ENCRYPTION SEGMENTS FOR SECURITY IN COMMUNICATION NETWORKS

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 1. Applicant's arguments filed have been fully considered but are not persuasive. 2. Applicant argues that Jiang is deficient. Specifically, Applicant argues that Jian does not teach an encryption segment, but rather only teaches encrypted segments. Applicant states “an encryption segment which is used as a basis for performing encryption.” However, Applicant mischaracterizes how the rejections applies Jiang, namely that the rejection relies on “an encrypted segment which is a segment of a payload to which the encryption has already been applied.” This is incorrect. The rejection plainly cites Jiang (¶0033) as teaching an encryption segment in the form of an encrypted segment length, which as stated by the Applicant is used as a basis for performing the encryption. (Jiang, ¶0033, encrypts based on the encrypted segment length) In the context of encryption, a segment length does count as an encryption segment when it is used in the process of encrypting data. Segments are used to break down the data into smaller units for processing, and when these segments are encrypted, they are considered segments of the final encrypted output. The encryption process ensures that each segment is properly handled and combined to form the complete ciphertext. Specifically, if the plaintext length is greater than the data length supported by a single encryption, the data is divided for encryption into data segments of an appropriate length and then each data segment is encrypted. Examiner notes that Applicant’s specification does not provide a definitive example of an encryption segment. For instance, FIG. 4 of the Specification is not an example of an encryption segment, but rather is “an encryption SID in a Segment Identifier (SID),” (Specification [0037]) where “the ES [encryption segment] may be programmed within the 64-but Function 420.” (Specification, FIG. 4, [0038]) As such, the encryption segment is any programmable instruction which is used as a basis for performing encryption, and a length restriction, i.e. an encrypted segment length, would be such a programmable instruction used as a basis for performing encryption. 3. Applicant argues that Salkintzis is deficient. First, Applicant reiterates their arguments against Jiang as applied to Salkintzis. However, as noted above, Jiang teaches the encryption segment as recited by the claims. As such, Applicant’s first argument regarding Salkintzis is moot. Second, Applicant argues that it fails to teach the feature of “wherein the encryption segment has associated therewith an encryption segment identifier uniquely identifying the encryption segment.” Applicant first draws from their conclusion of their first argument that “because, as indicated above the cited portions of Salkintzis fail to disclose or suggest an encryption segment and, thus, also must fail to disclose or suggest that such an encryption segment has an encryption segment identifier associated therewith.” However, this argument fails as cause Salkintzis is not being relied upon for teaching the encryption element nor an associated encryption segment identifier uniquely identifying the encryption segment. Examiner relied upon ¶0034 of Jiang as teaching the encryption segment identifier in the form of a header. Applicant only argues the encryption segment identifier regarding Salkintzis, but Applicant makes no arguments against this teachings of Jiang, and so it is considered conceded. Examiner notes that the language used in this case is considered as broad as the segment identifier is merely “associated” with the encryption segment. Furthermore, “uniquely” identifying also is an broad qualifier as there is not a singular manner to “uniquely” identify something. In the case of Jiang, the header uniquely identifies where the associated encryption segment was applied. Applicant continues making argument solely related to Salkintzis, arguing “the cited portions of Salkintzis merely disclose generation of encrypted traffic detection information… [and] are devoid of any disclose or suggestion of an encryption segment hav[ing] an encryption segment identifier associated therewith.“ However, this argument is moot as Jiang is relied to teach this element, not Salkintzis. In conclusion, if Applicant wishes to argue for a deficient teaching of the feature of “wherein the encryption segment has associated therewith an encryption segment identifier uniquely identifying the encryption segment,” Applicant must make arguments regarding the teachings of Jiang or make further amendments to distinguish from the prior art. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. For purposes of compact prosecution, further applies the following prior art rejection. 