…” The BRI of the “wherein clause” of claim 20 does not further require the claimed non-transitory computer-readable medium of claim 15 cause the one or more processors, instead, a button … causes the first device to perform a handshake”. The claim 15 is directed to “A non-transitory computer-readable medium storing instructions …” and does not cover the particulars of the first device, or include the specifics of the first device, other than the claimed “one or more instructions that, when executed by one or more processors of a first device, cause the one or more processors to”. Specifically, the button of the first device and its operation, namely causes the first device to perform a handshake, is outside the scope of non-transitory computer-readable medium storing instructions of claim 15. Therefore, the wherein clause of claim 20 imposes no limit to the art. However, for purposes of compact prosecution, claim 20 is addressed below with showing of specific knowledge of the existence of a particular reference as if would be the case. Claim 20 functional language, with respect to “a first device having a button that causes the first device to perform a handshake to negotiate the symmetric key with the peer device when the button is pressed”. MPEP 2161.01, computer-implemented inventions, “original claims may lack written description when the claims define the invention in functional language specifying a desired result but the specification does not sufficiently describe how the function is performed or the result is achieved. For software, this can occur when the algorithm or steps/procedure for performing the computer function are not explained at all or are not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient).” In this case the specification is devoid of particular program or algorithm for the claimed function as related to the button when pressed, to perform a handshake to negotiate the symmetric key. The specification repeats the language of the claim, that is [0054] “In some implementations, the first device and the peer device may perform a handshake to exchange the first digital certificate and the second digital certificate based on a trigger event. For example, the first device and/or the peer device may include a button that causes the first device and the peer device to perform the handshake in order to negotiate a symmetric key when the button is pressed”, or as in [0032], “Additionally, or alternatively, the Ethernet devices 106, 108 may include housings with physical buttons, interfaces to display virtual buttons, and/or the like, which may synchronize the Ethernet devices 106, 108 and/or trigger the handshake procedure”. The specification need not teach what is well known in the art. However, applicant cannot rely on the knowledge of one skilled in the art to supply information that is required to enable the novel aspect of the claimed invention when the enabling knowledge is in fact not known in the art. ALZA Corp. v. Andrx Pharms., LLC, 603 F.3d 935, 941, 94 USPQ2d 1823, 1827 (Fed. Cir. 2010). Since the specification in this case does not provide further information other than restating the function recited in the claim, this is taken as the Applicant is relying on the knowledge of one skilled in the art to achieve this function of having a button that causes the preforming of a handshake to negotiate the symmetric key. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy) in view of Brand (US 20150372813), in view of Lambert (US 10681038) and in the alternative further view of Lacey et al. (US 20190019184, hereinafter Lacey). Re. claim 1, Chimakurthy discloses a method, comprising: receiving, by a first device, a first digital certificate from a certificate authority (Chimakurthy discloses distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106. A PKI may include a certificate authority (CA) that stores, issues and signs a digital certificate [0026]); performing, by the first device, a certificate exchange with a peer device connected to the first device over an Ethernet link (Transmission engine may provide a MAC address and a device identifier of first MACsec capable device 104 to second MACsec capable device 106. In an example, the device identifier of first MACsec capable device 104 may include a digital certificate [0029]), wherein performing the certificate exchange includes: transmitting, to the peer device, the first digital certificate that contains a first unique identifier associated with the first device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]), and receiving, from the peer device, a second digital certificate that contains a second unique identifier associated with the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract, 10]); obtaining, by the first device, the second unique identifier from the second digital certificate received from the peer device based on validating that the second digital certificate is signed by the certificate authority that signed the first digital certificate (In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]); using, by the first device, the symmetric key to establish a secure communication session with the peer device over the Ethernet link (The identification of MACsec participants in a network may be determined by a set of keys: Connectivity Association Key (CAK) and Connectivity Association Name (CKN). These keys are used by the MACsec Key