DETAILED ACTION

1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are presented for examination. 

3.	This Office Action is in response to application 16/712584 filed on December 12, 2019.

4.	Claims 2, 5-7, 13 and 14 have been rejected over prior arts.  Any two (2) dependent claims of the rejected claims, where each is rejected under a different prior art, would be allowable if the two claims are rewritten in independent form, are rewritten to overcome the objections set forth in this Office Action, and are to include all of the limitations of the base claim (1, 15 and 20) and any intervening claims (claim 3).  Also, Applicant to include necessary features for a smooth transition from feature to feature to prevent gaps/disconnects/indefinite issues (i.e. potential 35 U.S.C. 112(b) rejection) between features.


Claim Objections

5.	Claims 7, 8, 13 and 16-18 are objected to 37 C.F.R. 1.75 because of the following informalities:
	
6.	Claim 7 recites “according to attestation information” that refers back to “including attestation information” recited in claim 1.  The limitation/feature is viewed as  -- according to the attestation information --  for further examination.  Applicant is requested to resolve the claim.

Claim 8 incorporates the deficiencies of claim 7, through dependency, and are also objected.

7.	Claim 13 recites “includes attestation information” that refers back to “including attestation information” recited in claim 1.  The limitation/feature is viewed as  -- according to the attestation information --  for further examination.  Applicant is requested to resolve the claim.

8.	Claim 16 recites “to perform the operations” that refers back to “to perform operations” recited in claim 15.  The limitation/feature is viewed as  -- to perform the operations --  for further examination.  The same is true in claims 17 and 18.  Applicant is requested to resolve claims 16, 17 and 18.

Claim Rejections - 35 USC § 102

9.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:

A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

10.	Claims 1, 3, 4, 8-12, 15 and 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lootah et al., “TARP:  Ticket-based Address Resolution Protocol”, 2005, hereinafter Lootah.

11.	Regarding claims 1, 15 and 20, Lootah teach a method comprising:
receiving, at an Address Resolution Protocol (ARP) responder (“ARP” “ARP resolution”, “local broadcast address”), an ARP request (“the request”) from an ARP requestor (“querying host”) for performing address resolution between the ARP requestor and the ARP responder in a network environment (“IP network”) (“primary function of ARP is to map IP addresses onto hosts hardware addresses within a local area network” Introduction section page 1 col 1, “every packet in an IP network must be delivered to some interface in the local network”, “The IP address must be mapped onto a MAC address.  ARP resolution performs a distributed lookup via a simple broadcast request followed by a unicast response.  The querying host sends the request to the local broadcast address”, “reply, containing both the requested IP address and associated MAC address, is sent via unicast to the querying host” Background section page 2 col 1, “a host broadcasts a ARP request.  The host with the requested IP address sends a reply, attaching previously obtained ticket” A Ticket-based Approach section page 3 col 2);
building, by the ARP responder, an ARP response (“reply”) including attestation information (“previously obtained ticket”) of the ARP responder (“attestations, called tickets, authenticate the association between MAC and IP addresses through statements signed by the local Local Ticket Agent (LTA)”, “a host broadcasts a ARP request.  The host with the requested IP address sends a reply, attaching previously obtained ticket” A Ticket-based Approach section page 3 col 2); and
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information for verifying (“validating it”) the ARP responder using the ARP response and the attestation information of the ARP responder (“each ticket encodes a validity period as an expiration time”, “a host broadcasts a ARP request.  The host with the requested IP address sends a reply, attaching previously obtained ticket”, “the requesting host receives the ticket, validating it with the LTA’s public key.  If the signatures are valid, the address association is accepted; otherwise, it is ignored” A Ticket-based Approach section page 3 col 2, “with the introduction of TARP tickets, an adversary cannot successfully forge a TARP reply and, therefore, cannot exploit ARP poisoning attacks” A Ticket-based Approach section page 4 col 1, “TARP Reply Packet Format” Figure 4).


12.	Regarding claim 3, Lootah teach further comprising performing ARP attack mitigation (“a revocation mechanism”, “attack can be mitigated”, “preventing MAC spoofing”) in the network environment if the ARP responder is not verified (“otherwise, it is ignored”) using the attestation information in the ARP response (“a host broadcasts a ARP request.  The host with the requested IP address sends a reply, attaching previously obtained ticket”, “the signature on the ticket proves that the LTA issued it [] the MAC and IP address mapping is valid”, “the requesting host receives the ticket, validating it with the LTA’s public key.  If the signatures are valid, the address association is accepted; otherwise, it is ignored” A Ticket-based Approach section page 3 col 2, “with the introduction of TARP tickets, an adversary cannot successfully forge a TARP reply and, therefore, cannot exploit ARP poisoning attacks” A Ticket-based Approach section page 4 col 1, “to be secure, one must provide a revocation mechanism that securely notifies clients which tickets are no longer valid” Revocation section page 5 col 1, “attack can be mitigated by using a layer-2 switch with port security, thereby preventing MAC spoofing” Attacks against TARP section page 6 col 1).