4. Claims 26-28, 33, 36-40, 42-45, and 50-58 are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 20190132296 A1) in view of Salkintzis et al. (US 20210168665 A1). Claim 26 Jiang teaches an encrypting node (FIG. 1, Host 101 including encryption engine 116, wherein an encrypting node has an encryption engine), comprising: at least one processor; (¶0050, including a microprocessor) and at least one memory (¶0051, including a memory) including instructions which, when executed by the at least one processor, wherein the encrypting node includes an encryption segment, (FIG. 1, ¶0017, Host 101 including encryption engine 116, wherein an encrypting node has an encryption engine) cause the encrypting node to at least: wherein an encryption segment (¶0033, encrypting segments of a payload based on an encrypted segment length, wherein the encrypted segment length comprises the encryption segment) has associated therewith an encryption segment identifier uniquely identifying the encryption segment, (¶0034, associated with encryption header; Examiner notes that the encryption “identifies” the encryption segments via its association with the encryption processes) the encryption segment identifier encapsulating a header of an encryption protocol; (¶0034, the identifiers encapsulating the header of the protocol) encrypt, (FIG. 2, step 208, ¶0033) by an encrypting node (FIG. 1, ¶0033, by Encryption Engine 116) based on an encryption segment (¶0033, encrypted segment length) and based on an encryption protocol, (¶0021, encrypting a payload based on TLS encryption or other protocol) a payload of the packet to form an encrypted payload; (FIG. 1, ¶0018, wherein the encrypted segments of a payload are part of the traffic handled by Hypervisor 102 with the encrypted payload forming an encrypted payload) form, by the encrypting node, an encrypted packet of an encrypted traffic flow, (FIG. 2, ¶0033, encrypting the packet of an encrypted traffic flow) wherein the encrypted packet includes the encrypted payload, (FIG. 3B, ¶0034, wherein the encrypted packet comprises the encrypted payload 304) an encryption header of the encryption protocol encapsulating the encrypted payload; (FIG. 3B, ¶0036, wherein the encrypted payload is encapsulated via an encrypted header of the encryption protocol) and forward, by the encrypting node toward a next-hop node, the encrypted packet of the encrypted traffic flow. (¶0018, forwarding packets to a next node, wherein the node would be the next-hop node, by Hypervisor 102 comprising Virtual Switch 106; ¶0021, including the encrypted payload of the encrypted traffic flow) However, Jiang does not explicitly teach determine, by the encrypting node, that a packet belongs to a traffic flow to be encrypted to form an encrypted traffic flow, wherein the encryption segment has associated therewith an encryption segment identifier uniquely identifying the encryption segment, the encryption segment identifier encapsulating an encryption header of an encryption protocol. From a related technology, Salkintzis determine, by a node configured to support an encryption segment, (FIG. 5, ¶0108, wherein Network Function Apparatus 500 is configured to support encrypted segments) that a packet belongs to a traffic flow (FIG. 5, ¶0115, determining that a packet belong to an encrypted data flow) to be encrypted to form an encrypted traffic flow. (Examiner notes that this is an intended use statement, that does not have patentable weight) It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Jiang to incorporate the techniques utilized by Salkintzis to determine whether nodes belonged to encrypted traffic flow in order to more effectively utilize network resources towards intended resources. Claim 27 Jiang in view of Salkintzis teach Claim 26, and further teaches wherein the encryption segment identifier is configured to identify the encrypted traffic flow. (Salkintzis, ¶0108, wherein encrypted traffic detection information is configured to identify traffic) Claim 28 Jiang in view of Salkintzis teach Claim 26, and further teaches wherein the encryption segment identifier is configured to identify the encrypting node (Salkintzis, ¶0008, wherein the encrypted traffic detection information is configured to identify the encrypting node ) as a source of the encrypted traffic flow. (Examiner notes that “configured to identify… as a source of the encrypted traffic flow” comprises an intended use, as the identification “as a source…” is an intended use and does not have patentable weight) Claim 33 Jiang in view of Salkintzis teach Claim 26, and further teaches wherein the encryption segment Includes a set of encryption resources configured for use in encrypting the encrypted traffic flow. (Jiang, ¶0021, encryption engine encrypts based upon the encrypted segment) Claim 36 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the encrypted traffic flow is an encrypted service (Jiang, ¶0016, wherein the traffic comprises encryption services) or an encrypted tunnel supporting a set of services. Claim 37 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the encrypted traffic flow is a Layer 2.5 flow or a Layer 3 flow. (Jiang, ¶0020, layer 3 traffic) Claim 38 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the encrypted traffic flow is a Multiprotocol Label Switching (MPLS) flow or an Internet Protocol (IP) flow. (Jiang, ¶0020, IP traffic) Claim 39 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the encrypted payload includes a Multiprotocol Label Switching (MPLS) or an Internet Protocol (IP) packet. (Jiang, ¶0020, IP packet) Claim 40 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the