DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 12, 2026 has been entered.
Remarks
Pending claims for reconsideration are claims 1-5, 7-12, 14-18, and 20. Applicant has
Amended claims 1, 2, 8, 9, and 15.
Previously cancelled claim 6, 13, and 19.
Response to Arguments
Applicant’s arguments with respect to amended claims filed on January 12, 2026 have been considered but they are deemed moot in view of the new grounds of rejection (see 103 rejection below).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 7-11, 14-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Acharya et al. (U.S. Patent Application Publication No.: US 2020/0106719 A1 / or “Acharya” hereinafter) in view of Havaralu Rama Chandra Adiga et al. (U.S. Patent Application Publication No.: US 2019/0386824 A1 / or “Adiga” hereinafter).
Regarding claim 1, Acharya discloses “A network device comprising” (Para 0019: a network device; and Fig. 1: System 100 i.e., a “Network Device”):
“one or more processing units” (Para 0019: network device with processor; and Fig. 1: Fabric Access Processors A-B i.e., “processing units”);
“and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processing units, cause the one or more processing units to” (Para 0019: network device with processor and memory):
“secure a network link between an encryption-incapable port of the network device and a port of a peer network device using [security association keys (SAKs) of a security association (SA) exchanged between the encryption-incapable port of the network device and the port of the peer network device according to a key exchange protocol] {i.e., since an encryption incapable port of a network device cannot establish secure link with a peer encryption capable port; therefore, a processing device of the network device establishes secure link with the peer encryption capable port using security association keys (see, Spec: Para 61)}” (Fig. 1: System 100 i.e., a “Network Device” with Network Port A- --N i.e., “encryption-incapable port”; Proxy Port A-N i.e., “encryption capable port”; and Forwarding Engine A is component of Fabric Access Processor 110 i.e., the “Processing Device” ; Para 0103: Network Port A i.e., the “encryption-incapable port” receives encrypted network from outside i.e., from a “peer encryption capable port”; Para 0025 and 0095: discloses MACsec security association is utilized; and Para 0110: explains which ports encryption-incapable ports and which ports are encryption capable ports);
“configure redirection of packets received over the SA to a reserved encryption- capable port of the network device” (Para 0104: Network Port A is associated with proxy port i.e., a “reserved encryption-capable port”; and Para 0105: Forwarding Engine provides the encrypted network traffic to proxy port A).
“and configure a PHY of the network device to process packets from the reserved encryption-capable port by returning the packets to a forwarding pipeline rather than forwarding the packets” (Para 0104: Network Port A is associated with proxy port i.e., a “reserved encryption-capable port”; and Para 0105: Forwarding Engine provides the encrypted network traffic to proxy port A instead of the destination; and Para 0106: the proxy port A passed the traffic through to loopback A; and Para 0020: discloses how pipeline is utilized in managing the traffic),
“the forwarding pipeline comprising a plurality of packets held in [ternary content addressable memory (TCAM)] and a forwarding rule which configures a packet held in [TCAM] to be forwarded over the secured network link” (Para 0020: processing network traffic data units includes a series of one or more table lookups and corresponding actions and “a series of lookups and corresponding actions may be referred to as a 'pipeline'” where pipeline processing includes security actions such as how to route/forward i.e., “rule” the network traffic data unit).
Furthermore, Acharya discloses use of MACsec in network communication (see, Acharya Para 0025; and 0095).
But Acharya fails to specially disclose network communication using security association keys (SAKs) according to a key exchange protocol.
However, Adiga discloses network communication using security association keys (SAKs) according to a key exchange protocol (Adiga, Para 0017-0019).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of network communication using security association keys (SAKs) according to a key exchange protocol of Adiga to the system of Acharya to create a system where peer device can communicate utilizing agreed upon network communication protocol and the ordinary person skilled in the art would have been motivated to combine to facilitate network communication using MACsec Key Agreement (Adiga, Abstract).
Furthermore, Acharya and Adiga fail to specially disclose ternary content addressable memory (TCAM).
However, Agrwal discloses us of TCAM (Agrwal, Para 0018 and 0057).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of TCAM of Agrwal to the system of Acharya and Adiga to create a system where “Packet processors 102 can determine which port to transfer packets or frames to using a table that maps packet header or other characteristics with an associated output port” Agrwal, (Para 0018) and the ordinary person skilled in the art would have been motivated to combine to “…Packet processors 102 can be configured to perform match-action on received packets to identify packet processing rules and next hops using information stored in a ternary content-addressable memory (TCAM) tables or exact match tables…” (Agrwal, ).
Regarding claim 2, in view of claim 1, Acharya discloses “wherein redirection of packets to a reserved encryption-capable port is configured in the lookup table of a forwarding pipeline of the network device” (Para 0020: lookup table and pipeline is formed).
Regarding claim 3, in view of claim 1, Acharya view of Adiga disclose “wherein the network device and the peer network device are members of a connectivity association (CA); and wherein the SAKs are derived from connectivity association key (CAKs) of the network device and the peer network device” (Adiga, Para 0017-0021, connectivity association is formed and SAKs are generated).
Regarding claim 4, in view of claim 3, Acharya discloses “wherein the instructions further cause the one or more processing units to configure the PHY of the network device to perform one of encryption or decryption over each of a first secure channel (SC) and a second SC using the SAKs” (Para 0110, encryption and decryption are performed by the proxy ports).
