SECURE MANAGEMENT FOR A PASSIVE OPTICAL NETWORK

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over Dillon et al (US Pub. No. 2022/0337445 A1) in view of Endo et al (US Pub. No. 2010/0021161 A1). Regarding claim 1, Dillon et al teaches communication system comprising: a virtual line terminal instantiated within a container on a computing device to provide services to a plurality of customer devices through said physical line terminals, where each of said physical optical line terminals is accessible from within said container (pare [0027]; “It is desirable to virtualize the data plane, and in particular a portion of the Remote PHY functionality on a COTS server and/or “bare metal” servers. In this manner, the MAC cores for the cable distribution system may run on COTS servers and/or “bare metal” servers. By way of reference herein, a virtualized Remote PHY MAC Core may be referred to herein as a vCore instance”; para [0030]; “The container orchestration system 420 may include a grouping of containerized components, generally referred to as a pod 430. A pod consists of one or more containers that are co-located on the same COTS server and/or “bare metal” server and/or the same virtual machine, which can share resources of the same COTS server and/or “bare metal” server and/or same virtual machine. Each pod 430 is preferably assigned a unique pod IP address within a cluster, which allows applications to use ports without the risk of conflicts. Within the pod 430, each of the containers may reference each other based upon a localhost or other addressing service, but a container within one pod preferably has no way of directly addressing another container within another pod, for that, it preferably uses the pod IP address or otherwise an addressing service.”; vCore is considered as virtual line terminal); (c) a gateway (para [0053]; “Referring to FIG. 7, to provide access to the vCores of the POD/Kubernetes infrastructure it is desirable to include a virtual network interface 700, which is an abstract virtualized representation of a computer network interface, as part of a gateway 710.”) that provides access to said virtual optical line terminal over a non-encrypted channel; (d) said gateway provides access to said gateway from a network address exterior to said container over an encrypted channel (para [054]; “…the gateway 710 includes one or more externally accessible service endpoints to the POD/Kubernetes infrastructure (e.g., IP address) that only permits encrypted exchanges, such as through a secure socket shell, across an unsecured network (e.g., the Internet) from a computer 750.”). Dillon et al teaches optical node device (para [0014]; “An exemplary D-CMTS 200 may include a remote PHY architecture, where a remote PHY (R-PHY) is preferably an optical node device that is located at the junction of the fiber and the coaxial.”) and differs from the claimed invention in that Dillon et al does not specifically teach a passive optical network comprising a plurality of physical optical line terminals that each include a south bound interface capable of receiving and sending data, respectively, based upon passive optical network based framing. Endo et al teaches passive optical network system comprising plurality of optical line terminals transferring frames from OLT to ONU via gateway (para [0052]; “the GW 50-1 always transfers communication frames received from the ONU 30-1 through the OLT 10-1-1 to the connection line 101-2 of the ISP network 103-1.”). Therefore, it would have been obvious to an artisan of ordinary skill in the before the filling date of the claimed invention to modify the communication system of Dillon et al by providing plurality of OLTs as the optical node in order to provide high bandwidth and centralized management. Regarding claim 2, the combination of Dillon et al as modified by Endo et al teaches wherein said gateway provides access to said gateway from a plurality of different user accounts (Endo et al: para [0049]; “Each IPS network 103 is provided with ISP servers 90 (90-1 and 90-2) and each subscriber terminal TE accesses the Internet 114 through an ISP server 90. On each of connection lines 101, 102, 105, and 109 are transferred communication frames according to the Ethernet (trade mark) protocol.”). Regarding claim 3, the combination of Dillon et al as modified by Endo et al teaches wherein said gateway provides access to said virtual optical line terminal over a single shared account from said plurality of different user accounts (para [0054]; “The gateway also permits the use of non-encrypted scripts to provide configuration, diagnostics, control, and management of the vCores in an efficient manner while access to the gateway is provided in an encrypted manner. In this manner, there may be a single, encrypted, aggregated command line interface access point covering an entire cluster of vCores, while within the POD/Kubernetes infrastructure a non-encrypted channel is used. By way of example, the service ports for the telnet communications may be managed as a pool resource with a configurable fixed pool size that are shared across multiple telnet sessions which terminate on the same vCore.”; vCore is considered vOLT). Claims 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Dillon et al (US Pub. No. 2022/0337445 A1) in view of Endo et al (US Pub. No. 2010/0021161 A1) and further in view of Woolward et al (US Pub. No. 2017/0374032 A1). Regarding claim 4, the combination of Dillon et al as modified by Endo et al teaches communication system comprising user account and differs from the claimed invention in that the combination does not specifically teach that the user account is authenticated by a Terminal Access Controller Access Control System+. Woolward et al teaches communication network comprising authentication by a Terminal Access Controller Access Control System (TACACS) (Woolward et al: para [0081]; “Authentication servers (e.g., Kerberos server, Terminal Access Controller Access-Control System (TACACS) server, Remote Authentication Dial-In User Service (RADIUS) server) provide a network