DETAILED ACTION
Response to Amendment
1. The present application, filed on or after March 16, 2013, is being examined under
the first inventor to file provisions of the AIA .
2.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/21/2026 has been entered.
3.
Applicant’s Argument:
On pages 7-11 of the Remarks/Arguments, Applicant argues that the combination of Barry and Gundavelli fails to teach “defining and/or storing a Policy defining traffic flow criteria and/or a tag denoting a class, type or category of computer system; applying the Policy and/or tag to the first and/or second system; and providing provide reachability information to the first or second system to enable the first or second system to connect to the other of the first or second system if and only if, any and all rules, criteria and requirements associated with the Policy and/or tag permit connection of or between the first system and second system”.
Response to Argument: Examiner respectfully disagrees with Applicant’s arguments
Because: Barry substantially teaches a discovery service component is arranged to transmit a network address and/or reachability information for an entity on a network to another entity [0050-53], [0113], [0118], and fig. 4. After validating the identities of both parties, establishing a VPN connection (i.e. criteria and requirements associated with the policy permits connection between the first system and second system) [0022], [0121] and fig. 3, wherein the discovery service component (DS) (i.e. computer-based Platform) may register a plurality of network entities [0038-0039], [0050], [0130] and fig. 3, and further Gundavelli substantially teaches a tag may identify a types/classes /ranks of network devices [0099], fig. 3A, and wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025]. Thus the combination of Barry and Gundavelli teaches the above limitations.
4.
Claim Objection
Claims 28 and 31 are objected to, because these claims have typographical errors. The examiner suggests the following correction:
For claim 28:
Replacement of “the first and/or system” with “the first and/or the second systems”.
For claim 31:
Replacement of “wherein enrolling the first and the second systems at the Platform in association with a respective Enrolment Key” with “wherein enrolling the first and the second systems at the Platform in association with the respective Enrolment Key”.
5.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 9-11, 20-23, 26-30, 33-35 are rejected under 35 U.S.C. 103 as being
unpatentable over Barry et al. US 2018/0287803 (hereinafter Barry), in view of
Gundavelli et al. US 2021/0194728 (hereinafter Gundavelli).
Regarding claim 9 Barry teaches computer-implemented method for establishing, facilitating, or facilitating connectivity between a first system and a second system, wherein each system:
is registered with a computer-based Platform (Barry teaches a discovery service component (DS) (i.e. computer-based Platform) may register a plurality of network entities [0038-0039], [0050], [0130] and fig. 3); and
is associated at the Platform with a cryptographic key and a certificate name (Barry teaches the DS may be configured to store and identifier and key associated with each entity on the network [0039] and [0113]);
the method comprising: the step of sing the computer-based Platform to:
provide reachability information to the first or second system to enable the first or second system to connect to the other of the first or second system if and only if, any and all rules, criteria and requirements associated with the policy permits connection between the first system and second system (Barry teaches a discovery service component is arranged to transmit a network address and/or reachability information for an entity on a network to another entity [0050-53], [0113], [0118], and fig. 4. After validating the identities of both parties, establishing a VPN connection (i.e. criteria and requirements associated with the policy permits connection between the first system and second system) [0022], [0121] and fig. 3).
Barry does not teach defining and/or storing a tag denoting a class, type or category of computer system. Gundavelli substantially teaches a tag may identify a types/classes /ranks of network devices [0099], fig. 3A, and wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Barry such that the invention further includes defining and/or storing a tag denoting a class, category or type of computing system. One would have been motivated to do so ensure that only authorized entities can perform a given activity [0036].
Regarding claim 10 Barry as modified teaches a method according to claim 9, and further comprising the step: enrolling the first and second systems at the Platform in association with a respective an Enrolment Key (Barry teaches the DS may be configured to store an identifier and key associated with each entity on the network [0039] and [0113]).
Regarding claim 11 Barry as modified teaches a method according to claim 9, wherein: the Policy and/or tag is associated with at least one rule, criteria and/or requirement which defines how and/or when the Policy and/or tag applies to the first system and/or second system (Barry teaches after validating the identities of both parties, establishing a VPN connection [0022], and further Gundavelli teaches a tag may identify a types/classes /ranks of network devices [0099], wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025]).
