DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Claims
Claims 1-20 are presented for examination.
Claims 1, 6, 8, 13, 15 and 19 are amended.
Response to Arguments
Applicant’s arguments with respect to claims 1, 6, 8, 13, 15 and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Interpretation
Examiner notes that the subject matter of previous claim 6 was not included in its entirety in the amended claims. Specifically, prior claim 6 recited “wherein the packet number counter value is a next packet number counter value in a sequence of packet number counter values, and further comprising resetting the sequence of packet number counter values prior to the packet number counter value reaching a maximum counter value” and current claim 1 recites in relevant part “wherein the packet number counter value used to encrypt at least a portion of the packet is a next packet number counter value in a sequence of packet number counter values, the sequence of packet number counter values resulting from a reset of packet number counter values;”. This comprises a change in scope of the claim language.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-8, 10-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11,303,619 to Wang et al. in view of U.S. Patent Application Publication No. 2017/0171169 by Lee et al. and in view of U.S. Patent Application Publication No. 2025/0150904 by Monajemi et al.
As to claims 1 and 8, Wang discloses a method (Claim 1)/device comprising: one or more processors (Wang: Fig 2; Processors 120A-C); and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations (Wang: Fig 2; Memory 120A-C) (Claim 8), comprising:
allocating, at a first site, respective unique secure channel identifiers to respective uplink encryptor interfaces (Wang: Col 4, Line 65 – Col 5, Line 9; Security Parameter Index (channel identifier) assigned to Security Association (interface)),
wherein the respective uplink encryptor interfaces provide intersite connectivity to a second site(Wang: Col 4, Line 65 – Col 5, Line 9; “As used herein, the term “security association” (i.e., “SA”) may refer generally to a set of security attribute(s) that are configured for protecting information exchange between a pair of computer systems, such as EDGE1 150 and EDGE2 160”), wherein the respective unique secure channel identifiers comprise respective unique upstream encryptor identifiers (Wang: Col 4, Line 65 – Col 5, Line 9; “Each SA may be associated with a security parameter index (SPI), such as SPI=X for a first SA (SA1) and SPI=Y for a second SA (e.g., SA2) negotiated between EDGE1 150 and EDGE2 160. In practice, each SA and associated SPI may identify a tunnel between EDGE1 150 and EDGE2 160”);
using, by an uplink encryptor interface of the uplink encryptor interfaces, a unique secure channel identifier allocated to the uplink encryptor interface to encrypt at least a portion of a packet, resulting in an encrypted packet (Wang: Fig 3, Col 5, Lines 37-51; packets encrypted according to SA for packet for routing);
including, by the uplink encryptor interface, the unique secure channel identifier in a header of the encrypted packet (Wang: Fig 3, Col 5, Lines 37-51; encrypted packet includes SA which includes SPI); and
sending, by the uplink encryptor interface, the encrypted packet and the header via a tunnel to the second site (Wang: Fig 4 – 460; Col 8, Lines 45-61; encapsulated packet sent to receiving node through encrypted tunnel).
