DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1,4-11,14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chua et al (9,038,151) in view of Mentze et al (2016/0352731).
With respect to claims 1,11, Chua discloses a system to authenticate a device in a software defined network (SDN) (Abstract), the system comprising: a device to be authenticated 102 (fig 1); a network device 106 (fig 1) (col 5, lines 34-43, “system 100 includes software defined network (SDN) 106, which includes network devices 108, 110 and service devices 116. Network devices 108, 110 may comprise switches, and other devices (not shown). These network devices can be physical instantiations or virtual instantiations. SDN 106 may also include other types of devices, such as routers, load balancers, various L4-L7 network devices, or even multi-tenant capable devices, among other network devices. Again, these network devices can be either of physical or virtual instantiations”), comprising: a first communication interface in communication with the SDN 106 generally serves to interconnect various endpoint devices, such as client device 102 and server device 104”); a first authentication system 210, 208 (fig 3) to receive and transmit authentication credentials from the device to be authenticated (col 4, lines 55-61, “cause a processor of a controller device for a software defined network (SDN) to receive credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol”); an authentication device 112 (fig 1) comprising: a second communication interface in communication with the network device 106 (fig 1) to receive the authentication credentials (col 10, lines 5-35); a second authentication system 266 (fig 4) to: assess the authentication credentials (col 4, lines 55-61, “cause a processor of a controller device for a software defined network (SDN) to receive credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol”); and a traffic routing subsystem 256 (fig 4) to implement a plurality of communication flows associated with the device to be authenticated based on the approval of the authentication credentials; wherein the network device implements the plurality of communication flows associated with the device to be authenticated upon receipt of the approval of the authentication credentials (Abstract, “determine one or more policies that are applicable to the client device based on the received credentials, and program network devices of the SDN to enforce the determined policies on a per-packet flow basis for packet flows including the client device”; col 7, lines 33-55). 
Chua does not explicitly disclose generating an approval of the authentication credentials; and communicate an approval of the authentication credentials to the Identification/permission”) via a second communication interface. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chua by generating an approval of the authentication credentials; and communicate an approval of the authentication credentials to the network device via a second communication interface, taught by Mentze, to assign different policies for different users (taught by Mentze in para [0001]). 

With respect to claims 4,14, Chua does not explicitly disclose the first authentication system monitors traffic from the device to be authenticated and identifies authentication credentials to transmit to the authentication device. The Official Notice is taken that the claimed authentication system would have been known. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chua with the known authentication system to make the system more secure.

With respect to claims 5,15, Chua discloses wherein the authentication credentials are provided according to one of the 802.1X and 802.1AE protocol (col 10, lines 17-35).



With respect to claims 7,17, Chua does not disclose the network device comprises an option to select a fail open option when the authentication device is unavailable. The Official Notice is taken that an option to select a fail open option when the authentication device is unavailable would have been known. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chua with the option as claimed for the same motivation discussed in claim 6 above.

With respect to claims 8,18, Chua discloses wherein the network device comprises a non-volatile computer readable storage medium (col 2, lines 6-20) and implementation of the plurality of communication flows comprises activating the plurality of communication flows stored on the non-volatile-computer readable storage medium (col 7, lines 13-27, “SDN 106 generally serves to interconnect various endpoint devices, such as client device 102 and server device 104. In addition, SDN 106 may provide services to network traffic flowing between client device 102 and server device 104. Alternatively, SDN 106 may provide services to client device 102, without further directing traffic to server device 106. For example, administrator 114 may use SDN controller 112 to program network devices ofSDN 106 to direct network traffic for client device 102 to one or more of service devices 116”). 

With respect to claims 9,19, Chua discloses the network device comprises an option to selectively implement a media access control (MAC) authentication bypass based on a MAC address of the device to be authenticated (col 12, lines 1-5; col 11, lines 45-50; col 11, lines 57-60).

With respect to claims 10,20, Chua disclose wherein the SDN comprises an operational technology network 210 (fig 3); 282 (fig 4). 
Claims 2-3, 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Chua et al (9,038,151) in view of Mentze et al (2016/0352731) and Bheemarasetti et al (2003/0046587).
With respect to claims 2,12, Chua does not disclose wherein the network device operates in a start up state prior to receipt of the approval of the authentication credentials and in the start up state blocks all traffic from the device to be authenticated except the authentication credentials. Bheemarasetti discloses a secure network comprising: operates in a start up state prior to receipt of the approval of the authentication credentials and in the start up state blocks all traffic from the device to be authenticated except the authentication credentials (fig 11; para [0107], “Step 3: When a user logs in for the first time, he does not have any context within EPN to use remote access or data transfer facilities.  A temporary queue is created ("lazy registration" FIG. 13) by EPN Server and used while the user credentials are authenticated by a corporate authentication system.  After successful authentication, the user is imported into EPN for regular use”; para [0133], “Initial state (S.sub.initial)--right after the initial start up of EPN client, typically when the machine is booted.  The client communicates with EPN server at a frequency interval of T.sub.initial (initial interval) seconds looking for any active messages”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Chua with the initial state of Bheemarasetti to authentically the network device before transmitting data to make the system more secure.

With respect to claims 3,13, Chua discloses wherein the network device transitions to an operating state after receipt of the approval of the authentication credentials, and the network device routes 256 (fig 4) traffic according to the plurality of communication flows in the operating state (col 7, lines 28-55, “Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows …”). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TU T NGUYEN whose telephone number is (571)272-2424.  The examiner can normally be reached on M-F 8:00-5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on (571) 272-5863.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TU T NGUYEN/Primary Examiner, Art Unit 2453                                                                                                                                                                                                        02/12/2021