In response to Claim 20: Rejected for the same reason as claim 9
Regarding claim 21 Barry as modified teaches a computer implemented Platform according to claim 20 wherein the computer implemented Platform further comprises: a certificate authority arranged to generate a digital certificate comprising: a public cryptographic key and a certificate name associated with the computer implemented Platform (Barry teaches the certificate authority is arranged and configured to generate the digital certificate in response to a Certificate Signing Request from the entity, maintain a record of digital certificates generated by the certificate authority, and transmit the digital certificate to the entity [0046], wherein the signed certificate comprises a distinguished name and a public key [0024]) and wherein the computer implemented Platform is arranged to establish or facilitate connectivity between a first system and a second system; and the certificate authority is a component of the computer implemented Platform rather than being provided in association with an Operating System of the computer system or by a supplier of the Operating System (Barry teaches a discovery service component (DS) may provide a traffic relay capability between entities on the network, wherein the DS may provide reachability information relating to entities on the network to other entities, wherein the DS may facilitate connection of one entity to at least one other entity, and wherein the DS may provide an address book or record which an entity may use to store information, including arbitrary identifiers, relating to other entities on the network [0030]).
Regarding claim 22 Barry as modified teaches a computer implemented Platform according to claim 20 wherein the computer implemented Platform also comprises one or more of: a portal, a relay service component; and a discovery service component (Barry teaches the discovery service component is arranged to record the location of an entity on a computer network based on registration made using the digital certificate; and/or introduce entities on the network to one another [0052]).
Regarding claim 23 Barry as modified teaches a computer implemented Platform according to claim 20 wherein the computer implemented Platform is arranged or operative to perform one or more of the following: generate and/or provide an Enrolment Key to the first and/or second system; facilitate transmission of the digital certificate to the second system; provide a Software as a Service facility for public key exchange, validation of the first and second systems; and facilitate direct connection of the first and second systems using their certificate names (Barry teaches a software on Alice and Bob's endpoints contact a Discovery Service which facilitates a direct connection; the software performs a certificate exchange during which each certificate owner demonstrates knowledge of their respective private key by signing a nonce supplied by the other party, wherein the software on the endpoints check that the distinguished name on the certificate they have received matches that which was provided, then they validate that the certificate is from a trusted CA, and validate the knowledge of private key [0090-0092]).
In response to Claim 26: Rejected for the same reason as claim 9
Regarding claim 27 Barry as modified teaches the method according to claim 9 wherein the Policy: i) is influenced or dictated by one or more of system identity, end-user-identity, point-in-time security attributes of the first system or second system, metadata, network location, geographic location, time of day; and/or ii) is not influenced or dictated by end-user identity (Barry teaches the discovery service component is arranged to record the location of an entity on a computer network based on registration made using the digital certificate; and/or introduce entities on the network to one another [0052]).
Regarding claim 28 Barry as modified teaches the method according to claim 27 wherein the tag: i) is associated with at least one requirement or criteria which defines and/or controls when or how the tag applies to the first and/or second system; and/or ii) is defined by an administrator or controller of, or associated with, the first and/or second system; and/or iii) is associated with at least one Policy or rule defining how or when data can be received by or sent from the first and/or system; and/or iv) functions as a label or identifier for a class, type or category of computing system (Barry teaches after validating the identities of both parties, establishing a VPN connection[0022], and further Gundavelli teaches a tag may identify a types/classes /ranks of network devices [0099], wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025]).
Regarding claim 29 Barry as modified teaches a method according to claim 27 and further comprising the step of
i) determining whether at least one requirement or criteria associated with the tag is met in respect of the first and/or second system; and/or ii) using a signal, event, value or other metric to determine whether at least one requirement or criteria associated with the tag is met in respect of the first and/or second system (Barry teaches after validating the identities of both parties, establishing a VPN connection [0022], and further Gundavelli teaches a tag may identify a types/classes /ranks of network devices [0099], wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025]).
Regarding claim 30 Barry as modified teaches a method according to claim 9 and further comprising the step of: i) is performed after enrolment of the first and/or second systems at the Platform and their respective connections to a discovery service; systems, each of the respective digital certificates comprising the cryptographic key and an arbitrary identifier associated with a respective first or second system (Barry teaches a non-secret identifier can be chosen at random (arbitrarily) by a CA to be used as a distinguished name on a digital certificate [0061]).
