DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 22 March 2021 have been fully considered but they are not persuasive.
Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
For example, regarding claim 1 applicant merely states “the amended subject matter as a whole is not taught or suggested by any combination of the prior art references of records” on page 8.   


In response to applicant’s arguments regarding the previous rejection of claim 11, the examiner respectfully disagrees.  Firstly, claim 11 has amendments that change the scope of the claim.  Therefore, a new grounds of rejection may be made, if desired.  Applicant refers to the “to which the compact computing device is connected” and “operable to deliver the token to the network device through the Ethernet link” portions of claim 11 as being different than claim 1.  However, claim 1 states “the Ethernet interface being coupled to the host” and “information that is to be transferred to the host includes a token.”   These respectively equate to the cited portions of claim 11.  Therefore, the rejection is valid.

Claim Interpretation
The following is the examiner’s interpretations and suggestions for portions of the claims:
It should be noted that a “compact” computing device and a “compact” shielding case may include numerous sizes of devices.  The term “compact” is a relative term and does not limit the device to be a small thumb drive-type form factor, for example.  Furthermore, the examiner suggests amending the independent claims to clarify that the compact shielding case’s footprint is “only” large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface –or—that the 

It should be further noted that it is not clear as to when the configuration information is transferred from the compact computing device to the host/network device.  The examiner suggests clarifying when the configuration information is transferred from the compact computing device to the host/network device.

It should be noted that it is unclear as to what the “digital signature” entails.  The specification does not provide a definition for the digital signature.  Using the broadest reasonable interpretation, a digital signature may be an identifier, such as a manufacturer identifier or a product identifier as stated in claim 13.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 5, 6, and 9-17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.


Regarding claim 1, line 42—“an Ethernet key” and line 43—“a network switch,” it is unclear as to whether the Ethernet key is referring to the “compact computing device” and whether the “network switch” is referring to the “host.”   In order to further prosecution, the examiner shall equate the Ethernet key to the compact computing device and the network switch to the host.

Regarding claim 5, line 2—“a configuration of the host,” it is not clear as to whether the configuration is the same as or different than the “configuration information” of claim 1.

Regarding claim 9, line 2—“information from the host,” it is not clear as to whether the information is the same as or different than the “information that is received from the host” of claim 1.

Claim 11 recites the limitation "the host" in lines 11 and 25.  There is insufficient antecedent basis for this limitation in the claim.  It is not clear as to whether the host is referring to the “network device” or is separate from the network device.  In order to further prosecution, the examiner shall equate the host to the network device.



