DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is in response to Application filed on March 03, 2020 in which claims 1-20 are presented for examination.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-11, 13-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dec et al. US Patent No. 8,400,943 in view of Faynberg et al. US Publication No. 2018/0213003.


Regarding claim 1, Dec et al. disclose “a method comprising: receiving, at a dynamic host configuration server (Figure 1, Components 26, 30), a first request from a network device (Figure 5, Component 200) for configuration data, the configuration data including at least an IP address” by providing a system that includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host configuration protocol version 6 (DHCPv6) through an established network connection based on the network connection request (See Dec et al. Abstract); and “assigning, by the dynamic host configuration server, the configuration data to the network device” (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request) upon verifying the network device” (Col. 3, lines 38-43 describing  IP edge service node 24 may perform a DHCPv4 relay exchange through a connection 28 in which a DHCPv4 server 26 verifies credentials included in a request to ensure the CPE device 14 is authorized to be connected to the network 12). It is noted however, Dec et al. did not specifically detail the aspects of “sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network by providing a remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network (See Faynberg et al. Abstract; Paragraph 0006). In particular Faynberg et al. disclose “sending, by the dynamic host configuration server, a second request to the network device for attestation information” (Figure 1, Paragraphs 0021-0031 describing methodology for sending request for attestation information); “verifying, by the dynamic host configuration server, the network device based on the attestation information” (Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user and ensuring that the user has proper authorization for each action requested by the respective API). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the attestation methodology of Faynberg et al. into the method for assigning IP addresses disclose by Dec et al. because that would have enhanced the versatility of Dec et al. by allowing it to insert identifiers into an Internet 

As per claim 2, Dec et al. disclose “wherein dynamic host configuration server and the network device are IPv6 devices operating based on Dynamic Host Configuration Parameter v6 (DHCPv6) protocol” (Figure 1, Component 30 showing a DHCPv6 Server; Col. 3, lines 47-54 describing network 12 may also be configured to allow the CPE device 14 to request and receive an Internet protocol version 6 (IPv6) address via DHCP version 6 (DHCPv6). The system 10 may include a DHCPv6 server 30 to supply the IPv6 address across the devices configured to support IPv4. The DHCPv6 server 30 may be connected to the IP edge service node 24 through a connection 32 and may be connected to the network 12 through connection 34 as shown in FIG. 1).

As per claim 3, Dec et al. disclose “wherein dynamic host configuration server and the network device are IPv4 devices operating based on Dynamic Host Configuration Parameter v4 (DHCPv4) protocol” (Figure 1, Component 26 showing a DHCPv4 Server; Col. 3, lines 23-30 describing access node 16 and the aggregate node 20 may be physically configured to support Internet protocol version 4 (IPv4) as indicated by an arrow 15. A CPE device 14 may request an IPv4 address and an Internet protocol version 6 (IPv6) address separately through the system 10. The CPE device 14 may transmit a request for an IPv4 address according to dynamic host configuration protocol version 4 (DHCPv4). An IPv4 address request may traverse through the access node 16 and any aggregate nodes 20 prior to reaching the IP edge service node 24). 

As per claim 4, Faynberg et al. disclose “wherein verifying the network device comprises: sending the attestation information to a verifying component to verify the network device” Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user; and “receiving a result of verification of the network device from the verifying component” Paragraph 0027 describing ensuring that the user has proper authorization for each action requested by the respective API.

As per claim 6, Faynberg et al. disclose “wherein a verifiable timestamp validates freshness of the attestation information provided by the network device” (Paragraphs 0020, 0025, 0029, 0031).

As per claim 7, Dec et al. disclose “wherein the first request includes a Manufacturer Usage Description (MUD) fetch Uniform Resource Request (URL), and assigning the configuration data includes provisioning an Internet of Things (IoT)-device for operation on a network” as part of receiving and assigning IP addresses since a URL would include an IP address and any IOT-device when connected to a network would include an IP address (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request).

