Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is a reply to the application filed on 12/02/2024, in which, claim(s) 1-20 are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/02/2024 and 06/24/2025, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Drawings
The drawings filed on 12/02/2024 is/are accepted by The Examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gordon et al. (US 20220158826 A1; hereinafter Gordon) in view of Falk et al. (US 20150149779 A1; hereinafter Falk).
Regarding claims 1, 8 and 15, Gordon discloses a method, comprising:
processing, by a first network device, a first message from a second network device to determine encrypted key derivation function (KDF) input information (IED received input entropy data and keys from the entropy device [Gordon; ¶40-49; Figs. 3, 7 and associated texts]);
decrypting, by the first network device, that encrypted KDF input information to determine at least one of one or more KDF input parameters or KDF identification information that identifies a KDF and the one or more KDF input parameters (input entropy data (e.g., entropy data encrypted via a key-encryption-key derived from the CAK), thus the IED decrypt the input entropy data which may be stored in an entropy pool containing other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]);
determining, by the first network device and based on determining at least one of the one or more KDF input parameters or the KDF identification information that identifies the KDF and the one or more KDF input parameters, a connectivity association key (CAK) for a network session between the first network device [and the second network device] (IEDs may generate a set of keys, using the input entropy data, for establishing the MACsec communication link between devices [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Gordon discloses IEDs and Entropy Device communicates over the network. Gordon does not explicilty discloses the communicate method between the IED and Entropy device; however, Falk teaches a method of communicating of using KDF generated keys to communicated between sender and receiver [Falk; ¶33-50; Fig. 1 and associated texts];
determining, by the first network device, a checksum value (calculating a first cryptographic checksum by the at least one sender for the respective message on the basis of the sender key and the message [Falk; ¶16, 24, 39; fig. 1 and associated texts]); and
sending, by the first network device and to the second network device, a second message that includes the checksum value (the sender sends the checksum to the receiver [Falk; ¶16, 24, 39-50; fig. 1 and associated texts]). It would have been obvious before the effective filing date of the claimed invention to modify Gordon in view of Falk established communication with the KDF generated keys and using checksum for integrity with the motivation to increases the security [Falk; ¶18].
Regarding claim 2, Gordon-Falk combination discloses the method of claim 1, further comprising: communicating, with the second network device and based on sending the second message, to cause the network session to utilize the CAK (establishing a Media Access Control Security (MACsec) communication link using the set of keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 3, Gordon-Falk combination discloses the method of claim 1, wherein at least one of the first message or the second message is a Media Access Control Security (MACsec) key agreement protocol data unit (MKPDU) (a Media Access Control Security (MACsec) communication link [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 4, Gordon-Falk combination discloses the method of claim 1, wherein the second message includes an indicator indicating that the second message includes the checksum value (the sender sends the checksum to the receiver [Falk; ¶16, 24, 39-50; fig. 1 and associated texts]). The motivation to increases the security [Falk; ¶18].
Regarding claim 5, Gordon-Falk combination discloses the method of claim 1, further comprising: establishing, with the second network device, the network session, wherein the network session is a Media Access Control Security (MACsec) session (establishing a Media Access Control Security (MACsec) communication link [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 6, Gordon-Falk combination discloses the method of claim 1, wherein processing the first message from the second network device comprises one or more of: reading a name field of the first message to identify an indicator indicating that the first message includes encrypted KDF input information (the message includes other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 7, Gordon-Falk combination discloses the method of claim 1, wherein decrypting that encrypted KDF input information comprises: using an encryption key associated with the CAK to decrypt the encrypted KDF information and determine the one or more KDF input parameters (decrypting via a key-encryption-key derived from the CAK [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 9, Gordon-Falk combination discloses the first network device of claim 8, wherein the checksum value is associated with the second network device determining an additional CAK based on the encrypted KDF input information (calculating checksum by the at least one sender for the respective message on the basis of the sender key and the message [Falk; ¶16, 24, 39; fig. 1 and associated texts]). The motivation to increases the security [Falk; ¶18].
Regarding claim 10, Gordon-Falk combination discloses the first network device of claim 8, wherein the one or more processors, to decrypt that encrypted KDF input information, are to: decrypt the encrypted KDF input information based on identifying an indicator in the first message (input entropy data (e.g., entropy data encrypted via a key-encryption-key derived from the CAK), thus the IED decrypt the input entropy data which may be stored in an entropy pool containing other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 11, Gordon-Falk combination discloses the first network device of claim 8, wherein the second message is a Media Access Control Security (MACsec) key agreement protocol data unit (MKPDU) that is associated with the MACsec session and an encrypted checksum value is included in a name field of the MKPDU (a Media Access Control Security (MACsec) communication link [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 12, Gordon-Falk combination discloses the first network device of claim 8, wherein the one or more processors, to decrypt that encrypted KDF input information, are to: use an encryption key associated with the CAK to decrypt the encrypted KDF input information and determine the one or more KDF input parameters (entropy data encrypted via a key-encryption-key derived from the CAK, thus the IED decrypt the input entropy data which may be stored in an entropy pool containing other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 13, Gordon-Falk combination discloses the first network device of claim 8, wherein the encrypted KDF input information is included in a CAK name field of the first message (input entropy data (e.g., entropy data encrypted via a key-encryption-key derived from the CAK), thus the IED decrypt the input entropy data which may be stored in an entropy pool containing other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 14, Gordon-Falk combination discloses the first network device of claim 8, wherein the one or more KDF input parameters include at least one of: a KDF parameter, a key parameter, a label parameter, or a context parameter (input entropy data (e.g., entropy data encrypted via a key-encryption-key derived from the CAK), thus the IED decrypt the input entropy data which may be stored in an entropy pool containing other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 16, Gordon-Falk combination discloses the non-transitory computer-readable medium of claim 15, the second message includes an indicator indicating that the second message includes the checksum value (the sender sends the checksum to the receiver [Falk; ¶16, 24, 39-50; fig. 1 and associated texts]). The motivation to increases the security [Falk; ¶18].
Regarding claim 17, Gordon-Falk combination discloses the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the first network device to process the first message from the second network device, cause the first network device to: read a name field of the first message to identify an indicator indicating that the first message includes encrypted KDF input information (the message includes other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 18, Gordon-Falk combination discloses the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the first network device to decrypt that encrypted KDF input information, cause the first network device to: use an encryption key associated with the CAK to decrypt the encrypted KDF information and determine the one or more KDF input parameters(decrypting via a key-encryption-key derived from the CAK [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 19, Gordon-Falk combination discloses the non-transitory computer-readable medium of claim 15, wherein the encrypted KDF input information is included in a CAK name field of the first message (the message includes other data, such as serial numbers, Media Access Control addresses, operating parameters to generate keys [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Regarding claim 20, Gordon-Falk combination discloses the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, that cause the first network device to decrypt that encrypted KDF input information, cause the first network device to: decrypt the encrypted KDF input information based on identifying an indicator in the first message (decrypting via a key-encryption-key derived from the CAK [Gordon; ¶40-49; Figs. 3, 7 and associated texts]).
Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998. The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DAO Q HO/Primary Examiner, Art Unit 2432
Prosecution Insights