agreement protocol for establishing a MACsec session [0008]. The first MACsec capable device may generate a Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. The first MACsec capable device may encrypt the CAK, the CKN, and the nonce using a public key of the second MACsec capable device to generate an encrypted packet. The first MACsec capable device may send the encrypted packet to the second MACsec capable device [0010]). Although Chimakurthy discloses certificate and symmetric key, Chimakurthy does not explicitly teach but Brand teaches exchanging certificate, the first unique and the second unique identifier from the validated second digital certificate (Brand teaches If both the mobile phone (7010) and third party server (7020) have been issued with digital certificates, the certificates (7030, 7100) may be used to authenticate communication channels between them, to identify the mobile phone (7010) and/or third party remote server (7020) and also to encrypt communication between them. start a certificate exchange process, whereby its certificate (7030) is sent to the third party server (7020), and the certificate of the server (7100) is sent to the mobile phone (7010). Both parties will then validate the content of the received certificates [0091]. The mobile phone (7010) and third party server (7020) can now share encryption keys (7150) by means of which further encryption of their communication may be done. The shared encryption keys (7150) are typically symmetrical encryption keys [0092]. The digital user certificate (7030) is therefore used not only to authenticate the communication channel between the mobile phone (7010) and the third party server (7020), but also to uniquely identify the mobile phone (7030) that is attempting to transact with the third party server (7020) [0093]); wherein the first unique identifier is an international mobile station equipment identity (IMEI) (Brand teaches the certificate (6000) may also include other information such as, for example, a mobile phone number (6040) associated with a subscriber identity module (SIM) of the mobile device, the mobile device's international mobile station equipment identity (IMEI) (6050) and/or international mobile subscriber identity (IMSI) (6060) numbers as well as a certificate expiry date (6070) [0087]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include how to share the IDs through the use of exchange certificates; wherein the first unique identifier is an international mobile station equipment identity (IMEI) as disclosed by Brand. One of ordinary skill in the art would have been motivated for the purpose of encrypting/authenticating communication channel between two endpoints (Brand [0088]). Chimakurthy discloses identifier and communication, Brand discloses certificates with IDs, the combination of Chimakurthy-Brand do not explicitly teach but Lambert teaches generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2); wherein the first device independently self-generates the symmetric key using the key generation algorithm based on the first unique identifier and the second unique identifier (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand to include generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier; wherein the first device independently self-generates the symmetric key using the key generation algorithm based on the first unique identifier and the second unique identifier; wherein the first device independently self-generates the symmetric key using the key generation algorithm based on the first unique identifier and the second unique identifier as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67). Although Chimakurthy discloses a second unique identifier from the certificate, Brand and Lambert teaches generating a symmetric key using a key generation algorithm based on the first and second unique identifier from the validated second digital certificate, the combination of Chimakurthy-Brand-Lambert do not explicitly teach but in the alternative Lacey teaches wherein the second unique identifier is a MAC (media access control) address (Lacey teaches for each transaction certificate, additional details for the requestor and receiver may be received and stored. For example, the requestor's IMEI, MAC address, IP address or location 706 may be stored as part of each certificate. Similarly, the recipient's IMEI, MAC address, IP address or location 708 may be stored as part of each certificate [0033] Fig. 7). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert to include wherein the second unique identifier is a MAC (media access control) address as disclosed by Lacey. One of ordinary skill in the art would have been motivated for the purpose of identity verification information from individuals or entities, this leads to improved security since it verifies the user in order to have access (Lacey [0030]). Re. claim 2, the combination of Chimakurthy-Brand-Lambert-Lacey teaches the method of claim 1, wherein the secure communication session is established according to a Media Access Control security (MACsec) protocol (Chimakurthy teaches MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices (for example, 104 and 106). A MACsec capable device (for example, 104 and 106) may support 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the MACsec device and a host device [0014]). Re. claim 3, the combination of Chimakurthy-Brand-Lambert-Lacey