Regarding claim 8, Dec et al. disclose “a device comprising: memory having computer-readable instructions stored therein; and one or more processors configured to execute the computer-readable instructions” (Figures 1-5 and corresponding text) to: receive a first request from a client device (Figure 5, Component 200) for configuration data, the configuration data including at least an IP address (Figure 1, Components 26, 30, by providing a system that includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host configuration protocol version 6 (DHCPv6) through an established network connection based on the network connection request (See Dec et al. Abstract); and “assign the configuration data to the client network device” (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request) upon verifying the client network device” (Col. 3, lines 38-43 describing  IP edge service node 24 may perform a DHCPv4 relay exchange through a connection 28 in which a DHCPv4 server 26 verifies credentials included in a request to ensure the CPE device 14 is authorized to be connected to the network 12). It is noted however, Dec et al. did not specifically detail the aspects of “send a second request to the client network device for attestation information; verify the client network device based on the attestation information” as recited in the instant claim 8. On the other hand, Faynberg et al. achieved the aforementioned claimed features by providing a remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network (See Faynberg et al. Abstract; Paragraph 0006). In particular Faynberg et al. disclose “send a second request to the client network device for attestation information” (Figure 1, Paragraphs 0021-0031 describing methodology for sending request for attestation information); “verify the client network device based on the attestation information” (Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user and ensuring that the user has proper authorization for each action requested by the respective API). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the attestation methodology of Faynberg et al. into the method for assigning IP addresses disclose by Dec et al. because that 

As per claim 9, Dec et al. disclose “wherein the device and the client network device are IPv6 devices operating based on Dynamic Host Configuration Parameter v6 (DHCPv6) protocol” (Figure 1, Component 30 showing a DHCPv6 Server; Col. 3, lines 47-54 describing network 12 may also be configured to allow the CPE device 14 to request and receive an Internet protocol version 6 (IPv6) address via DHCP version 6 (DHCPv6). The system 10 may include a DHCPv6 server 30 to supply the IPv6 address across the devices configured to support IPv4. The DHCPv6 server 30 may be connected to the IP edge service node 24 through a connection 32 and may be connected to the network 12 through connection 34 as shown in FIG. 1).

As per claim 10, Dec et al. disclose “wherein the device and the client network device are IPv4 devices operating based on Dynamic Host Configuration Parameter v4 (DHCPv4) protocol” (Figure 1, Component 26 showing a DHCPv4 Server; Col. 3, lines 23-30 describing access node 16 and the aggregate node 20 may be physically configured to support Internet protocol version 4 (IPv4) as indicated by an arrow 15. A CPE device 14 may request an IPv4 address and an Internet protocol version 6 (IPv6) address separately through the system 10. The CPE device 14 may transmit a request for an IPv4 address according to dynamic host configuration protocol version 4 (DHCPv4). An IPv4 address request may traverse through the access node 16 and any aggregate nodes 20 prior to reaching the IP edge service node 24). 

As per claim 11, Faynberg et al. disclose “wherein the one or more processors are configured to execute the computer-readable instructions to verify the client network device by: sending the attestation information to a verifying component to verify the client network device” Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user; and “receiving a result of verification of the client network device from the verifying component” Paragraph 0027 describing ensuring that the user has proper authorization for each action requested by the respective API.

As per claim 13, Faynberg et al. disclose “wherein a verifiable timestamp validates freshness of the attestation information provided by the network device” (Paragraphs 0020, 0025, 0029, 0031).

As per claim 14, Dec et al. disclose “wherein the first request includes a Manufacturer Usage Description (MUD) fetch Uniform Resource Request (URL), and the dynamic host configuration parameter sends the MUD fetch URL to a controller for on-boarding (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request).

