Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are presented for examination.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “an access control unit”, “a communication authorization unit” in claims 1-7.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification (e.g., “an access control unit…configured to: determine… whether the peer endpoint is IDE qualified; … authorize the communication request; … transmit the communication request to a root port” in claim 1, in paragraph: 6, and “a communication authorization unit…is configured to: establish a key setup and exchange component with the peer endpoint device” in claim 2, in paragraph: 7) as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
4. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over THOMAS (US pat. App. Pub. 20230176993) and in view of KRAHN et al hereafter KRAHN (US pat. App. Pub. 20170041147).
5. As per claims 1, and 17, THOMAS discloses an endpoint device and a computer program product configured for secure data transmission, the endpoint device comprising: a network interface configured to receive a communication request from a peer endpoint device (paragraphs: 22, wherein it emphasizes that an end point PCI device accesses to another endpoint PCI device to establish a peer to peer communication through a network interface); an access control unit operatively coupled to the network interface, and configured to: determine, based on the communication request; in an instance in which the peer endpoint device is qualified, authorize the communication request (paragraphs: 24, 43-44, and 48, wherein it elaborates that a controller attached with the network interface of the endpoint PCI device verifies whether the access request is coming from a trusted device and if the access request is generated from the trusted device then the communication request will be authorized); and in an instance in which the peer endpoint device is not IDE qualified, transmit the communication request to a root port to authorize the communication request (paragraphs: 26-27, and 39, wherein it discusses that if the peer access request is not from a trusted device then the then the access request should be diverted for a root port for further verification). Although, THOMAS describes verifying the access request generated from a trusted device. He does not expressly disclose whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified. However, in the same field of endeavor, KRAHN discloses whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified (paragraphs: 3-4, and 17-19).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated KRAHN’s teachings of whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified with the teachings of THOMAS, for the purpose of effectively protecting the IDE device from any unauthorized intruders.
6. As per claim 2, THOMAS does not disclose the endpoint device, further comprising a communication authorization unit operatively coupled to the access control unit, wherein the communication authorization unit is configured to: establish a key setup and exchange component with the peer endpoint device prior to receiving the communication request from the peer endpoint device, wherein determining that the peer endpoint device is IDE qualified comprises determining that the key setup and exchange component is established. However, in the same field of endeavor, KRAHN discloses the endpoint device, further comprising a communication authorization unit operatively coupled to the access control unit, wherein the communication authorization unit is configured to: establish a key setup and exchange component with the peer endpoint device prior to receiving the communication request from the peer endpoint device, wherein determining that the peer endpoint device is IDE qualified comprises determining that the key setup and exchange component is established (paragraphs: 3, 24, and 35, wherein it describes that a pair of keys are settled prior to establish the communication session in the peer devices).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated KRAHN’s teachings of establish a key setup and exchange component with the peer endpoint device prior to receiving the communication request from the peer endpoint device, wherein determining that the peer endpoint device is IDE qualified comprises determining that the key setup and exchange component is established with the teachings of THOMAS, for the purpose of effectively setup the key for secure communication.
7. As per claim 3, THOMAS does not disclose the endpoint device, wherein, in establishing the key setup and exchange component, the communication authorization unit is further configured to: generate a first set of cryptographic keys for the endpoint device, wherein the first set of cryptographic keys comprises a first public key and a first private key; transmit the first public key to the peer endpoint device; receive, from the peer endpoint device, a second public key associated with the peer endpoint device; and store the second public key in a secure memory location. However, in the same field of endeavor, KRAHN discloses wherein, in establishing the key setup and exchange component, the communication authorization unit is further configured to: generate a first set of cryptographic keys for the endpoint device, wherein the first set of cryptographic keys comprises a first public key and a first private key; transmit the first public key to the peer endpoint device; receive, from the peer endpoint device, a second public key associated with the peer endpoint device; and store the second public key in a secure memory location (paragraphs: 4, 17, and 38, wherein it elaborates that the established keys for the one endpoint device is public and private keys. The first public key is transferred to the end device and received another public key from the end device. Then a second key is associated with the end device and storing that key).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated KRAHN’s teachings of establish wherein the first set of cryptographic keys comprises a first public key and a first private key; transmit the first public key to the peer endpoint device; receive, from the peer endpoint device, a second public key associated with the peer endpoint device; and store the second public key in a secure memory location with the teachings of THOMAS, for the purpose of effectively using the public and private key to secure the communication.
8. As per claim 4, THOMAS does not disclose the endpoint device, wherein the communication authorization unit is further configured to: extract a digital signature associated with the peer endpoint device from the communication request; decrypt the digital signature associated with the peer endpoint device using the second public key to obtain a transmitted hash associated with the communication request; determine a computed hash associated with the communication request; and in an instance in which the transmitted hash matches the computed hash, determine that the communication request is authentic. However, in the same field of endeavor, KRAHN discloses wherein the communication authorization unit is further configured to: extract a digital signature associated with the peer endpoint device from the communication request; decrypt the digital signature associated with the peer endpoint device using the second public key to obtain a transmitted hash associated with the communication request; determine a computed hash associated with the communication request; and in an instance in which the transmitted hash matches the computed hash, determine that the communication request is authentic (paragraphs: 20, 25, 36, and 48-49).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated KRAHN’s teachings of establish wherein the first set of cryptographic keys comprises a first public key and a first private key; transmit the first public key to the peer endpoint device; receive, from the peer endpoint device, a second public key associated with the peer endpoint device; and store the second public key in a secure memory location with the teachings of THOMAS, for the purpose of effectively using the public and private key to secure the communication.