Claims 5, 6, 9, 10, and 12-17 are additionally rejected for being dependent on a rejected base claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch et al. (US 2014/0181248 A1) in view of Koningstein et al. (US 2014/0173059 A1) in view of Yi et al. (US 2017/0273084) in view of White (US 8,443,065 B1) and further in view of Jueneman et al. (US 2013/0046993 A1).
a compact computing device, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), comprising: 
an interface, e.g. USB (Para. 57, 129), through which communications are performed with a host, i.e. a Device Services Controller (DSC) (Fig. 1, el. 102, 112; Fig. 7, el. 702), associated with a private network via a link, e.g. the DSC includes an Ethernet connection to the network, wherein the network is protected by a firewall (Fig. 1, el. 104, 106, 114, 116; Para. 129), 
wherein the host is in a factory default configuration, e.g. wherein the DSC may be newly-installed (Para. 124); wherein a system reset may have been performed on the DSC (Para. 128); 
a compact shielding case, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57); 
a discovery agent, which responsive to the interface being coupled to the host discovers the host, e.g. inserting the thumb drive into the drive port and uploading the boot up file into the DSC (Para. 126, 129); 
a memory, e.g. a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), having stored therein information that is to be transferred to the host, e.g. embedding a copy of an executable boot up file on the thumb drive (Para. 125),
wherein the information that is to be transferred to the host includes a token and configuration information that is used to identify the host to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a Device Service Manager (DSM) (Fig. 1, el. 110; Fig. 8, el. 810), and enables the network management appliance or the network management service to cause the host to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator, i.e. an administrator (Fig. 8), of the private network via the network management appliance or the network management service by providing the host with the configuration information, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Para. 128, 130, 148).  
Deutsch does not clearly teach a compact computing device without Universal Serial Bus (USB) port; an Ethernet interface; an Ethernet link; wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being 
Koningstein teaches a compact computing device without Universal Serial Bus (USB) port, i.e. an inclusion key device (Fig. 1, el. 10A, 11A), wherein the inclusion key may be a small device similar to a Flash drive memory device and may not include a USB port (Para. 19), comprising: 
an Ethernet interface through which communications are performed with a host, e.g. an appliance (Fig. 1, el. 10, 11), associated with a private network, i.e. an automation network (Fig. 1, el. 7), via an Ethernet link, i.e. an Ethernet port (Para. 19), e.g. the inclusion key may communicate with the appliance via the Ethernet port (Para. 19),
wherein the host is in a factory default configuration, e.g. wherein the appliance may be a new or uncommissioned appliance (Para. 18, 23); 
a compact shielding case, e.g. wherein the inclusion key may be a small device similar to a Flash drive memory device (Para. 19); 
a memory having stored therein information that is to be transferred to the host and operable to store information that is received from the host, e.g. information may be retrieved from or delivered to the inclusion key (Para. 21); wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Para. 29, 30),
wherein the information that is to be transferred to the host includes a token and configuration information that is used to identify the host to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a network controller (Fig. 1, el. 15), and enables the network management appliance or the network management service to cause the host to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator of the private network via the network management appliance or the network management service by providing the host with the configuration information, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30),
authenticating the host during a security handshake process with the host, e.g. performing an authentication handshake with the appliance (Para. 35).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch to include an Ethernet interface through which communications are performed with a host associated with a private network via an Ethernet link, wherein the host is in a factory default configuration; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host; and authenticating the host during a security handshake process with the host, using the known method of enabling the appliance to be commissioned into the network by the network controller using the inclusion key, wherein the inclusion key may communicate with the appliance via Ethernet, as taught by Koningstein, in combination with the host configuration system of Deutsch, for the purpose of enabling the efficient installation of new appliances (Koningstein-Para. 18).
Deutsch in view of Koningstein does not clearly teach wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host; and the micro-controller to control exchange of the information with the host through the Ethernet link, wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover 
Yi teaches a compact computing device without universal serial bus (USB), i.e. a DFS master device that may be a dongle device (Fig. 13, el. 1304; Para. 40), comprising: 
an Ethernet interface through which communications are performed with a host, i.e. an access point device (Fig. 13, el. 1302), associated with a private network via an Ethernet link, i.e. an Ethernet port (Fig. 13, el. 1306), e.g. plugging the device into the Ethernet port of the access point and initiating and changing configuration settings (Para. 95),
wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE), e.g. enabling the DFS master device to receive power via PoE (Yi-Para. 96);
a compact shielding case, wherein the footprint is large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface, e.g. the dongle may be a small device that is easily transportable and plugs into the access point Ethernet port (Fig. 13, el. 1304; Para. 95); 
an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95); 
a memory, e.g. a memory (Para. 35), having stored therein information that is to be transferred to the host and operable to store information that is received from the host, e.g. the device provides instructions to the access point (Para. 95); and -2-Appl. No. 15/718,957 Amdt. Dated July 10, 2020 Reply to Office Action of April 14, 2020
a micro-controller, e.g. a processor (Para. 35), to control exchange of the information with the host through the Ethernet link, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein to include wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; and the micro-controller to control exchange of the information with the host through the Ethernet link, wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet 
Deutsch in view of Koningstein in view of Yi does not clearly teach wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of receives the LLDP information in order for an Ethernet key and a network switch to communicate via layer 2, wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.
White teaches wherein an Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover a host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of receives the LLDP information in order for an Ethernet key and a network switch to communicate via layer 2, e.g. enabling an existing neighboring device to send required location and addressing information periodically using LLDP (Col. 3, lines 30-65; Col. 8, lines 3-18; Col. 9, lines 30-38); a newly deployed network device receives the information and the information allows the device to connect to the network manager (Col. 3, lines 30-65); the network manager may have its operators send the provisioning information to the network device (Col. 3, lines 52-65); a constrained LLDP multicast address (Col. 9, lines 13-21, 39-58).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi to include wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of receives the LLDP information in order for an Ethernet key and a network switch to communicate via layer 2, using the known method of enabling an existing neighboring device to send required location and addressing information periodically to a newly deployed network device using LLDP, wherein the LLDP uses a constrained LLDP multicast address, as taught by White, in combination with the host configuration system of Deutsch in view of Koningstein in view of Yi, for the purpose of utilizing a well-known Ethernet discovery protocol to discover and provision new devices while reducing the time required and errors produced (White-Col. 1, lines 13-29).
Deutsch in view of Koningstein in view of Yi in view of White does not explicitly teach wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.
wherein a micro-controller, i.e. a processor/controller device (Fig. 6, el. 611), further authenticates a host, i.e. a Host Computing Device (Fig. 2, el. 201), during a security handshake process with the host based on a digital signature of the host received from the host via a link, e.g. (Jueneman-Para. [0094] “A significant advantage of the system according to the present invention comprising a SPED and a HCD is that the system comprises a set of sequential procedures for system installation and initialization of hardware and software subsystems to configure and integrate physical and logical levels of access authorization for portable memory storage apparatus {i.e. authentication handshake process}.  The present invention accomplishes this by means of a K out of N split-knowledge technique {i.e. security handshake process} that combines a mandatory minimum set of: 1) Host Authorization Code (HAC) information that can be specific to a HCD and enables a unique transformed external secret for each HCD, 2) the user's PIN, 3) an optional security officer's PIN, 4) SPED-specific internal identification information, and 5) other unique identifier information that may be optionally required by an organization's security policies and procedures.”);
sending the HAC from the HCD to the SPED and utilizing the HAC to authenticate the HCD to the SPED (Jueneman-Para. 106, 107, 111).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White to include wherein the micro-controller further authenticates the host during a security handshake process with 