13.	Regarding claim 4, Lootah teach wherein the ARP attack mitigation includes refraining (“ignored”) from adding an entry including a mapping of a MAC address of the ARP responder with an IP address of the ARP responder in an ARP mapping data store (“to securely perform address resolution using TARP”, “the host with the requested IP address sends a reply, attaching previously obtained ticket”, “the signature on the ticket proves that the LTA issued it”, “if the signatures is valid, the address association is accepted; otherwise, it is ignored” A Ticket-Based Approach page 3 col 2).


14.	Regarding claim 8, Lootah teach further comprising: 
identifying a specific timeout length (“validity period as an expiration time”) of an ARP entry for the ARP responder based on whether the ARP responder is verified or not verified according to the attestation information included in the ARP response (“each ticket encodes a validity period as an expiration time” A Ticket-based Approach section page 3 col 2); and
maintaining the ARP entry for the ARP responder in the ARP mapping data store for the specific timeout length (“users of TARP can provide similar window by setting the lifetime of the ticket to the ARP cache hold time” Revocation section page 5 col 2, “the ticket is cached (in a hash table)” Implementation section page 6 col 1).

15.	Regarding claims 9 and 17, Lootah teach further comprising 
sending the attestation information of the ARP responder from the ARP requestor to a verifier (“the signature on the ticket proves that the LTA issued it, i.e., the MAC to IP address mapping is valid” A Ticket-based Approach page 3 col 2), 
wherein the verifier (“LTA”) is configured to remotely (“LTA”, “DHCP server”) verify the ARP responder using the attestation information of the ARP responder received from the ARP requestor (“attestations, called tickets, authenticate the association between MAC and IP addresses through statements signed by the local Local Ticket Agent (LTA)”, “the requesting host receives the ticket, validating it with the LTA’s public key.  If the signature is valid, the address association is accepted” A Ticket-based Approach page 3 col 2, “in a TARP-enabled dynamic IP network, the DHCP server also performs the functionality of an LTA” The TARP Protocol page 4 col 1).

16.	Regarding claims 10 and 18, Lootah teach further comprising:
stapling (“signed”), by the ARP responder, the attestation information included in the ARP response with a verifier signed key (“signed by the local Local Ticket Agent (LTA)”, “the signature on the ticket proves that the LTA issued it, i.e., the MAC to IP address mapping is valid”, “validating it with the LTA’s public key” A Ticket-Based Approach page 3 col 2), 
wherein the verifier signed key (“signature proves”, “LTA’s public key”) is generated based on a verifier (“LTA”) validating the attestation information (“signed by the local Local Ticket Agent (LTA)”, “the signature on the ticket proves that the LTA issued it, i.e., the MAC to IP address mapping is valid”, “validating it with the LTA’s public key” A Ticket-Based Approach page 3 col 2); and
sending (“packages a ticket”, “key distribution”) the ARP response including the attestation information with the verifier signed key from the ARP responder to the ARP requestor (“server packages a ticket with the configuration information” The TARP Protocol page 4 col 1, “host requires the LTA’s public key in order to verify tickets”, “key distribution” The TARP Protocol page 4 col 2), 
wherein the ARP requestor is configured to locally verify the ARP responder using the attestation information and the verifier signed key received from the ARP responder (“statements signed by the local Local Ticket Agent (LTA)” A Ticket-Based Approach page 3 col 2).

17.	Regarding claims 11 and 19, Lootah teach wherein the verifier validates the attestation information to generate the verifier signed key before (“additional ticket distribution”) the ARP request is received at the ARP responder from the ARP requestor (“the DHCP server play the role of LTA eliminates the need for additional ticket distribution messages”, “a host requires the LTA’s public key in order to verify tickets” The TARP Protocol page 4 col 2).

18.	Regarding claim 12, Lootah teach: 
wherein the verifier signed key is associated with a validity time frame (“each ticket encodes a validity period as an expiration time” A Ticket-Based Approach page 3 col 2), and 
the ARP responder is configured to verify the ARP responder using the verifier signed key if the validity time frame is active (“validity period”) (“these attestations, called tickets, authenticate the association between MAC and IP addresses through statements signed by the local Local Ticket Agent (LTA).  Each ticket encodes a validity period as an expiration time” A Ticket-Based Approach page 3 col 2).