Wang does not expressly disclose the use of a packet number counter for encryption or inclusion in the packet or
wherein the packet number counter value used to encrypt at least a portion of the packet is a next packet number counter value in a sequence of packet number counter values, the sequence of packet number counter values resulting from a reset of packet number counter values;
Lee discloses the use of a packet number counter for encryption or inclusion in the packet (Lee: Page 10, Sec 77; “The encryption engine 127 may be configured to encrypt data to be included in a packet based on a packet number (e.g., a value of the packet number counter 122). In a particular implementation, the encryption engine 127 may be configured to encrypt data based on a nonce (that is generated based on the packet number) and a group key. The group key may be shared by devices of the data link group and may be used to encrypt messages. The first device 104 may include a nonce generator, as further described with reference to FIG. 2, that is configured to generate a nonce based on a packet number and a MAC address of the transmitting device (e.g., the first device 104). In a particular implementation, the encryption engine 127 is configured to perform CCMP encryption. In other implementations, the encryption engine 127 may be configured to perform encryption using other encryption protocols. The encryption protocols used by the encryption engine 127 may be specified in one or more wireless communication standards, such as an IEEE 802.11s standard, as a non-limiting example.”) or
wherein the packet number counter value used to encrypt at least a portion of the packet is a next packet number counter value in a sequence of packet number counter values (Lee: Page 10, Sec 80; “Packet number initialization in this manner prevents each device of the data link group from encrypting two different packets using the same packet number and the same group key. The packet number generator 120 may generate an incremented packet number based on the packet number counter 122 in response to determining that a next packet is to be generated, and data for inclusion in the next packet may be encrypted based on the incremented packet number and the group key. In this manner, data in different packets is encrypted based on different packet numbers (e.g., different nonces), which satisfies a security criterion of at least one encryption protocol.
Monajemi discloses the sequence of packet number counter values resulting from a reset of packet number counter values (Monajemi: Page 2, Sec 27, 31; resetting packet number and using next packet number).
Wang, Lee and Monajemi are analogous art because they are from the common area of protected network communications.
It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the packet counter encryption of Lee in the system of Wang. The rationale would have been to use a standard encryption protocol (Lee: Page 10, Sec 77. Additionally, it would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the packet number maintenance of Monajemi in the system of the modified reference. The rationale would have been to control packet communications (Monajemi: Page 2, Sec 27).
As to claim 15, the modified Wang/Lee/Monajemi reference discloses a method comprising:
receiving, by an uplink encryptor interface at a first site, a unique secure channel identifier allocated to the uplink encryptor interface (Wang: Col 4, Line 65 – Col 5, Line 9; Security Parameter Index (channel identifier) assigned to Security Association (interface)), wherein the unique secure channel identifier is one of multiple respective unique secure channel identifiers allocated to respective uplink encryptor interfaces at the first site (Wang: Col 4, Line 65 – Col 5, Line 9; “Each SA may be associated with a security parameter index (SPI), such as SPI=X for a first SA (SA1) and SPI=Y for a second SA (e.g., SA2) negotiated between EDGE1 150 and EDGE2 160. In practice, each SA and associated SPI may identify a tunnel between EDGE1 150 and EDGE2 160”), and wherein the respective uplink encryptor interfaces provide intersite connectivity to a second site Wang: Col 4, Line 65 – Col 5, Line 9; “As used herein, the term “security association” (i.e., “SA”) may refer generally to a set of security attribute(s) that are configured for protecting information exchange between a pair of computer systems, such as EDGE1 150 and EDGE2 160”),;
using, by the uplink encryptor interface, the unique secure channel identifier (Wang: Col 4, Line 65 – Col 5, Line 9; Security Parameter Index (channel identifier)) and a packet number counter value (Lee: Page 10, Sec 77) to encrypt at least a portion of a packet, resulting in an encrypted packet (Wang: Fig 3, Col 5, Lines 37-51; packets encrypted according to SA for packet for routing);
wherein the packet number counter value used to encrypt at least a portion of the packet is a next packet number counter value in a sequence of packet number counter values (Lee: Page 10, Sec 77; “The encryption engine 127 may be configured to encrypt data to be included in a packet based on a packet number (e.g., a value of the packet number counter 122). In a particular implementation, the encryption engine 127 may be configured to encrypt data based on a nonce (that is generated based on the packet number) and a group key. The group key may be shared by devices of the data link group and may be used to encrypt messages. The first device 104 may include a nonce generator, as further described with reference to FIG. 2, that is configured to generate a nonce based on a packet number and a MAC address of the transmitting device (e.g., the first device 104). In a particular implementation, the encryption engine 127 is configured to perform CCMP encryption. In other implementations, the encryption engine 127 may be configured to perform encryption using other encryption protocols. The encryption protocols used by the encryption engine 127 may be specified in one or more wireless communication standards, such as an IEEE 802.11s standard, as a non-limiting example.”), the sequence of packet number counter values resulting from a reset of packet number counter values (Monajemi: Page 2, Sec 27, 31; resetting packet number and using next packet number);
including, by the uplink encryptor interface, the unique secure channel identifier (Wang: Col 4, Line 65 – Col 5, Line 9; Security Parameter Index (channel identifier))and the packet number counter value (Lee: Page 10, Sec 77) in a header of the encrypted packet (Wang: Fig 3, Col 5, Lines 37-51; encrypted packet includes SA which includes SPI); and
sending, by the uplink encryptor interface, the encrypted packet and the header via a tunnel to the second site (Wang: Fig 4 – 460; Col 8, Lines 45-61; encapsulated packet sent to receiving node through encrypted tunnel).
