DETAILED ACTION

The instant application having application No 16/833197 filed on 03/27/2020 is presented for examination by the examiner.

Examiner Notice
Claim 1 would be allowable if (i) claim 18 is incorporated into the independent claim 1.
Claim 7 would be allowable if (i) claim 18 is incorporated into the independent claim 7.
Claim 13 would be allowable if (i) claim 18 is incorporated into the independent claim 13.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Heldman et al. (US 20210112059, Apr. 15, 2021) in view of Norton et al. (US 20210250297, Aug. 12, 2021).

Regarding Claim 1, Heldman discloses determining a second network path to egress from the autonomous system (page 10, par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet), 
	the second network path corresponding to an ordering of network devices within the autonomous system(page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path));
	obtaining validation tokens of the network devices (page 13, par (0094), line 1-10, the client application uses the client credentials to request a valid token from the tenant specific authorization endpoint, the client application sends the API authorization request over the Internet to the IP address associated with the authorization service at the tenant specific data center (obtaining the validation tokens));
	generating, using the validation tokens and the ordering of network devices, a validation token nest(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token));
	adding, as an attribute within the second network path, a reference to the validation token nest(page 13,  par (0095), line 1-10, the token ensures the client application credentials can be used for accessing other software services at the tenant specific data center,  the client application builds another API (second network) request with the validated token.); and
	advertising the second network path to the network devices in the autonomous system (page 13, par (0091), line 1-10, the second API are therefore routed to the same IP address for global routing and authentication services, also see par (0064), The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet).
	Heldman discloses all aspects of the claimed invention, except obtaining an advertised network path within an autonomous system, the advertised network path comprising a set of digital signatures corresponding to other autonomous systems corresponding to the advertised network path.
	Norton the same field of invention teaches obtaining an advertised network path within an autonomous system, the advertised network path comprising a set of digital signatures corresponding to other autonomous systems corresponding to the advertised network path (page 7,  par (0070), line 1-20, a better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group, after a data transmission has been conducted via one or more relay nodes along a better performing data routing path selected, by an entity (a digital wallet (digital signature) or an account) associated with the node that requested the data transfer to an entity that provided the better performing data routing path in the distributed autonomous routing protocol that is installed on the nodes and distributed by the distributed routing controller).
Heldman and Norton are analogous art because they are from the same field of 
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the set of digital signatures corresponding to other autonomous systems corresponding to the advertised network path the teaching of Heldman to include the better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group the teaching of Norton because it is providing codes for the formation and autonomous operations of pulse groups in a computer network.

	Regarding Claim 2, Heldman discloses the validation tokens specify
references to Media Access Control Security (MACsec) sessions among the network devices according to the ordering of the network devices(page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

	Regarding Claim 3, Heldman discloses obtaining the validation tokens of the network devices comprises obtaining Border Gateway Protocol Link-State (BGP-LS) information from one or more network devices within the autonomous system; and generating, using the BGP-LS information, the validation tokens of the network devices (page 10, par (0064), line 1-10, the edge routers and  can employ the Border Gateway Pro­tocol (BGP), the BGP is the core routing protocol of the Internet, the edge routers can maintain a table of IP networks, which designate network reachability among autonomous systems on the Internet).

	Regarding Claim 4, Heldman discloses receiving a request to obtain the validation tokens corresponding to the second network path (page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path)); the request specifying an identifier of the validation token nest(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token));
	identifying, based on the identifier, the validation tokens(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token)); 
	and providing the validation tokens to fulfill the request(page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

	Regarding Claim 5, Heldman discloses the second network path is advertised via a Border Gateway Protocol (BGP) update message (page 10, par (0064), line 1-10, the edge routers and can employ the Border Gateway Pro­tocol (BGP), the BGP is the core routing protocol of the Internet, the edge routers can maintain a table of IP networks, which designate network reachability among autonomous systems on the Internet).
	Regarding Claim 6, Heldman discloses all aspects of the claimed invention, except the reference is a digitally signed hash corresponding to the validation token nest.
	Norton the same field of invention teaches the reference is a digitally signed hash corresponding to the validation token nest (page 7,  par (0070), line 1-20, a better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group, after a data transmission has been conducted via one or more relay nodes along a better performing data routing path selected, by an entity (a digital wallet (digital signature)).