Claim Rejections - 35 USC § 103
19.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

20.	Claims 2 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lootah, as applied to claims 1 and 15 above, and further in view of Garg et al., US Pub 20190058731, hereinafter Garg.

21.	Regarding claims 2 and 16, Lootah teach further comprising:
extracting (“caches the association”) a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response (“this reply, containing both the requested IP address and associated MAC address, is sent via unicast to the querying host”, “the host caches the association” Background section page 2 col 1, “ticket proves that the LTA issued it, i.e., the MAC to IP address mapping is valid” A Ticket-based Approach page 3 col 2, “TARP Reply Packet Format” Figure 4); and
adding an ARP entry (“caches the association”) including a mapping (“association”) of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store (“cache”) if the ARP responder is verified using the attestation information in the ARP response (“this reply, containing both the requested IP address and associated MAC address, is sent via unicast to the querying host”, “the host caches the association” Background section page 2 col 1, “attestations, called, tickets, authenticate the association between MAC and IP addresses through statements signed by the local Local Ticket Agent (LTA)”, “sends a reply, attaching previously obtained ticket” A Ticket-based Approach section page 3 col 2, “the ticket expires along with the IP lease” The TARP Protocol page 4 col 1, “the MAC Addr and IP Addr create the address association” Ticket Format section page 5 col 1).

Lootah do not teach explicitly teach an ARP mapping data store feature, but in a similar field of endeavor Garg teach:
extracting (“is constructed based on”, “cache may be constructed [] based on observed ARP messages”) a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response (“an ARP cache is a collection of ARP entries (IP addresses to MAC address mappings)” [0004], “The ARP cache is constructed based on the ARP messages”, ”upon receiving the ARP response message from the destination device, the origin device may store the IP address to MAC address mapping [] in its ARP cache”, “as the mapping has been stored in its ARP cache” [0026], “a shadow ARP cache may be constructed, in which entry states may be set [] based on the observed ARP messages” [0033]);
adding an ARP entry (“may store the IP address [] mapping [] in its ARP cache”, “entry states may be set”) including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store (“ARP cache that stores”) if the ARP responder is verified using the attestation information in the ARP response (“an ARP cache is a collection of ARP entries (IP addresses to MAC address mappings)” [0004], “an ARP cache that stores IP address to MAC address mappings for devices.  The ARP cache is constructed based on the ARP messages”, ”upon receiving the ARP response message from the destination device, the origin device may store the IP address to MAC address mapping [] in its ARP cache”, “as the mapping has been stored in its ARP cache” [0026], “a shadow ARP cache may be constructed, in which entry states may be set [] based on the observed ARP messages” [0033] [0035] [0039]).

Thus, it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to readily recognize the advantage of modifying Lootah’s system that provides the user “IP networks fundamentally relay on the Address Resolution Protocol (ARP) for proper operation.  Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks” and “TARP implements security by distributing centrally issued MAC/IP address mapping attestations through existing ARP messages” (Lootah Abstract) with the features of Garg’s system to provide “detecting an incorrect first address to second address mapping in an Address Resolution Protocol (ARP) cache” (Garg [0010]). 

The motivation being “TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols” (Lootah Abstract) and “TARP gains significant performance improvements by amortizing the cost of ticket generation” (Lootah Micro-benchmarks section page 6 col col 2) which includes “transmitting an ARP request message that requires an Internet Protocol (IP) address to Media Access Control (MAC) address mapping for a gateway device” (Garg [0010]) and  “a shadow ARP cache may be constructed, in which entry states may be set [] based on the observed ARP messages” (Garg [0033]).

22.	Claim 5  is rejected under 35 U.S.C. 103 as being unpatentable over Lootah, as applied to claims 1 and 3 above, and further in view of Abad et al., “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, 2007, hereinafter Abad.

23.	Regarding claim 5, Lootah do not teach sending an alert indicating that the ARP responder failed verification feature, but in a similar field of endeavor Abad teach wherein the ARP attack mitigation includes sending an alert indicating that the ARP responder failed verification using the attestation information (“Intrusion Detection System (IDSs) [] usually able to detect ARP attacks and inform the administrator with the generation of an appropriate alert or alarm” Detecting ARP Attacks section page 3 col 2, “alerts administrators in case an ARP attack is detected from the analysis of the information received from the LAN and SNMP (Simple Network Management Protocol) sensors” Detecting ARP Attacks section page 4 col 1).