As to claims 3, 10 and 17, the modified Wang/Lee/Monajemi reference further discloses wherein the respective unique secure channel identifiers further comprise a first site identifier, a second site identifier, and an identifier of a respective uplink encryptor interface of the respective uplink encryptor interfaces(Wang: Col 6, Lines 1-40; source and destination address as well as SA).
As to claims 4, 11 and 18, the modified Wang/Lee/Monajemi reference further discloses wherein using, by the uplink encryptor interface, the unique secure channel identifier (Wang: Col 4, Line 65 – Col 5, Line 9; Security Parameter Index (channel identifier)) and the packet number counter value (Lee: Page 10, Sec 77) to encrypt the at a least a portion of the packet comprises generating a unique packet initialization vector for the packet (Wang: Fig 3, Col 5, Lines 37-51; packets encrypted according to SA for packet for routing).
As to claims 5 and 12, the modified Wang/Lee/Monajemi reference further discloses further comprising providing the respective unique secure channel identifiers from the first site to the second site to enable decryptor engines at the second site to decrypt the encrypted packet (Wang: Fig 1, Col 1, Line 62 – Col 2, Line26; SA provided to Edge2 for routing and decryption).
As to claims 6, 13 and 19, the modified Wang/Lee/Monajemi reference further discloses wherein the packet number counter values were reset prior to the packet number counter values reaching a maximum counter value (Monajemi: Page 2, Sec 27, 31; resetting packet number and using next packet number).
As to claims 7, 14 and 20, the modified Wang/Lee/Monajemi reference further discloses further comprising using, by the uplink encryptor interface, the unique secure channel identifier allocated to the uplink encryptor interface and the packet number counter value to generate an integrity checksum value and including, by the uplink encryptor interface, the integrity checksum value in the encrypted packet (Wang: Col 9; 24-36; UDP header checksum used).
Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11,303,619 to Wang et al. in view of U.S. Patent Application Publication No. 2017/0171169 by Lee et al. and in view of U.S. Patent Application Publication No. 2025/0150904 by Monajemi et al. further in view of U.S. Patent Application Publication No. 2023/0328132 by Crabtree et al.
As to claims 2, 9 and 16, the modified Wang/Lee/Monajemi reference discloses all recited elements of claims 1, 8 and 15 from which claims 2, 9 and 16 depend.
The modified reference does not expressly disclose wherein the tunnel comprises a virtually extensible local area network tunnel.
Crabtree discloses wherein the tunnel comprises a virtually extensible local area network tunnel (Crabtree: Page 6, Sec 94; secure VxLAN P2P connection).
The modified reference and Crabtree are analogous art because they are from the common area of protected network communications.
It would have been obvious to one of ordinary skill in the art, at or before the effective filing date of the instant application, to use the VxLAN tunnel of Crabtree in the system of the modified reference. The rationale would have been to create a secure P2P connection (Crabtree: Page 6, Sec 94).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432
/Michael S McNally/Primary Examiner, Art Unit 2432