DETAILED ACTION
This action is in response to the amendment filed 12/16/2020.
Claims 1, 6 and 11 have been amended.
Claim 2 has been canceled.
Claims 1 and 3-11 are pending.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
Applicant’s amendment to claim 11 previously rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter has overcome the rejection of the claim under 35 U.S.C. § 101.  Therefore, the rejection of claim 11 under 35 U.S.C. § 101 has been withdrawn.

Response to Arguments
Applicant Argument:
(A)	On pages 6–10 of the Applicant’s Remarks, see Applicant Remarks, filed 12/16/2020, with respect to the rejection of claims 1, 3-5, 6 8-10 and 11 under 35 U.S.C. § 103 as being unpatentable over Singh et al. (US Pat. 9,077,701) in view of Sun et al. (US Pat. 10,454,887), have been fully considered and are persuasive in light of the 

Applicant Argument:
(B)	On pages 10-11 of the Applicant’s Remarks, the Applicant argues that the dependent claims do not cure the deficiencies of the combination of the prior art used to reject the independent claims.

Examiner response:
The Examiner considers the Applicant’s argument moot in light of the Examiner’s response to Applicant’s arguments (A) above.

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Won Jun Choi, Reg. No. L1,025 on 04/09/2020.


1. (Currently Amended) An end-to-end security communication method, the method performed by a communication controller comprising the steps of:
receiving an authentication request of a first host from the first host, and performing an authentication of the first host by communicating with an authentication server;
receiving an authentication request of a second host from the second host and performing an authentication of the second host by communicating with the authentication server;
transmitting a success packet and the MAC address of the first host to the second host when the authentication of the second host is succeeded;
receiving a first security key generation request packet including a Media Access Control (MAC) address of the first host from the second host;
transmitting the first security key generation request packet to the first host;
generating, by the communication controller, a security key for end-to-end security communication between the first host and the second host when a second security key generation request packet including a MAC address of the second is received receiving the security key generation request packet from the first host;
transmitting the generated security key to each of the first host and the second host; and
setting a forwarding rule for transmission of a packet destined for the MAC address of the first host or the MAC address of the second host to a first switch and a second switch connected respectively to the first host and the second host.
(Currently Amended) A communication controller, comprising: 
an authentication unit configured to 
receive, from a first host, an authentication request of the first host and perform authentication of at least one host the first host by communicating with an authentication server, and 
receive, from a second host, an authentication request of the second host and perform an authentication of the second host by communicating with the authentication server; 
transmitting, by the communication controller, a success packet and the MAC address of the first host to the second host when the authentication of the second host is succeeded; 
a policy database which stores an each Media Access Control (MAC) address of the first and second hosts authenticated by the authentication unit; 
a key generation unit configured to 
receive a first security key generation request packet including a MAC address of the first host from the second host, transmit the first security key generation request packet to the first host, and 
generate a security key for end-to-end security communication between the first host and the second host and transmit the generated security key to each of the first host and the second host when a second security key generation request packet including a MAC address of the second is received from the first host; and 
a forwarding rule setting unit configured to set a forwarding rule for transmission of a packet destined for the MAC address of the first host or the MAC address of the 

11. (Currently Amended) A computer program stored on a non-transitory computer-readable recording medium to perform, in combination with a communication controller, an end- to-end security communication method, the method comprising: 
receiving an authentication request of a first host from the first host, and performing authentication of the first host by communicating with an authentication server,
receiving an authentication request of a second host from the second host and performing an authentication of the second host by communicating with the authentication server; 
transmitting a success packet and the MAC address of the first host to the second host when the authentication of the second host is succeeded; 
receiving a first security key generation request packet including a Media Access Control (MAC) address of the first host from the second host; 
transmitting the first security key generation request packet to the first host; 
generating a security key for end-to-end security communication between the first host and the second host when a second security key generation request packet including a MAC address of the second is received from the first host; 
transmitting the generated security key to each of the first host and the second host; and 
.

Allowable Subject Matter
Claims 1, 3-11 are allowed.
The following is an Examiner’s statement of reasons for allowance.
Upon further search and consideration, claim 1 is allowed because the closest prior art made of record considered pertinent to applicant's disclosure, neither alone or in combination, discloses:
An end-to-end security communication method, the method performed by a communication controller comprising the steps of:
receiving an authentication request of a first host from the first host, and performing an authentication of the first host by communicating with an authentication server;
receiving an authentication request of a second host from the second host and performing an authentication of the second host by communicating with the authentication server;
transmitting a success packet and the MAC address of the first host to the second host when the authentication of the second host is succeeded;
receiving a first security key generation request packet including a Media Access Control (MAC) address of the first host from the second host;
transmitting the first security key generation request packet to the first host;

transmitting the generated security key to each of the first host and the second host; and
setting a forwarding rule for transmission of a packet destined for the MAC address of the first host or the MAC address of the second host to a first switch and a second switch connected respectively to the first host and the second host, in the precise manner disclosed by the Applicant’s claimed invention.

The closest prior art discloses the following: 
Mohamed et al. (US Pat. 10,397,373 B2) discloses a method for network controller provisioned MACsec keys that include provisioning, with a network controller (e.g., network controller, a first network device and a second network device with media access control security (MACsec) keys for a MACsec flow between network devices.  Mohamed does not disclose the network controller generating a security key for end-to-end security communication and setting a forwarding rule for a first and second switch to control communication between successfully authenticated first and second hosts, wherein the security key to be provisioned for the first and second network devices is based on the MAC addresses of the first and second network devices, in the specific manner disclosed by the Applicant’s invention.



Chimakurthy et al. (US Pat. 10,686,595 B2) discloses systems and methods for configuring a connectivity association key (CAK) and a connectivity association name (CKN) in a MACsec capable device, wherein a first MACsec device may receive a MAC address and a device identifier of a second MACsec capable device, the First MACsec capable device may authenticate the second MACsec capable device based on the device identifier and generate and generate a CAK, a CKN, and a nonce; the CAK, the CKN, and the nonce may be encrypted using a public key of the second MACsec capable device to generate an encrypted packet, and wherein the encrypted packet may be sent to the second MACsec capable device.  Chimakurthy does not disclose a network controller generating a security key for end-to-end security communication and setting a forwarding rule for a first and second switch to control communication between successfully authenticated first and second hosts, wherein the security key to be provisioned for the first and second network devices is based on the MAC addresses of 
Claim 6 discloses a communication controller configured to process method steps that are substantively similar in scope to the invention of claim 1.  Claim 6 is therefore allowed for the same reasons outlined in the reasons for allowance of claim 1 above.

Claim 11 discloses a computer program stored on a non-transitory computer-readable recording medium to perform in combination with a communication controller, to process method steps that are substantively similar in scope to the invention of claim 1.  Claim 11 is therefore allowed for the same reasons outlined in the reasons for allowance of claim 1 above.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to /FELICIANO S MEJIA/ whose telephone number is (571)270-5994.  The examiner can normally be reached on 8:30am - 5:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/FELICIANO S. MEJIA/
Examiner
Art Unit 2492




/OLEG KORSAK/Primary Examiner, Art Unit 2492