encrypted payload includes a second encryption segment identifier configured to uniquely identify a second encrypted traffic flow within the network. (Jiang, FIG. 4B, ¶0034, wherein there are multiple segments and segments identifiers) Claim 41 Jiang in view of Salkintzis teach Claim 26, and further teaches, wherein the packet includes a transport segment identifier encapsulating the encryption segment identifier, (Salkintzis, ¶0108, wherein encrypted traffic detection information further comprises a transport segment identifier) wherein the transport segment identifier is configured to connect an encrypting node that encrypts the encrypted traffic flow to a decrypting node that decrypts the encrypted traffic flow. (Examiner notes that “configured to connect… comprises an intended use statement reciting a usage of the identifier, but the claim does not use it as such, and therefore the claim element does not have patentable weight) Claim 42 Jiang in view of Salkintzis teach Claim 26, and further teaches wherein the packet includes at least one communication header encapsulating the encryption segment identifier. (Jiang, FIG. 3D, ¶0029, outer header 306 encapsulating the encryption protocol header) Claim 43 Jiang in view of Salkintzis teach Claim 42, and further teaches wherein the at least one communication header includes at least one of a Layer 3 header, (Jiang, ¶0029, the IP header is layer 3 header) a Layer 2.5 header, or a Layer 2 header. Claim 44 Jiang in view of Salkintzis teach Claim 42, and further teaches wherein the at least one communication header includes at least one of an Internet Protocol (IP) header, (Jiang, ¶0029, IP header) a Multiprotocol Label Switching (MPLS) header, or an Ethernet header. Claim 45 Jiang in view of Salkintzis teach Claim 26, and further teaches wherein the packet includes a second encryption segment identifier encrypting the encryption segment identifier, wherein the second encryption segment identifier uniquely identifies a second encrypted traffic flow within the network. (Jiang, FIG. 4B, ¶0034, wherein there are multiple segments and segments identifiers) Claims 50 and 51 are taught by Jiang in view of Salkintzis as described for Claim 26. Claim 52 Jiang in view of Salkintzis teach Claim 51, and further teaches wherein the encryption segment identifier is configured to identify, on an encrypting node, an encryption segment configured to encrypt the encrypted traffic flow based on a set of encryption resources. (Salkintzis, ¶0108, wherein the encryption segment has association with a unique encrypted traffic detection information) Claim 53 is taught by Jiang in view of Salkintzis as described for Claim 28. Claim 54 is taught by Jiang in view of Salkintzis as described for Claim 34 . Claim 55 is taught by Jiang in view of Salkintzis as described for Claim 36. Claim 56 is taught by Jiang in view of Salkintzis as described for Claim 37. Claim 57 is taught by Jiang in view of Salkintzis as described for Claim 42. Claim 58 is taught by Jiang in view of Salkintzis as described for Claim 43. 5. Claims 34-35 are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US 20190132296 A1) in view of Salkintzis et al. (US 20210168665 A1) and in further view of Raj et al. (US 20200280566 A1). Claim 34 Jiang in view of Salkintzis teach Claim 33, but does not explicitly teach, wherein the set of encryption resources includes an encryption algorithm used to encrypt the encrypted traffic flow and an encryption key used to encrypt the encrypted traffic flow. From a related technology, Raj teaches a set of encryption resources includes an encryption algorithm used to encrypt the encrypted traffic flow and an encryption key used to encrypt the encrypted traffic flow. (¶0052, wherein within a set of security parameter a particular encryption algorithm and an encryption key) It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Jiang in view of Salkintzis to incorporate the teachings of Raj to better utilized and manage encryption resources to more effectively utilize the network’s resources. Claim 35 Jiang in view of Salkintzis teach Claim 26, but does not explicitly teach, wherein the encryption segment identifier encapsulates the encryption header of the encryption protocol comprises an Institute of Electrical and Electronics Engineers (IEEE) 802.1AE protocol. From a related technology, Raj teaches an encryption segment identifier encapsulates the encryption header of the encryption protocol comprises an Institute of Electrical and Electronics Engineers (IEEE) 802.1AE protocol. (Raj, ¶0058, wherein the field encapsulates a header using a MACsec security protocol) It would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Jiang in view of Salkintzis to incorporate the teachings of Raj to better utilized and manage encryption resources to more effectively utilize the network’s resources. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER PALACA CADORNA whose telephone number is (571)270-0584. The examiner can normally be reached M-F 10:00-7:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached at (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER P CADORNA/Examiner, Art Unit 2444 /KAMAL B DIVECHA/Supervisory Patent Examiner, Art Unit 2453