Regarding claim 5, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches wherein the information stored in the memory includes a configuration of the host, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Deutsch-Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Deutsch-Para. 126); wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Koningstein-Para. 29, 30).

Regarding claim 9, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches wherein the micro-controller further receives information from the host through the Ethernet link and stores the information in the memory, e.g. information may be retrieved from or delivered to the inclusion key by the appliance via Ethernet (Koningstein-Para. 21).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman and further in view of Rukmangathan et al. (US 2014/0298007).
Regarding claim 6, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches all elements of claims 1 and 5.
Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman does not clearly teach wherein the configuration of the host is encrypted.
Rukmangathan teaches wherein a configuration of a host is encrypted, e.g. copying an encrypted configuration file from a server to a portable storage medium and then copying the encrypted configuration file from the portable storage medium to a network switch (Para. 26).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman to include wherein the configuration of the host is encrypted, using the known method of copying an encrypted configuration file from a server to a portable storage medium and then copying the encrypted configuration file from the portable storage medium to a network switch, as taught by Rukmangathan, in . 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman and further in view of Pi et al. (US 2007/0171201).
Regarding Claim 10, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches all elements of claim1.
Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman does not clearly teach further comprising a state indicator providing information indicative of a running state of the compact computing device.
Pi teaches a state indicator providing information indicative of a running state of a compact computing device, e.g. including a status indicator on an external fob or dongle (Fig. 5, el. 501, 405; Para. 62, 63).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman to include a state indicator providing information indicative of a running state of the compact computing device, using the known method of including a status indicator on an external fob or dongle, as taught by Pi, in combination with the host configuration system of Deutsch in view of Koningstein . 