Regarding claim 7, in view of claim 1, Acharya discloses “wherein the instructions further cause the one or more processing units to configure forwarding of encrypted packets from the reserved encryption-capable port based on an internal header of the encrypted packets” (Para 0064: proxy ports add tunneling header to modified network traffic data unit; and Para 0078).
Regarding claim 8, claim 8 is directed to a method corresponding to the device recited in claim 1. Claim 8 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Regarding claim 9, claim 9 is directed to a method corresponding to the device recited in claim 2. Claim 9 is similar in scope to claim 2, and is therefore, rejected under similar rationale.
Regarding claim 10, claim 10 is directed to a method corresponding to the device recited in claim 3. Claim 10 is similar in scope to claim 3, and is therefore, rejected under similar rationale.
Regarding claim 11, claim 11 is directed to a method corresponding to the device recited in claim 4. Claim 11 is similar in scope to claim 4, and is therefore, rejected under similar rationale.
Regarding claim 14, claim 14 is directed to a method corresponding to the device recited in claim 7. Claim 14 is similar in scope to claim 7, and is therefore, rejected under similar rationale.
Regarding claim 15, claim 15 is directed to a circuit corresponding to the device recited in claim 1. Claim 15 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Regarding claim 16, claim 16 is directed to a circuit corresponding to the device recited in claim 3. Claim 16 is similar in scope to claim 3, and is therefore, rejected under similar rationale.
Regarding claim 17, claim 17 is directed to a circuit corresponding to the device recited in claim 4. Claim 17 is similar in scope to claim 4, and is therefore, rejected under similar rationale.
Regarding claim 20, in view of claim 15, Acharya discloses “wherein the PHY circuit is further configured to encrypt, by the reserved encryption-capable port, an unencrypted packet to generate an encrypted packet and process the encrypted packet in a circular forwarding mode” (Para 0104: Network Port A is associated with proxy port i.e., a “reserved encryption-capable port”; and Para 0107: using loopback i.e., a “circular forwarding mode”).
Claims 5, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Acharya, Adiga, and Agarwal and in view of Benjamini et al. (U.S. Patent Application Publication No.: US 2020/0089645 A1 / or “Benjamini” hereinafter).
Regarding claim 5, in view of claim 4, Acharya discloses use of MACsec in network communication (see, Acharya Para 0025; and 0095).
Adiga discloses network communication using security association keys (SAKs) according to a key exchange protocol (Adiga, Para 0017-0019)
Agrwal discloses TCAM (Para 0057).
But Acharya, Adiga and Agrwal fail to specially disclose keeping track of network packets communicated over a network.
However, Benjamin discloses “wherein the instructions further cause the one or more processing units to configure the PHY to tag each encrypted packet sent and received over the first SC and the second SC with an incrementing packet number” (Fig. 7: Tag; and Para 0050: packet number filed keeping track of packets being communicated).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of keeping track of network packets communicated over a network of Benjamini to the system of Acharya, Adiga and Agrwal fail to create a system where packets communicated over the network is counted and the packet count is monotonically increasing and the ordinary person skilled in the art would have been motivated to combine to prevent replay attack (Adiga, Abstract).
Regarding claim 12, claim 12 is directed to a method corresponding to the device recited in claim 5. Claim 12 is similar in scope to claim 5, and is therefore, rejected under similar rationale.
Regarding claim 18, claim 18 is directed to a circuit corresponding to the device recited in claim 5. Claim 18 is similar in scope to claim 5, and is therefore, rejected under similar rationale.
Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ranjan et al. (US 20210359997 A1) discloses:
[Abstract] A computer-implemented method for generating a ternary content addressable memory (TCAM) profile includes obtaining an access control list (ACL) configuration and generating the TCAM profile by parsing the ACL configuration. Based upon the parsing, one or more configuration features are identified, each of the features based upon a context and direction of packet flow identified in the configuration. The context includes an interface type and a routing configuration type. Based upon identifying each of the one or more configuration features, a corresponding feature is generated in the TCAM profile. At least one qualifier and at least one action associated with the respective feature is identified and associated with the feature in the TCAM profile.
Hill et al. (US 2021/0218717 A1) discloses “…in a Media Access Control Security (MACSec) standard, a live peer is another device that belongs to the same unique connectivity association, and can periodically exchanging Media Access Control Security (MACsec) Key Agreement Protocol Data Unit (MKPDU) to confirm common possession of identical Connectivity Association Key (CAK) and a Connectivity Association Key Name (CKN). For example, in the Media Access Control Security (MACsec) protocol, the process of peer discovery includes, confirming common possession of a Connectivity Association Key (CAK) and a Connectivity Association Key Name (CKN) on both network devices 202 and 204…” (Para 0024).
Lin et al. (US 20060262808 A1) discloses “…The fragmentation and reassembly of tunneled packets are handled in the hardware pipeline without the need for any additional store and forward operations. In addition, certain embodiments can work with fragmented packets in encrypted tunnels, where fragments can be decrypted before they are reassembled, and where the fragmentation of a packet can happen before encrypting the fragments…” (Para 0023).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is (571) 270-3392. The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431