Thus, it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to readily recognize the advantage of modifying Lootah’s system that provides the user “IP networks fundamentally relay on the Address Resolution Protocol (ARP) for proper operation.  Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks” and “TARP implements security by distributing centrally issued MAC/IP address mapping attestations through existing ARP messages” (Lootah Abstract) with the features of Abad’s system to provide “the Address Resolution Protocol (ARP) is used by computers to map network address (IP) to physical address (MAC).  The protocol has proved to work well under regular circumstances, but it was not designed to cope with malicious hosts” (Abad Abstract). 

The motivation being “TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols” (Lootah Abstract) and “TARP gains significant performance improvements by amortizing the cost of ticket generation” (Lootah Micro-benchmarks section page 6 col col 2) which includes “several schemes to mitigate, detect and prevent these attacks have been proposed” (Abad Abstract) and “usually able to detect ARP attacks and inform the administrator with the generation of an appropriate alert or alarm” (Abad Detecting ARP Attacks section page 3 col 2).

24.	Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Lootah, as applied to claims 1 and 3 above, and further in view of Cox JR et al., “Leveraging SDN for ARP Security”, 2016, hereinafter Cox.

25.	Regarding claim 6, Lootah do not teach creating a log entry indicating the ARP responder failed verification feature, but in a similar field of endeavor Cox teach wherein the ARP attack mitigation includes creating a log entry indicating the ARP responder failed verification using the attestation information and a mapping of a MAC address of the ARP responder with an IP address of the ARP responder (“one software solution is Arpwatch”, “it tracks MAC:IP associations and syslog activities and then emails reports containing changes” State of The Art page 3 col 1).

Thus, it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to readily recognize the advantage of modifying Lootah’s system that provides the user “IP networks fundamentally relay on the Address Resolution Protocol (ARP) for proper operation.  Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks” and “TARP implements security by distributing centrally issued MAC/IP address mapping attestations through existing ARP messages” (Lootah Abstract) with the features of Cox’s system to provide “while address resolution protocol (ARP) aids network devices to locate the physical address of a provided Internet Protocol (IP) address, ARP is also extremely vulnerable to attack” (Cox Introduction section page 1 col 1). 

The motivation being “TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols” (Lootah Abstract) and “TARP gains significant performance improvements by amortizing the cost of ticket generation” (Lootah Micro-benchmarks section page 6 col col 2) which includes “each host on a subnet maintains its own ARP table (or cache) for mapping IP addresses (layer 3) to MAC addresses (layer 2)” (Cox State of The Art page 2 col 1) and “it tracks MAC:IP associations and syslog activities and then emails reports containing changes” (Cox State of The Art page 3 col 1).

26.	Regarding claim 14, Lootah do not teach sending an alert indicating that the ARP responder failed verification feature, but in a similar field of endeavor Cox teach teach wherein the ARP responder is configured to disregard (“dropped”, “ignored”)the ARP request if the ARP requestor is verified as untrustworthy as part of performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy (“once the DHCP server responds with a DHCP-ack, the entry is verified, and that MCA:IP:port association is then allowed to submit ARP-relies.  Otherwise, the ARP packet is dropped at the switch”, “NFG limits interactions with untrusted devices by only using DHCP-request packets that are bounded by DHCP-offer and DHCP-ack packets.  DHCP-discovery packets are ignored” NFG Design section page 4 col 2).

27.	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Lootah, as applied to claim 1 above, and further in view of Sawada et al., US Pub 20020016858, hereinafter Sawada.

28.	Regarding claim 7, Lootah teach further comprising 
maintaining (“primary function [] is to map”) an ARP mapping data store of a plurality of ARP entries (“IP address must be mapped onto a MAC address”) including mappings of MAC addresses of ARP responders and IP addresses of the ARP responders (“primary function of ARP is to map IP addresses onto hosts hardware addresses within a local area network” Introduction section page 1 col 1, “every packet in an IP network must be delivered to some interface in the local network”, “The IP address must be mapped onto a MAC address.  ARP resolution performs a distributed lookup via a simple broadcast request followed by a unicast response.  The querying host sends the request to the local broadcast address”, “reply, containing both the requested IP address and associated MAC address, is sent via unicast to the querying host” Background section page 2 col 1, “a host broadcasts a ARP request.  The host with the requested IP address sends a reply, attaching previously obtained ticket” A Ticket-based Approach section page 3 col 2).

Lootah do not teach ARP entries are associated with varying timeout lengths based on verified or not verified feature, but in a similar field of endeavor Sawada teach:
wherein each entry of the plurality of ARP entries are associated with varying timeout lengths based on whether corresponding ARP responders of the ARP entries are verified or not verified according to attestation information included in ARP responses received from the ARP responders (“arbitrary time other than ‘3600 sec’ can be set for the entry valid period if it is longer than the time required for IP address assignment”, “if the valid period is shorter than the valid period of information to be retained is an ARP cache provided on equipment [] there is a possibility of data inconsistency”, “therefore, the entry valid period must be longer than the valid period of information to be retained in the ARP cache” [0244]).