Claims 11 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi.
Regarding claim 11, Deutsch teaches a compact computing device, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), comprising: 
an interface, e.g. USB (Para. 57, 129), through which communications are performed with a network device, i.e. a Device Services Controller (DSC) (Fig. 1, el. 102, 112; Fig. 7, el. 702), associated with a private network via a link, e.g. the DSC includes an Ethernet connection to the network, wherein the network is protected by a firewall (Fig. 1, el. 104, 106, 114, 116; Para. 129), 
wherein the network device is in a factory default configuration, e.g. wherein the DSC may be newly-installed (Para. 124); wherein a system reset may have been performed on the DSC (Para. 128); 
a compact shielding case, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57); 
a discovery agent, which responsive to the interface being coupled to the host discovers the network device to which the compact computing device is connected, e.g. inserting the thumb drive into the drive port and uploading the boot up file into the DSC (Para. 126, 129); 
a flash memory, e.g. a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), having stored therein information that is to be transferred to the network device, e.g. embedding a copy of an executable boot up file on the thumb drive (Para. 125),
wherein the information includes a token and configuration information that is used to identify the network device to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a Device Service Manager (DSM) (Fig. 1, el. 110; Fig. 8, el. 810), and enables the network management appliance or the network management service to cause the network device to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator, i.e. an administrator (Fig. 8), of the private network via the network management appliance or the network management service by providing the network device with the configuration information, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Para. 128, 130, 148); and
delivering the token to the network device through the link, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125).
Deutsch does not clearly teach an Ethernet interface; an Ethernet link; the compact shielding case having a side wall accommodating the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the network device to which the compact computing device is connected; and a micro-controller operable to deliver the token to the network device through the Ethernet link.  
Koningstein teaches a compact computing device, i.e. an inclusion key device (Fig. 1, el. 10A, 11A), wherein the inclusion key may be a small device similar to a Flash drive memory device and may not include a USB port (Para. 19), comprising: 
an Ethernet interface through which communications are performed with a network device, e.g. an appliance (Fig. 1, el. 10, 11), associated with a private network, i.e. an automation network (Fig. 1, el. 7), via an Ethernet link, i.e. an Ethernet port (Para. 19), e.g. the inclusion key may communicate with the appliance via the Ethernet port (Para. 19),
wherein the network device is in a factory default configuration, e.g. wherein the appliance may be a new or uncommissioned appliance (Para. 18, 23); 
a compact shielding case having a side wall accommodating the Ethernet interface, e.g. wherein the inclusion key may be a small device similar to a Flash drive memory device (Para. 19); 
a flash memory having stored therein information that is to be transferred to the network device, e.g. information may be retrieved from or delivered to the inclusion key (Para. 21); wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Para. 29, 30),
wherein the information includes a token and configuration information that is used to identify the network device to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a network controller (Fig. 1, el. 15), and enables the network management appliance or the network management service to cause the network device to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator of the private network via the network management appliance or the network management service by providing the network device with the configuration information, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30),
delivering the token to the network device through the Ethernet link, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch to include an Ethernet interface through which communications are performed with a network device associated with a private network via an Ethernet link, wherein the network device is in a factory default configuration; a compact shielding case having a side wall accommodating the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the network device to which the compact computing device is connected, using the known method of enabling the appliance to be commissioned into the network by the network controller using the inclusion key, 
Deutsch in view of Koningstein does not clearly teach a micro-controller operable to deliver the token to the network device through the Ethernet link.
Yi teaches a compact computing device, i.e. a DFS master device that may be a dongle device (Fig. 13, el. 1304; Para. 40), comprising: 
an Ethernet interface through which communications are performed with a network device, i.e. an access point device (Fig. 13, el. 1302), associated with a private network via an Ethernet link, i.e. an Ethernet port (Fig. 13, el. 1306), e.g. plugging the device into the Ethernet port of the access point and initiating and changing configuration settings (Para. 95);
a compact shielding case having a side wall accommodating the Ethernet interface, e.g. the dongle may be a small device that is easily transportable and plugs into the access point Ethernet port (Fig. 13, el. 1304; Para. 95); 
an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the network device to which the compact computing device is connected, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95); 
a memory, e.g. a memory (Para. 35), having stored therein information that is to be transferred to the network device, e.g. the device provides instructions to the access point (Para. 95); and -2-Appl. No. 15/718,957 Amdt. Dated July 10, 2020 Reply to Office Action of April 14, 2020
a micro-controller, e.g. a processor (Para. 35), operable to deliver the token to the network device through the Ethernet link, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein to include a micro-controller operable to deliver the token to the network device through the Ethernet link, using the known method of initiating and changing configuration settings on the access point upon plugging the Ethernet dongle into the access point, as taught by Yi, in combination with the host configuration system of Deutsch in view of Koningstein, for the purpose of providing a plug-and-play functionality that enables the device configure settings on the access point while the device is also easily transportable and moved and is unobtrusively installed (Yi-Para. 95).