	Regarding Claim 7, Heldman discloses determine a second network path to egress from the autonomous system (page 10, par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet);
	obtain a set of validation tokens corresponding to network devices of the
autonomous system(page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path)), the network devices being associated with the second network path(page 13, par (0094), line 1-10, the client application uses the client credentials to request a valid token from the tenant specific authorization endpoint, the client application sends the API authorization request over the Internet to the IP address associated with the authorization service at the tenant specific data center (obtaining the validation tokens));
	generate, using the set of validation tokens based on an ordering of the network devices within the second network path, a validation token nest of the second network path (page 13, par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center (generating the validation token));
	add a reference to the second network path corresponding to the validation token nest(page 13,  par (0095), line 1-10, the token ensures the client application credentials can be used for accessing other software services at the tenant specific data center,  the client application builds another API (second network) request with the validated token.); and
	advertise the second network path to the network devices of the autonomous system (page 13, par (0091), line 1-10, the second API are therefore routed to the same IP address for global routing and authentication services, also see par (0064), The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet).
	Heldman discloses all aspects of the claimed invention, except obtain a message specifying an advertised network path within an autonomous system.
Norton the same field of invention teaches obtain a message specifying an advertised network path within an autonomous system (page 7,  par (0070), line 1-20, a better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group, after a data transmission has been conducted via one or more relay nodes along a better performing data routing path selected, by an entity (a digital wallet (digital signature) or an account) associated with the node that requested the data transfer to an entity that provided the better performing data routing path in the distributed autonomous routing protocol that is installed on the nodes and distributed by the distributed routing controller).
Heldman and Norton are analogous art because they are from the same field of endeavor of access to a service device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the set of digital signatures corresponding to other autonomous systems corresponding to the advertised network path the teaching of Heldman to include the better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group the teaching of Norton because it is providing codes for the formation and autonomous operations of pulse groups in a computer network.
	
	Regarding Claim 8, Heldman discloses the instructions further cause the system to obtain forwarding tables of the network devices, the forwarding tables including attestation information of the network devices (page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant); and
	utilize the attestation information to generate the set of validation tokens (page 13, par (0094), line 1-10, the client application uses the client credentials to request a valid token from the tenant specific authorization endpoint, the client application sends the API authorization request over the Internet to the IP address associated with the authorization service at the tenant specific data center (obtaining the validation tokens)).

	Regarding Claim 9, Heldman discloses the forwarding tables are obtained using BGP-LS, the BGP-LS including one or more Type Length Value (TLV) information elements corresponding to the attestation information (page 10, par (0064), line 1-10, the edge routers and can employ the Border Gateway Pro­tocol (BGP), the BGP is the core routing protocol of the Internet, the edge routers can maintain a table of IP networks, which designate network reachability among autonomous systems on the Internet).

	Regarding Claim 10, Heldman discloses the attestation information specifies references to MACsec sessions among the network devices according to the ordering of the network devices (page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

Claim 11, Heldman discloses instructions further cause the system to obtain a request to obtain the set of validation tokens(page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path)), the request specifying an identifier of the validation token nest(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token));
	identify, based on the identifier of the validation token nest, a storage location of the set of validation tokens (page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token)); and
	provide location information to allow access to the storage location to obtain the validation tokens(page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

	Regarding Claim 12, Heldman discloses the instructions that cause the system to advertise the second network path to the network devices of the autonomous system further cause the system to transmit, to the network devices of the autonomous system, a BGP update message specifying the second network path(page 10, par (0064), line 1-10, the edge routers and  can employ the Border Gateway Pro­tocol (BGP), the BGP is the core routing protocol of the Internet, the edge routers can maintain a table of IP networks, which designate network reachability among autonomous systems on the Internet).

