AUTHENTICATION OF CONSUMER PREMISE EQUIPMENT

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claim 1 have been considered but are moot because the arguments do not apply in view of newly found reference Barth being used in the current rejection. See the new rejection below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4, and 8-14 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub 2011/0066855 to Zeng (“Zeng”) in view of US Patent 9,100,206 to Barth (“Barth”) and US PG Pub 2009/0271852 to Torres (“Torres”). Regarding claim 1, “A network distribution system” reads on the system that uses authentication framework in cable network such as DOCSIS cable networks (abstract, ¶0023) disclosed by Zeng and represented in Fig. 2. As to “comprising: (a) a customer premise equipment that is authenticated to a network that includes a cable modem termination system based upon a DOCSIS authentication where said DOCSIS authentication is based upon an authorization request that includes a media access control address” Zeng discloses (¶0031) that the cable modem (customer premise equipment) triggers the authentication process by communications exchanged between the CMTS and the cable modem which is encapsulated in a DOCSIS frame having DOCSIS header as represented in Fig. 2 (element 14); (¶0041, ¶0004) the request sent by the cable modem includes identification such as a MAC address as represented in Fig. 3 and Fig. 1. As to “(b) said customer premise equipment receives data from a supplicant device that is interconnected to said network through said customer premise equipment where said supplicant device is authenticated to said network based upon an 802.1X authentication where said 802.1X authentication is based upon an authorization request that does not initially include a media access control address” Zeng discloses (¶0026, ¶0031) that the customer premise equipment (supplicant device) running 802.1x supplicant authentication software is authenticated by the CMTS by way of authentication pass-thru messages relayed by the cable modem as represented in Fig. 2 (elements 22, 34, 32, 33); (¶0034, ¶0085-¶0087) the system requests an identity for the device when the request does not include an attribute containing the MAC address As to “(c) where said network distribution system uses a first set of service flows for said DOCSIS authentication…, where said network distribution system uses a second set of service flows for said 802.1X authentication…, where said first set of service flows are independent of and non-overlapping with said second set of service flows” Zeng discloses (¶0030, ¶0062-¶0063, ¶0101-¶0104) that the CMTS/cable modem authenticates with the server using the centralized authentication criteria over the packet switched network, and it further authenticates with the cable modem/other devices using local authentication/802.1x packet; the CMTS provides authentication according to either local authentication software (802.1x authentication) or centralized authentication software (DOCSIS authentication) as represented in Fig. 11. Zeng meets all the limitations of the claim except “where said network distribution system uses a first set of service flows for said DOCSIS authentication of said customer premises equipment, where said network distribution system uses a second set of service flows for said 802.1X authentication of said supplicant device, where said first set of service flows are independent of and non-overlapping with said second set of service flows, where said customer premises equipment forwards all upstream traffic from said supplicant device subject to said 802.1X authentication to said second set of service flows, where said network distribution system upstream said customer premises equipment…” However, Barth discloses (5:45-6:8; 6:62-7:4; 7:27-37; claims 1-2) that the system includes CPE (supplicant device), Cable Modem (customer premises equipment), and CMTS/Service Router/server where CPE/downstream device communicates with CM using 802.1X protocol (second set of service flow) and CM communicates with the CMTS using DOCSIS protocol/authentication (first set of service flow) as represented in Fig. 1; the system uses dual authentication, i.e., DOCSIS for CM and 802.1X for CPEs/downstream devices, which shows differentiation of traffic based on authentication type and both authentications are separate/non-overlapping; (13:21-26) after the authentication with the server, the server begins receiving both upstream/downstream network traffic from CPEs via the CM. Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention to modify Zeng’s system by using different service flows/authentications for CMs/CPEs as taught by Barth in order to improve traffic handling, quality of service, and security (Barth - 1:35-47). Combination of Zeng and Barth meets all the limitations of the claim except “where said network distribution system discards all upstream traffic from said second set of service flows not subject to said 802.1X authentication for said supplicant device.” However, Torres discloses (¶0013) that the system includes a switch and a computing device/supplicant, where the computing device is configured to communicate through the switch as represented in Fig. 1; (¶0035-¶0036) the supplicant is connected to the switch using 802.1x standard port where the switch allows only 802.1x upstream traffic from the supplicant to pass through the switch while the other traffic, not related to 802.1x, is blocked by the switch. Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention to modify Zeng and Barth’s systems by forwarding all upstream traffic from said CPE subject to 802.1x authentication while discarding traffic not subject to 802.1x authentication as taught by Torres in order to avert attempt to breach secure networks by applying security measures to limit the public’s access to a secure network (Torres - ¶0002). Regarding claim 2, “The network distribution system of claim 1 wherein said customer premise equipment receives extensible authentication protocol communication from said supplicant device” Zeng discloses (¶0026, ¶0028, ¶0031) that the CPE is running extensible authentication protocol-based authentication where the CPE sends authentication messages to CMTS via the Cable modem as represented in Fig. 2 (elements 34, 33). Regarding claim 4, “The network distribution system of claim 1 wherein said customer premise equipment receives non-extensible authentication protocol communication from said supplicant device” Zeng discloses (¶0029) that the CMTS and the cable modem exchanges authentication negotiation messages, where when a network device does not include certificates requests authentication, the negotiation messages are used to define authentication based on a shared secret or a one time password instead of a certificate; (¶0095) lifetime information and ciphersuite information for the Session Key are subsequently negotiated using the DOCSIS BPKM protocol. The key lifetime designates an amount of time before the cable modem is required to refresh its Session Key. The ciphersuite information designates which encryption and authentication algorithms the cable modem uses when communicating media and other user data. Regarding claim 8, “The network distribution system of claim 2 wherein said extensible authentication protocol communication is tunneled from a DAA device to a controller” Zeng discloses (¶0033, ¶0064-¶0065) that the EAP is used for communication where the cable modem communicates with the CMTS and the CMTS further communicates with the authentication server as represented in Fig. 2. Regarding claim 9, “The network distribution system of claim 8 wherein said controller performs 802.1X authentication for said supplicant device” Zeng discloses (¶0026) that the CPE running 802.1x supplication or other EAP-based authentication software may be authenticated by either the CMTS or the authentication server by way of authentication pass-thru messages relayed by the cable modem as represented in Fig. 2. Regarding claim 10, “The network distribution system of claim 9 wherein said controller consults an authentication server to approve a media access control (MAC) address of said supplicant device” Zeng discloses (¶0096-¶0099, claim 19) that the MAC address of the CPE is used by the cable modem for the authentication process by the authentication server as represented in Fig. 10. Regarding claim 11, “The network distribution system of claim 10 wherein said 802.1X authentication includes an EAPoL-request identity, an EAPoL-response identity, a request, a challenge, an EAPoL-request challenge, an EAPoL-response challenge, a request, an accept, and an EAPoL-success” Zeng discloses (¶0030-¶0055) that during the centralized authentication process between the cable modem, the CMTS, and the authentication server, the process includes EAP-requesting identity, responding identity, a request/challenge, an accept, and a success as represented in Fig. 3. Regarding claim 12, “The network distribution system of claim 10 wherein a forwarding table is updated to include said media access control (MAC) address of said supplicant device” Zeng discloses (¶0099) that the comparing a source address to a table distinguishes cable modem generated authentication messages from CPE device generated authentication messages where CPE devices are generally not configured to generate MAC management messages, any DOCSIS frames including the frame structure having the MAC management message corresponds to a cable modem generated message. Regarding claim 13, “The network distribution system of claim 12 wherein said forwarding table binds said media access control (MAC) address to said customer premise equipment” Zeng discloses (¶0099) that the comparing a source address to a table distinguishes cable modem generated authentication messages from CPE device generated authentication messages where CPE/supplicant devices are generally not configured to generate MAC management messages, any DOCSIS frames including the frame structure having the MAC management message corresponds to a cable modem generated message. Regarding claim 14, “The network distribution system of claim 13 wherein a dynamic host configuration protocol server provides an IP address to said supplicant client in response to a request from said supplicant client” Zeng discloses (¶0079-¶0083) that the DHCP server begins communicating without a drawn out authentication and key distribution process where, the DHCP server authenticates the cable modem by simply observing DHCP key Message Authentication Code-protected (MAC-protected) communications, and when the DHCP server determines that the communications are MAC-protected using the secret DHCP key, the cable modem is determined to be genuine as represented in Fig. 8. Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Zeng in view of Barth and Torres as applied to claim 14 above, and further in view of US Patent 8,745,253 to Absillis (“Absillis”). Regarding claim 15, combination of Zeng, Barth, and Torres meets all the limitations of the claim except “The network distribution system of claim 14 wherein said forwarding table is updated to include said IP address of said supplicant device.” However, Absillis discloses (2:15-36; 5:40-66) that the access node maintains a table that relates the IP address assigned to CPE and any other client devices with which it communicates to other information, such as media access control (MAC) addresses. Therefore, it would have been obvious to one of the ordinary skills in the art before the effective filing date of the invention to modify Zeng, Barth, and Torres’ systems by updating/maintaining table to include IP address of the supplicant device as taught by Absillis in order to prohibit the user device that is not listed in the table from accessing service provider network (Absillis – 6:35-36). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to PINKAL R CHOKSHI whose telephone number is (571)270-3317. The examiner can normally be reached Monday - Friday, 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BRIAN T PENDLETON can be reached at (571)272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PINKAL R CHOKSHI/Primary Examiner, Art Unit 2425