teach the method of claim 1, Although Chimakurthy discloses certificate and symmetric key, Chimakurthy does not explicitly teach but Brand teaches exchanging certificate, the first unique and the second unique identifier from the validated second digital certificate (Brand teaches If both the mobile phone (7010) and third party server (7020) have been issued with digital certificates, the certificates (7030, 7100) may be used to authenticate communication channels between them, to identify the mobile phone (7010) and/or third party remote server (7020) and also to encrypt communication between them. start a certificate exchange process, whereby its certificate (7030) is sent to the third party server (7020), and the certificate of the server (7100) is sent to the mobile phone (7010). Both parties will then validate the content of the received certificates [0091]. The mobile phone (7010) and third party server (7020) can now share encryption keys (7150) by means of which further encryption of their communication may be done. The shared encryption keys (7150) are typically symmetrical encryption keys [0092]. The digital user certificate (7030) is therefore used not only to authenticate the communication channel between the mobile phone (7010) and the third party server (7020), but also to uniquely identify the mobile phone (7030) that is attempting to transact with the third party server (7020) [0093]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include how to share the IDs through the use of exchange certificates as disclosed by Brand. One of ordinary skill in the art would have been motivated for the purpose of encrypting/authenticating communication channel between two endpoints (Brand [0088]). The combination of Chimakurthy-Brand does not explicitly teach but Lambert teaches wherein: the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier and the second unique identifier, and the symmetric key is an output of the cryptographic hash function (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand to include the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier and the second unique identifier, and the symmetric key is an output of the cryptographic hash function as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67). Re. claim 4, the combination of Chimakurthy-Brand-Lambert teach the method of claim 3, The combination of Chimakurthy-Brand does not explicitly teach but Lambert teaches wherein the inputs to the cryptographic hash function further include a cryptographic salt that the first device and the peer device independently generate according to a particular scheme (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers (Interpreted as cryptographic salt) Ra, Rb [Col 5 lines 47-60] Fig. 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand to include wherein the inputs to the cryptographic hash function further include a cryptographic salt that the first device and the peer device independently generate according to a particular scheme as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67). Re. claim 15, Chimakurthy discloses a non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a first device (Machine-readable storage medium, processor and memory. Memory executed by the processor[0043]), cause the one or more processors to: receiving, by a first device, a first digital certificate from a certificate authority (Chimakurthy discloses distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106. A PKI may include a certificate authority (CA) that stores, issues and signs a digital certificate [0026]); transmit the first digital certificate to a peer device connected to the first device over an Ethernet link, wherein the first digital certificate contains a first unique identifier identifying the first device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]); receive, from the peer device, a second digital certificate that contains a second unique identifier identifying the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract, 10]); determine whether the second digital certificate received from the peer device is signed by a certificate authority that issued the first digital certificate to the first device (Chimakurthy teaches In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]); use the symmetric key to establish a secure communication session with the peer device over the Ethernet link (The identification of MACsec participants in a network may be determined by a set of keys: Connectivity Association Key (CAK) and Connectivity Association Name (CKN). These keys are used by the MACsec Key agreement protocol for establishing a MACsec session [0008]. The first MACsec capable device may generate a Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. The first MACsec capable device may encrypt the CAK, the CKN, and the nonce using a public key of the second MACsec capable device to generate an encrypted packet. The first MACsec capable device may send the encrypted packet to the second MACsec capable device [0010]). Although Chimakurthy discloses certificate and symmetric key, Chimakurthy does not explicitly teach but Brand teaches generate a key after determining that the second digital certificate is singed by the certificate authority that issued the first digital certificate to the first device (Brand teaches If both the mobile phone (7010) and third party server (7020) have been