9. As per claim 5, THOMAS and in view of KRAHN discloses the endpoint device, wherein the communication authorization unit is further configured to: generate a first shared secret key based on the first private key and the second public key; transmit the first shared secret key to the peer endpoint device; receive, from the peer endpoint device, a second shared secret key associated with the peer endpoint device, wherein the second shared secret key is generated using the first public key and the second private key at the peer endpoint device; and establish a secure communication channel between the endpoint device and the peer endpoint device based on the first shared secret key and the second shared secret key, wherein the first shared secret key matches the second shared secret key, and wherein determining that the peer endpoint device is IDE qualified comprises determining that the secure communication channel is established (THOMAS, Paragraphs: 19-22, and 24).
10. As per claim 6, THOMAS and in view of KRAHN discloses the endpoint device, wherein the access control unit is further configured to: deny the communication request in an instance in which the peer endpoint device is not IDE qualified (THOMAS, paragraphs: 26-27, and 29).
11. As per claim 7, THOMAS and in view of KRAHN discloses the endpoint device, wherein the access control unit is further configured to authorize the communication request with the peer endpoint device according to a peer-to-peer model (THOMAS, Paragraphs: 32-33, and 37).
12. As per claim 8, THOMAS and in view of KRAHN discloses the endpoint device, wherein authorizing the communication request according to the peer-to-peer model comprises excluding communication with other peer devices (THOMAS, Paragraphs: 39, and 41-42).
13. As per claims 9, THOMAS discloses a method for secure data transmission, the method comprising: receiving, at an endpoint device, a communication request from a peer endpoint device via a network interface (paragraphs: 22, wherein it emphasizes that an end point PCI device accesses to another endpoint PCI device to establish a peer to peer communication through a network interface); determining, based on the communication request, authorizing the communication request if the peer endpoint device is qualified (paragraphs: 24, 43-44, and 48, wherein it elaborates that a controller attached with the network interface of the endpoint PCI device verifies whether the access request is coming from a trusted device and if the access request is generated from the trusted device then the communication request will be authorized); and transmitting the communication request to a root port for authorization if the peer endpoint device is not IDE qualified (paragraphs: 26-27, and 39, wherein it discusses that if the peer access request is not from a trusted device then the then the access request should be diverted for a root port for further verification). Although, THOMAS describes verifying the access request generated from a trusted device. He does not expressly disclose whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified. However, in the same field of endeavor, KRAHN discloses whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified (paragraphs: 3-4, and 17-19).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated KRAHN’s teachings of whether the peer endpoint device is Integrity and Data Encryption (IDE) qualified with the teachings of THOMAS, for the purpose of effectively protecting the IDE device from any unauthorized intruders.
14. Claims 10-16, and 18-20 are listed all the same elements of claims 2-8. Therefore, the supporting rationales of the rejection to claims 2-8 apply equally as well to claims 10-16, and 18-20.
Citation of References
15. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Madaiah et al (US pat. app. Pub. 20130343179): discusses a protection switching method in a communication network, the communication network including plurality of communication devices forming a linear chain and at least one non-ERPS on the nodes ERPS (Ethernet Ring Protection Switching) device connecting terminal ports of the linear chain and thereby forming a ring. In one embodiment this is accomplished by instantiating ERPS on each communication device that forms a linear chain and on each non-terminal ports of the linear chain, identifying a node or link fault in the network, wherein the link or node fault is detected by Continuity Check Message (CCM), Loss of Light (LOL), Loss of Signal (LOS), Loss of periodic continuity check messages (IEEE 802.1 ag) or any other mechanisms thereof, blocking ports of the communication device in response to the detection of fault, periodically broadcasting a fault message by the blocked ports of the communication devices, wherein the message gets terminated at the ports of the communication device within the linear chain network without reaching the non-ERPS device, flushing the Media Access Control (MAC) table entry upon receipt of the fault message by all the communication device and unblocking of a root port link (RPL) of the linear for providing an alternate path to route network traffic after receipt of the fault message.
Bower, III et al (US pat. App. Pub. 20140237576): elaborates that dual-access high-performance storage for BMC to host data sharing includes a storage device, a host input/output (“IO”) domain hardware, a BMC that includes an external data connection, and a switch that includes a connection to the host TO domain hardware, a connection to the storage device, a connection to a root port in the BMC, and a connection to an end point port of the BMC. The switch is configured to connect the host TO domain hardware to the end point port of the BMC and configured to alternately connect the root port of the BMC to the storage device while uploading data from the external data connection to the storage device, and the host TO domain hardware to the storage device to permit the host TO domain hardware to access to the data uploaded from the external data connection.
Conclusion
16. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590. The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached on 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2407