service that applications use to authenticate the credentials, usually account names and passwords, of their users.”). Therefore, it would have been obvious to an artisan of ordinary skill in the before the filling date of the claimed invention to modify the network system of the combination by having user account authenticated by Terminal Access Controller Access Control System (TACACS), as taught by Woolward et al, in order to provide secure, centralized Authentication, Authorization, and Accounting for network devices and offer superior command-level control, full payload encryption, and TCP-based reliability. Regarding claim 5, the combination of Dillon et al as modified by Endo et al teaches communication system comprising user account and differs from the claimed invention in that the combination does not specifically teach that the user account is authenticated by a Remote Authentication Dial-In User Service. Woolward et al teaches communication network comprising authentication by a Terminal Access Controller Access Control System (TACACS) (Woolward et al: para [0081]; “Authentication servers (e.g., Kerberos server, Terminal Access Controller Access-Control System (TACACS) server, Remote Authentication Dial-In User Service (RADIUS) server) provide a network service that applications use to authenticate the credentials, usually account names and passwords, of their users.”). Therefore, it would have been obvious to an artisan of ordinary skill in the before the filling date of the claimed invention to modify the network system of the combination by having user account authenticated by Remote Authentication Dial-In User Service, as taught by Woolward et al, in order to provide centralized authentication, authorization, and accounting management for networks, significantly improving security through unique user credentials rather than shared passwords and strengthens network access control. Regarding claim 6, the combination of Dillon et al as modified by Endo et al teaches communication system comprising user account and differs from the claimed invention in that the combination does not specifically teach that the user account is authenticated by a local Operating System password. Woolward et al teaches communication network comprising authentication by a Terminal Access Controller Access Control System (TACACS) (Woolward et al: para [0081]; “Authentication servers (e.g., Kerberos server, Terminal Access Controller Access-Control System (TACACS) server, Remote Authentication Dial-In User Service (RADIUS) server) provide a network service that applications use to authenticate the credentials, usually account names and passwords, of their users.”). Therefore, it would have been obvious to an artisan of ordinary skill in the before the filling date of the claimed invention to modify the network system of the combination by having user account authenticated by local Operating System password, as taught by Woolward et al, in order to provide low-cost, user-friendly security method requiring no specialized hardware or software, versatile, easy to implement, and when combined with best practices like strong, unique passphrases, it serves as a reliable first line of defense against unauthorized access. Regarding claim 7, the combination of Dillon et al as modified by Endo et al teaches communication system comprising user account and differs from the claimed invention in that the combination does not specifically teach wherein each of said plurality of different user accounts have different privilege levels. Woolward et al teaches user accounts have different privilege levels (Woolward et al: para [0097]; “Embodiments of the present invention include the benefits of autonomously classifying workloads, thereby identifying critical application infrastructure (e.g., critical application infrastructure 770 in FIG. 7B), producing and providing a low-level firewall rule set at all communication entry points to the critical application infrastructure, and routing unauthorized access to a security mechanism (e.g., deception point 780) to protect the critical application infrastructure and analyze the unauthorized access. Except where an operator may initially adjust the specification of the critical application infrastructure (e.g., for a particular data center or to whitelist systems which have (full) access to the critical application infrastructure), user intervention is not required.”). Therefore, it would have been obvious to an artisan of ordinary skill in the before the filling date of the claimed invention to modify the network system of the combination by providing user accounts with different privilege levels, as taught by Woolward et al, in order to provide enhanced security. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Jiang et al (US Pub. No. 2014/0321845 A1) is cited to show PON protection method and apparatus. Chen (US Patent No. 7,606,489 B2) is cited to show system control and management of PON. Kerpez et al (US Pub. No. 2025/0310193 A1) is cited to show system for implementing the virtualization of access node functions. Kolbe et al (US Patent No. 12,132,658 B2) is cited to show operation of broadband access network of a telecommunications network comprising a central office point of delivery. Mahajan (US Patent No. 11,632,607 B2) is cited to show supporting OLT of PON. Frozenfar (US Patent No. 11,621,777 B2) is cited to show virtual optical edge device. Li et al (US Pub. No. 2022/0231907 A1) is cited to show vOLTMF and PON. Zhang et al (US Pub. No. 2019/0387295 A1) is cited to show OLT device virtualization method and related device. Gao et al (US Pub. No. 2018/0031625 A1) is cited to show virtual remote gateway OLT. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DALZID E SINGH whose telephone number is (571)272-3029. The examiner can normally be reached Monday-Friday 9-5 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID PAYNE can be reached at 571-272-3024. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. DALZID E. SINGH Primary Examiner Art Unit 2635 /DALZID E SINGH/Primary Examiner, Art Unit 2635