issued with digital certificates, the certificates (7030, 7100) may be used to authenticate communication channels between them, to identify the mobile phone (7010) and/or third party remote server (7020) and also to encrypt communication between them. start a certificate exchange process, whereby its certificate (7030) is sent to the third party server (7020), and the certificate of the server (7100) is sent to the mobile phone (7010). Both parties will then validate the content of the received certificates [0091]. At this point, both parties can be sure they are talking to the intended recipients. The mobile phone (7010) and third party server (7020) can now share encryption keys (7150) by means of which further encryption of their communication may be done. The mobile phone (7010) and third party server (7020) can now share encryption keys (7150) by means of which further encryption of their communication may be done. The shared encryption keys (7150) are typically symmetrical encryption keys [0092]. The digital user certificate (7030) is therefore used not only to authenticate the communication channel between the mobile phone (7010) and the third party server (7020), but also to uniquely identify the mobile phone (7030) that is attempting to transact with the third party server (7020) [0093]); wherein the first unique identifier is an international mobile station equipment identity (IMEI) (Brand teaches the certificate (6000) may also include other information such as, for example, a mobile phone number (6040) associated with a subscriber identity module (SIM) of the mobile device, the mobile device's international mobile station equipment identity (IMEI) (6050) and/or international mobile subscriber identity (IMSI) (6060) numbers as well as a certificate expiry date (6070) [0087]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include how to share the IDs through the use of exchange certificates as disclosed by Brand. One of ordinary skill in the art would have been motivated for the purpose of encrypting/authenticating communication channel between two endpoints (Brand [0088]). Chimakurthy discloses identifier and communication, the combination of Chimakurthy-Brand does not explicitly teach but Lambert teaches generate a symmetric key using a cryptographic hash function (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2); wherein the first device and the peer device independently self-generate the symmetric key using the cryptographic hash function based on the first unique identifier, the second unique identifier, and one or more random numbers (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand to include wherein the first device and the peer device independently self-generate the symmetric key using the cryptographic hash function based on the first unique identifier, the second unique identifier, and one or more random numbers as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67). Although Chimakurthy discloses a second unique identifier from the certificate, Brand and Lambert teaches generating a symmetric key using a key generation algorithm based on the first and second unique identifier from the validated second digital certificate, the combination of Chimakurthy-Brand-Lambert do not explicitly teach but in the alternative Lacey teaches wherein the second unique identifier is a MAC (media access control) address (Lacey teaches for each transaction certificate, additional details for the requestor and receiver may be received and stored. For example, the requestor's IMEI, MAC address, IP address or location 706 may be stored as part of each certificate. Similarly, the recipient's IMEI, MAC address, IP address or location 708 may be stored as part of each certificate [0033] Fig. 7). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert to include wherein the second unique identifier is a MAC (media access control) address as disclosed by Lacey. One of ordinary skill in the art would have been motivated for the purpose of identity verification information from individuals or entities, this leads to improved security since it verifies the user in order to have access (Lacey [0030]). Re. claim 17, the combination of Chimakurthy-Brand-Lambert-Lacey teaches the non-transitory computer-readable medium of claim 15, the combination of Chimakurthy-Brand do not explicitly teach but Lambert teaches wherein the one or more random numbers include a cryptographic salt (Lambert teaches the first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60]. Generates a hidden version of the password, Ra is random because it’s generated based on random integer Xa [Col 4 lines 22-34] Fig. 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand to include wherein the one or more random numbers include a cryptographic salt as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67). Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Brand (US 20150372813), Lambert (US 10681038), in the alternative Lacey et al. (US 20190019184, hereinafter Lacey), and in further view of Rai et al. (US 20180316510, hereinafter Rai). Re. claim 5, the combination of Chimakurthy-Brand-Lambert-Lacey teaches the method of claim 1, further comprising: the combination of Chimakurthy-Brand-Lambert-Lacey do not explicitly teach but Rai teaches obtaining the first digital certificate from the certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority (Rai teaches SCEP can be used to request certificates from any SCEP-enabled certificate authority [0039]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy-Brand-Lambert-Lacey to include obtaining the first digital certificate from the certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority as disclosed by Rai. One of ordinary skill in the art would have been motivated for the purpose of allows users to request and issue large numbers of certificates with one request (Rai [0039]). Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Brand (US 20150372813), Lambert (US 10681038), in the alternative Lacey et al. (US 20190019184, hereinafter Lacey), and in further view of Garcia Morchon et al. (US 20190089546, hereinafter Garcia). Re. claim 6, the combination of Chimakurthy-Brand-Lambert-Lacey teach the method of claim 1, further comprising: the combination of Chimakurthy-Brand-Lambert-Lacey do not explicitly teach but Garcia teaches generating a cryptographic key pair that includes a public key for encrypting data and a private key for decrypting data that is encrypted using the public key (Garcia teaches a key pair generation unit 141 arranged to generate a public key and a corresponding private key. The public key may be arranged for encryption according to an asymmetric-key cryptographic scheme. The corresponding private key is arranged for decryption according to the asymmetric-key cryptographic scheme [0035]); transmitting, to the certificate authority, a certificate signing request that includes the public key and the first unique identifier associated with the first device (Garcia teaches Message 240.2 may be a certificate request comprising the public key and information. The request may be accompanied by other credentials or proofs of identity if required by the certificate authority [0068]); and receiving the first digital certificate from the certificate authority based on the certificate signing request (Garcia teaches Message 240.2 may be a certificate request comprising the public key and information. If the public key has a dual use as signing key (e.g., combining RSA encryption and signing or ElGamal encryption and ECDSA signing) then the request may be signed by the private key corresponding to the public key. This signature is verified by the certificate authority [0068]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert to include generating a cryptographic key pair that includes a public key for encrypting data and a private key for decrypting data that is encrypted using the public key; transmitting, to the certificate authority, a certificate signing request that includes the public key and the first unique identifier associated with the first device; and receiving the first digital certificate from the certificate authority based on the certificate signing request as disclosed by Garcia. One of ordinary skill in the art would have been motivated for the purpose of using asymmetric scheme in order for encryption or signing (Garcia [0002]). Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Brand (US 20150372813), Lambert (US 10681038), in the alternative Lacey et al. (US 20190019184, hereinafter Lacey), and in further view of L. et al. (US 20130318570, hereinafter L). Re. claim 7, the combination of Chimakurthy-Brand-Lambert teach the method of claim 1, further comprising: the combination of Chimakurthy-Brand-Lambert do not explicitly teach but L teaches obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate (L teaches a network device receives a domain-specific X.509 certificate from a neighbor device, the network device validates the certificate structure and format. The certificate validation uses the root certificate and/or certificate chain of the issuer of the received certificate [0064]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert-Lacey to include obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate as disclosed by L. One of ordinary skill in the art would have been motivated for the purpose of validating certificates in the same domain (L [0062]). Re. claim 18, the combination of Chimakurthy-Brand-Lambert-Lacey teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: the combination of Chimakurthy-Brand-Lambert-Lacey do not explicitly teach but L teaches obtain a root certificate associated with the certificate authority; and determine that the certificate authority signed the second digital certificate based on tracing a certificate chain of trust from the second digital certificate to the root certificate (L teaches a network device receives a domain-specific X.509 certificate from a neighbor device, the network device validates the certificate structure and format. The certificate validation uses the root certificate and/or certificate chain of the issuer of the received certificate [0064]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert-Lacey to include obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate as disclosed by L. One of ordinary skill in the art would have been motivated for the purpose of validating certificates in the same domain (L [0062]). Claim 8, 9, 10, 11, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Brand (US 20150372813), Lambert (US 10681038), in the alternative Lacey et al. (US 20190019184, hereinafter Lacey) and in further view of Small et al. (US 20140041022, hereinafter Small). Re. claim 8, the combination of Chimakurthy-Brand-Lambert-Lacey teach the method of claim 1, further comprising: the combination of Chimakurthy-Brand-Lambert-Lacey do not explicitly teach but Small teaches receiving an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiating the symmetric key with the peer device based on the alert (Small teaches provide for explicit notification and sharing of information regarding detected attacks/failure conditions between endpoints in a communication session. the endpoints in a communication session can collectively determine a response to take following the detection of a failure condition/attack on the communication session. The response may comprise: re-negotiating a session key [0014]. The network may be metro Ethernet transport network [0018] Fig. 3). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Brand-Lambert-Lacey to include receiving an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiating the symmetric key with the peer device based on the alert as disclosed by Small. One of ordinary skill in the art would have been motivated for the purpose of recognizing an attack and responding to the attack (Small [0012]). Re. claim 9, Chimakurthy discloses a device, comprising: one or more memories; and one or more processors (Chimakurthy discloses processor and memory. Memory executed by the processor[0043]), communicatively coupled to the one or more memories, to: obtain a first digital certificate from a certificate authority (Chimakurthy discloses distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106. A PKI may include a certificate authority (CA) that stores, issues and signs a digital certificate [0026]); transmit, to a peer device connected to the device over an Ethernet link, a first digital certificate that contains a first unique identifier identifying the device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]); receive, from the peer device, a second digital certificate that contains a second unique identifier identifying the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract]. In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]); validate that the second digital certificate is signed by the certificate authority that signed the first digital certificate (In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]); use the symmetric key to establish a secure communication session with the peer device over the Ethernet link(The identification of MACsec participants in a network may be determined by a set of keys: Connectivity Association Key (CAK) and Connectivity Association Name (CKN). These keys are used by the MACsec Key agreement protocol for establishing a MACsec session [0008]. The first MACsec capable device may generate a Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. The first MACsec capable device may encrypt the CAK, the CKN, and the nonce using a public key of the second MACsec capable device to generate an encrypted packet. The first MACsec capable device may send the encrypted packet to the second MACsec capable device [0010]). Although Chimakurthy discloses certificate and symmetric key, Chimakurthy does not explicitly teach but Brand teaches exchanging certificate, the first unique and the second unique identifier from the validated second digital certificate (Brand teaches If both the mobile phone (7010) and third party server (7020) have been issued with digital certificates, the certificates (7030, 7100) may be used to authenticate communication channels between them, to identify the mobile phone (7010) and/or third party remote server (7020) and also to encrypt communication between them. start a certificate exchange process, whereby its certificate (7030) is sent to the third party server (7020), and the certificate of the server (7100) is sent to the mobile phone (7010). Both parties will then validate the content of the received certificates [0091]. The mobile phone (7010) and third party server (7020) can now share encryption keys (7150) by means of which further encryption of their communication may be done. The shared encryption keys (7150) are typically symmetrical encryption keys [0092]. The digital user certificate (7030) is therefore used not only to authenticate the communication channel between the mobile phone (7010) and the third party server (7020), but also to uniquely identify the mobile phone (7030) that is attempting to transact with the third party server (7020) [0093]); wherein the first unique identifier is an international mobile station equipment identity (IMEI) (Brand teaches the certificate (6000) may also include other information such as, for example, a mobile phone number (6040) associated with a subscriber identity module (SIM) of the mobile device, the mobile device's international mobile station equipment identity (IMEI) (6050) and/or international mobile subscriber identity (IMSI) (6060) numbers as well as a certificate expiry date (6070) [0087]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include how to share the IDs through the use of exchange certificates as disclosed by Brand. One of ordinary skill in the art would have been motivated for the purpose of encrypting/authenticating communication channel between two endpoints (Brand [0088]). Chimakurthy discloses identifier and communication, Brand discloses certificates with IDs, the combination of Chimakurthy-Brand do not explicitly teach but Lambert teaches generate a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and on