Regarding claim 15, Dec et al. disclose “one or more non-transitory computer-readable media comprising computer-readable instructions, which when executed by one or more processors of a network device, cause the network device” (Figures 1-5 and corresponding text) to: “receive a first request from a client device (Figure 5, Component 200) for configuration data, the configuration data including at least an IP address” by providing a system that includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host configuration protocol version 6 (DHCPv6) through an established network connection based on the network connection request (See Dec et al. Abstract); and “assign the configuration data to the client network device” (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request) upon verifying the client network device” (Col. 3, lines 38-43 describing  IP edge service node 24 may perform a DHCPv4 relay exchange through a connection 28 in which a DHCPv4 server 26 verifies credentials included in a request to ensure the CPE device 14 is authorized to be connected to the network 12). It is noted however, Dec et al. did not specifically detail the aspects of “send a second request to the client network device for attestation information; verify the client network device based on the attestation information” as recited in the instant claim 15. On the other hand, Faynberg et al. achieved the aforementioned claimed features by providing a remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network (See Faynberg et al. Abstract; Paragraph 0006). In particular Faynberg et al. disclose “send a second request to the client network device for attestation information” (Figure 1, Paragraphs 0021-0031 describing methodology for sending request for attestation information); “verify the client network device based on the attestation information” (Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user and ensuring that the user has proper authorization for each action requested by the respective API). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the attestation methodology of Faynberg et al. into the method for assigning IP addresses disclose by Dec et al. because that would have enhanced the versatility of Dec et al. by allowing it to insert identifiers into an Internet protocol version 6 (IPv6) address request according to dynamic host configuration protocol version 6 (DHCPv6) transmitted via a network connection established through the network connection request. Thus, permitting it to efficiently allow a network connection to occur while obtaining an Internet protocol version 6 (IPv6) address. 

As per claim 16, Dec et al. disclose “wherein the device and the client network device are IPv6 devices operating based on Dynamic Host Configuration Parameter v6 (DHCPVv6) protocol” (Figure 1, Component 30 showing a DHCPv6 Server; Col. 3, lines 47-54 describing network 12 may also be configured to allow the CPE device 14 to request and receive an Internet protocol version 6 (IPv6) address via DHCP version 6 (DHCPv6). The system 10 may include a DHCPv6 server 30 to supply the IPv6 address across the devices configured to support IPv4. The DHCPv6 server 30 may be connected to the IP edge service node 24 through a connection 32 and may be connected to the network 12 through connection 34 as shown in FIG. 1).

Figure 1, Component 26 showing a DHCPv4 Server; Col. 3, lines 23-30 describing access node 16 and the aggregate node 20 may be physically configured to support Internet protocol version 4 (IPv4) as indicated by an arrow 15. A CPE device 14 may request an IPv4 address and an Internet protocol version 6 (IPv6) address separately through the system 10. The CPE device 14 may transmit a request for an IPv4 address according to dynamic host configuration protocol version 4 (DHCPv4). An IPv4 address request may traverse through the access node 16 and any aggregate nodes 20 prior to reaching the IP edge service node 24). 

As per claim 18, Faynberg et al. disclose “wherein the execution of the computer-readable instructions by the one or more processors further cause the network device to verify the client network device by: sending the attestation information to a verifying component to verify the client network device” Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user; and “receiving a result of verification of the client network device from the verifying component” Paragraph 0027 describing ensuring that the user has proper authorization for each action requested by the respective API.

As per claim 20, Dec et al. disclose “wherein the first network device is an Internet of Things (IoT) device; the first request includes a Manufacturer Usage Description (MUD) (Col. 2, lines 3-5, 15-17, 40-42 describing a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request). It is noted however Dec et al. did not specifically detail the aspects of “the dynamic host configuration parameter sends the MUD fetch URL to a controller for on-boarding the IoT device after verifying the loT device based on the attestation information” as recited in the instant claim 20. On the other hand, Faynberg et al. achieved the aforementioned claimed features by providing a remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network (See Faynberg et al. Abstract; Paragraph 0006). In particular Faynberg et al. disclose “sends the MUD fetch URL to a controller for on-boarding the IoT device” (Figure 1, Paragraphs 0021-0031 describing methodology for sending request for attestation information); “verifying the loT device based on the attestation information” (Paragraph 0027 describing EUS 124 is configured to be responsible for both authenticating the user and ensuring that the user has proper authorization for each action requested by the respective API). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the attestation methodology of Faynberg et al. into the method for assigning IP addresses disclose by Dec et al. because that would have enhanced the versatility of Dec et al. by allowing it to insert identifiers into an Internet protocol version 6 (IPv6) address request according to dynamic host configuration protocol version 6 (DHCPv6) transmitted via a network connection established through the network connection request. Thus, permitting it to efficiently allow a network connection to occur while obtaining an Internet protocol version 6 (IPv6) address. 

Claims 5, 12, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dec et al. US Patent No. 8,400,943 in view of Faynberg et al. US Publication No. 2018/0213003 as applied to claim 1 above, and further in view of Jacquin et al. US Publication No. 2017/0230245.