Thus, it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to readily recognize the advantage of modifying Lootah’s system that provides the user “IP networks fundamentally relay on the Address Resolution Protocol (ARP) for proper operation.  Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks” and “TARP implements security by distributing centrally issued MAC/IP address mapping attestations through existing ARP messages” (Lootah Abstract) with the features of Sawada’s system to provide “packet communications apparatus and a network system that prevent unauthorized users from using networking service unfairly” (Sawada [0006]). 

The motivation being “TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols” (Lootah Abstract) and “TARP gains significant performance improvements by amortizing the cost of ticket generation” (Lootah Micro-benchmarks section page 6 col col 2) which includes “the user terminal 2806 sends by broadcast an ARP Request packet 3301 including a broadcast address as the destination address to obtain a MAC address associate with the IP address” (Sawada [0236]) and “therefore, the entry valid period must be longer than the valid period of information to be retained in the ARP cache” (Sawada [0244]).

29.	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Lootah, as applied to claim 1 above, and further in view of Tian et al., “Securing ARP From the Ground Up”, 2015, hereinafter Tian.

30.	Regarding claim 13, Lootah do not teach verifying trustworthiness of the ARP requestor feature, but in a similar field of endeavor Tian teach wherein the ARP request includes attestation information of the ARP requestor, the method further comprising:
verifying (“determine the”) trustworthiness of the ARP requestor using the attestation information of the ARP requestor included in the ARP request (“Trusted Platform Module (TPM)”, “arpsec formalizes the ARP system binding using logic”, “TPM attestation protocol is also implemented to challenge the remote machine if the logic layer fails to determine the trustworthiness of the remote machine” Introduction section page 1 col 1); and
performing (“tethering”) the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy (“arpsec defends from most categories of ARP attacks by tethering address bindings to trusted hardware, establishing the basis for a trustworthy networking stack”  Introduction section page 1 col 2).

Thus, it would have been obvious before the effective filing date of the claimed invention to a person of ordinary skill in the art to readily recognize the advantage of modifying Lootah’s system that provides the user “IP networks fundamentally relay on the Address Resolution Protocol (ARP) for proper operation.  Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks” and “TARP implements security by distributing centrally issued MAC/IP address mapping attestations through existing ARP messages” (Lootah Abstract) with the features of Tian’s system to provide “the Address Resolution Protocol (ARP), which maps an IP address to a device’s Media Access Control (MAC) identifier.  ARP has long been recognized as vulnerable to spoofing and other attacks, and past protocols to secure the protocol have often involved modifying the basic protocol” (Tian Abstract) and “we design the arpsec Attestation (AT) protocol for communication between the local machine (also known as the challenger) and the remote machine (also known as the attester)” (Tian TPM Attestation section page 4 col 2). 

The motivation being “TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols” (Lootah Abstract) and “TARP gains significant performance improvements by amortizing the cost of ticket generation” (Lootah Micro-benchmarks section page 6 col col 2) which includes “arpsec defends from most categories of ARP attacks by tethering address bindings to trusted hardware, establishing the basis for a trustworthy networking stack”  (Tian Introduction section page 1 col 2) and “optimize performance by processing ARP requests from other machines and adding MAC/IP bindings for future use” and “though all bindings in the ARP cache have some Time-To-Live (TTL) control, the timer is usually large and designed for performance rather than security” (Tian ARP Security Issues section page 2 col 1).



Conclusion
31.	The prior art made of record and not relied upon but are considered pertinent to applicant's disclosure comprise the following:  
Tian et al. (“Securing ARP From the Ground Up”, 2015) teach claim 3 in the alternative in Effectiveness and Advantages of arpsec/ndpsec section on page 2140 col 1; and
	Jarredal (US 8966608) teaches claim 6 in the alternative in paragraph (15).

Applicant is reminded that in amending in response to a rejection of claims, the patentable novelty must be clearly shown in view of the state of the art disclosed by the references cited and the objection made.  Applicant must show how the amendments avoid such references and objections.  See 37 CFR 1.111(c).

32.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992 (via email:  Ondrej.Vostal@uspto.gov  “without a written authorization by applicant in place, the USPTO will not respond via internet e-mail to an Internet correspondence” MPEP 502.02 II and https://www.uspto.gov/sites/default/files/documents/sb0439.pdf ).  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-270-4992.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
June 17, 2021