Regarding claim 33 Barry as modified teaches the method of claim 9, wherein the Policy: i) comprises one or more tags; ii) defines rules which are applied to the first and/or second system to permit, restrict or deny the flow of information between the first and second systems based on tags that are applied to the first and second systems; iii) defines and constrains which systems the first and second systems can communicate with (Barry teaches after validating the identities of both parties, establishing a VPN connection [0022], and further Gundavelli teaches a tag may identify a types/classes /ranks of network devices [0099], wherein an enterprise may enforce a policy on traffic flowing through the enterprise between one or more clients and one or more network entities [0025]).
Regarding claim 34 Barry as modified teaches the method of claim 9, wherein the Platform is cloud-based, at least in part and/or provides a Software as a Service function (Barry teaches the discovery service component is arranged to record the location of an entity on a computer network based on registration made using the digital certificate; and/or introduce entities on the network to one another [0052]).
Regarding claim 35 Barry as modified teaches the method of claim 9, wherein the Platform comprises one or more of: a portal; and/or a certificate authority; wherein the certificate authority is a component of the platform rather than being provided in association with an Operating System of the first or second system or by a supplier of the Operating System; and/or at least one relay service; and/or an interface; and/or software installed on an end-user's system; and/or a discovery service (Barry teaches the discovery service component is arranged to record the location of an entity on a computer network based on registration made using the digital certificate; and/or introduce entities on the network to one another [0052]).
6.
Claims 12-13, and 31-32 are rejected under 35 U.S.C. 103 as being
unpatentable over Barry and Gundavelli as mentioned above, in view of Shantharam et
al. US 2020/0233651 (hereinafter Shantharam).
Regarding claim 12 Barry as modified teaches a computer-implemented method according to claim 9 wherein a Certificate Authority, performs the steps of: receiving, from the first system, the cryptographic key and an Enrolment Key associated with the first system (Barry teaches entity provides an indication of knowledge of the private key associated with the public key. The indication of knowledge may be provided to a Certificate Authority as part of a Certificate Signing Request [0038], [0040]); and
generating, transmitting and/or exchanging a signed digital certificate comprising the cryptographic key and certificate name associated with the first and/or second system (Barry teaches the certificate authority is arranged and configured to generate the digital certificate in response to a Certificate Signing Request from the entity, maintain a record of digital certificates generated by the certificate authority, and transmit the digital certificate to the entity [0046], wherein the signed certificate comprises a distinguished name and a public key [0024]). The combination of Barry and Gundavelli does not teach a certificate authority is located on common platform that performs other services. Shantharam substantially teaches a computing environment such as a server may include a plurality of components such as a discovery service and a certificate authority [0010-0011] and fig. 1.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Barry and Gundavelli such that the invention further includes a certificate authority is located on common platform that performs other services. One would have been motivated to do so to enhance security, for example allowing a stricter security measure over the issuance and revocation of a digital certificate.
Regarding claim 13 Barry as modified teaches a method according to claim 12 wherein: i) the cryptographic key and the Enrolment Key are received from the first system as part of, or in conjunction with, a Certificate Signing Request (CSR); and/or ii) the Enrolment Key is generated by the Platform and/or associated with the first system (Barry teaches endpoints register their presence on the network with a discovery service, wherein each of the endpoints provides its certificate along with a demonstration of knowledge of private key associated with the public key in the certificate [0113] and fig. 3).
Regarding claim 31 Barry as modified teaches the method according to claim 10, wherein enrolling the first and second systems at the Platform in association with a respective Enrolment Key comprising configuring the Enrolment Key to apply an initial set of tags to the first and/or second system (Shantharam teaches a computing environment such as a server may comprise a plurality of components such as a discovery service and a certificate authority [0010-0011] may provide a client with a public key, wherein the public key can be used to communicate with a provisioning service [0022]).
Regarding claim 32 Barry as modified teaches the method of claim 12, wherein the certificate name: i) is short relative to the cryptographic key; and/or ii) is arbitrary such that an identity of the first system or an operator or owner of the first system cannot be, or is unlikely to be, discerned from an identifier alone; and/or iii) generation of the certificate name is random or pseudo-random; iv) selection of the certificate name is not related to an identity of the system or the cryptographic key (Barry teaches a non-secret identifier can be chosen at random (arbitrarily) by a CA to be used as a distinguished name on a digital certificate [0061]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541. The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYOUB ALATA/ Primary Examiner, Art Unit 2494
Prosecution Insights