As per claim 5, most of the limitation of this claim have been noted in the rejection of claim 1. Applicant’s attention is directed to the rejection of claim 1 above. Neither Dec et al. nor Faynberg et al. disclose the claimed limitations of “wherein verifying the network device comprises: receiving a stapled version of the attestation information from the network device, the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying Figure 2, Components 216, 218) of the attestation information (Figure 2, Component 212)  from the network device (Figure 2, Component 220), the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying the stapled version using the digital key to yield a verification result of the network device (Paragraphs 0040-0041, 0051 describing  a trusted component included in each network element of the back-end network 250 may generate digitally signed response data 216 that includes data representing network configuration rules, software measurements, and a digital signature. A trusted component may obtain a key uniquely identifying the corresponding network element and use that key to digitally sign the response data 216. For example, if network configuration rules and software measurements included strings of letters and numbers, the trusted component may hash the strings using a hash function, encrypt the hash using the unique key, and attach the encrypted hash--the digital signature--to the network configuration rules and software measurements, creating digitally signed response data). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have further modified Dec et al. by incorporating the verifying network element methodology of Jacquin et al. because that would have permitted Jacquin et al. to verifying network elements while managing the individual network elements.

As per claim 12, most of the limitation of this claim have been noted in the rejection of claim 8. Applicant’s attention is directed to the rejection of claim 8 above. Neither Dec et al. nor Faynberg et al. disclose the claimed limitations of “receiving a stapled version of the attestation information from the network device, the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying the stapled version using the digital key to yield a verification result of the network device. However, Jacquin et al. provide a method for verifying network elements including receiving a stapled version (Figure 2, Components 216, 218) of the attestation information (Figure 2, Component 212)  from the network device (Figure 2, Component 220), the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying the stapled version using the digital key to yield a verification result of the network device (Paragraphs 0040-0041, 0051 describing  a trusted component included in each network element of the back-end network 250 may generate digitally signed response data 216 that includes data representing network configuration rules, software measurements, and a digital signature. A trusted component may obtain a key uniquely identifying the corresponding network element and use that key to digitally sign the response data 216. For example, if network configuration rules and software measurements included strings of letters and numbers, the trusted component may hash the strings using a hash function, encrypt the hash using the unique key, and attach the encrypted hash--the digital signature--to the network configuration rules and software measurements, creating digitally signed response data). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have further modified Dec et al. by incorporating the verifying network element methodology of Jacquin et al. because that would have permitted Jacquin et al. to verifying network elements while managing the individual network elements.

As per claim 19, most of the limitation of this claim have been noted in the rejection of claim 15. Applicant’s attention is directed to the rejection of claim 15 above. Neither Dec et al. nor Faynberg et al. disclose the claimed limitations of “receiving a stapled version of the attestation information from the client network device, the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying the stapled version using the digital key to yield a verification result of the client network device. However, Jacquin et al. provide a method for verifying network elements including receiving a stapled version (Figure 2, Components 216, 218) of the attestation information (Figure 2, Component 212)  from the client network device (Figure 2, Component 220), the stapled version of the attestation information being generated by a verifying component by signing the attestation information using a digital key known to both the verifying component and the dynamic host configuration server; and verifying the stapled version using the digital key to yield a verification result of the client network device (Paragraphs 0040-0041, 0051 describing  a trusted component included in each network element of the back-end network 250 may generate digitally signed response data 216 that includes data representing network configuration rules, software measurements, and a digital signature. A trusted component may obtain a key uniquely identifying the corresponding network element and use that key to digitally sign the response data 216. For example, if network configuration rules and software measurements included strings of letters and numbers, the trusted component may hash the strings using a hash function, encrypt the hash using the unique key, and attach the encrypted hash--the digital signature--to the network configuration rules and software measurements, creating digitally signed response data). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have further modified Dec et al. by incorporating the verifying network element methodology of Jacquin et al. because that would have permitted Jacquin et al. to verifying network elements while managing the individual network elements.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANTZ COBY whose telephone number is (571)272-4017.  The examiner can normally be reached on Monday-Thursday 7AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571 270-3037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FRANTZ COBY/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        
August 16, 2021