Regarding claim 14, Deutsch in view of Koningstein in view of Yi teaches wherein, when executed by the network device, the configuration information causes a factory default configuration of the network device to be replaced with an initial configuration for use in connection with the private network, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Deutsch-Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Deutsch-Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Deutsch-Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Deutsch-Para. 128, 130, 148); enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Koningstein-Para. 29, 30).

Regarding claim 15, Deutsch in view of Koningstein in view of Yi teaches wherein the network device comprises a network switch, e.g. a router (Koningstein-Para. 18); a switch that facilitates the network (Yi-Para. 88).

Regarding claim 16, Deutsch in view of Koningstein in view of Yi teaches wherein the network device comprises a network security device, e.g. a DSC that includes a security manager (Deutsch-Fig. 7); a router (Koningstein-Para. 18); an access point that includes a security module (Yi-Para. 220); a switch that facilitates the network (Yi-Para. 88).

Regarding claim 17, Deutsch in view of Koningstein in view of Yi teaches wherein the network security device comprises a unified threat management (UTM) device, e.g. a DSC that includes a security manager (Deutsch-Fig. 7); a router (Koningstein-Para. 18); an access point that includes a security module (Yi-Para. 220); a switch that facilitates the network (Yi-Para. 88).

Claims 12, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi and further in view of Jueneman et al. (US 2013/0046993).
Regarding claim 12, Deutsch in view of Koningstein in view of Yi teaches all elements of claim 11.
Deutsch in view of Koningstein in view of Yi further teaches wherein the micro-controller further authenticates the network device during a security handshake process with the network device, e.g. performing an authentication handshake with the appliance (Koningstein-Para. 35).
Deutsch in view of Koningstein in view of Yi does not explicitly teach wherein the micro-controller further authenticates the network device during a security handshake process with the network device based on a digital signature of the host received from the network device via the Ethernet link.
wherein a micro-controller, i.e. a processor/controller device (Fig. 6, el. 611), further authenticates a network device, i.e. a Host Computing Device (Fig. 2, el. 201), during a security handshake process with the network device based on a digital signature of the network device received from the host via a link, e.g. (Jueneman-Para. [0094] “A significant advantage of the system according to the present invention comprising a SPED and a HCD is that the system comprises a set of sequential procedures for system installation and initialization of hardware and software subsystems to configure and integrate physical and logical levels of access authorization for portable memory storage apparatus {i.e. authentication handshake process}.  The present invention accomplishes this by means of a K out of N split-knowledge technique {i.e. security handshake process} that combines a mandatory minimum set of: 1) Host Authorization Code (HAC) information that can be specific to a HCD and enables a unique transformed external secret for each HCD, 2) the user's PIN, 3) an optional security officer's PIN, 4) SPED-specific internal identification information, and 5) other unique identifier information that may be optionally required by an organization's security policies and procedures.”);
sending the HAC from the HCD to the SPED and utilizing the HAC to authenticate the HCD to the SPED (Jueneman-Para. 106, 107, 111).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi to include wherein the micro-controller further 

Regarding claim 13, Deutsch in view of Koningstein in view of Yi in view of Jueneman teaches wherein the digital signature includes one or more of a manufacturer identifier and a product identifier, e.g. the HAC includes a code that identifies the HCD, wherein the code uses a unique property of the HCD, such as an internal serial number of the bios chip, processor chip, or other secure readable or calculable method of identification installed by the manufacturer for unique HCD identification and licensing (Jueneman-Para. 87, 101, 105); the DSC unique ID, DSC IP address, or DSC MAC address (Deutsch-Para. 127); a model name (Koningstein-Para. 21).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Perkinson (US 8,402,120 B1)—Perkinson discloses utilizing the LLDP protocol and an LLDP multicast address (Figs. 1, 3A; Col. 9, lines 11-30).

Kinoshita (US 2017/0302621 A1)—Kinoshita discloses utilizing the LLDP protocol and an LLDP multicast address (Fig. 3A; Para. 63, 163).

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643.  The examiner can normally be reached on Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





02 August 2021
/Jeremy S Duffield/           Primary Examiner, Art Unit 2498