	Regarding Claim 13, Heldman discloses identify a second network path to egress from the autonomous system(page 10,  par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet), the second network path corresponding to an ordering of network devices within the autonomous system(page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path));
	obtain a set of validation tokens of the network devices (page 13, par (0094), line 1-10, the client application uses the client credentials to request a valid token from the tenant specific authorization endpoint, the client application sends the API authorization request over the Internet to the IP address associated with the authorization service at the tenant specific data center (obtaining the validation tokens));
	generate, using the set of validation tokens and based on the ordering of network devices(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token)), a validation token nest corresponding to the second network path(page 13,  par (0095), line 1-10, the token ensures the client application credentials can be used for accessing other software services at the tenant specific data center,  the client application builds another API (second network) request with the validated token.); and
	transmit, to the network devices, the second network path, the second network path specifying an attribute corresponding to the validation token nest (page 13, par (0091), line 1-10, the second API are therefore routed to the same IP address for global routing and authentication services, also see par (0064), The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet).
	Heldman discloses all aspects of the claimed invention, except obtain an advertised network path within an autonomous system.
	Norton the same field of invention teaches obtain an advertised network path within an autonomous system (page 7,  par (0070), line 1-20, a better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group, after a data transmission has been conducted via one or more relay nodes along a better performing data routing path selected, by an entity (a digital wallet (digital signature) or an account) associated with the node that requested the data transfer to an entity that provided the better performing data routing path in the distributed autonomous routing protocol that is installed on the nodes and distributed by the distributed routing controller).
Heldman and Norton are analogous art because they are from the same field of endeavor of access to a service device.


	Regarding Claim 14, Heldman discloses the executable instructions further cause the computer system to obtain, from the network devices, a set of forwarding tables(page 10,  par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet), the set of forwarding tables including attestation information of the network devices (page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant); and
	use the attestation information to generate the set of validation tokens (page 13, par (0094), line 1-10, the client application uses the client credentials to request a valid token from the tenant specific authorization endpoint, the client application sends the API authorization request over the Internet to the IP address associated with the authorization service at the tenant specific data center (obtaining the validation tokens)).

Claim 15, Heldman discloses all aspects of the claimed invention, except the attribute is a digitally signed hash that corresponds to the validation token nest and the second network path.
	Norton the same field of invention teaches the attribute is a digitally signed hash that corresponds to the validation token nest and the second network path (page 7,  par (0070), line 1-20, a better performing data routing path can be determined between nodes  is in communication with the distributed routing controller and the pulse group, after a data transmission has been conducted via one or more relay nodes along a better performing data routing path selected, by an entity (a digital wallet (digital signature) or an account) associated with the node that requested the data transfer to an entity that provided the better performing data routing path in the distributed autonomous routing protocol that is installed on the nodes and distributed by the distributed routing controller).

	Regarding Claim 16, Heldman discloses the set of validation tokens include evidence of a set of MACsec sessions among the network devices in accordance with the ordering (page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

	Regarding Claim 17, Heldman discloses the executable instructions further cause the computer system to obtain a request to obtain the validation tokens (page 13,  par (0091), line 1-10, a second API request  includes a second different tenant identifier for a second different tenant and is located in second path(second network path)), the request specifying an identifier of the validation token nest(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token));
	identify, based on the identifier, a storage location of the validation tokens(page 13,  par (0094), line 1-10, the unique tenant identifier in the domain in the tenant specific endpoint maps to a DNS record that resolves to the IP address of the authorization service at the tenant specific data center(generating the validation token)); and
	obtain the validation tokens from the storage location to provide the validation tokens in response to the request(page 12, par (0081), line 1-10, client application send an API request for an API authentication token maps to an IP address assigned to an API authorization service operating in a specific data center assigned to tenant).

	Regarding Claim 19, Heldman discloses the second network path and the attribute are transmitted in a BGP update message to the network devices (page 10, par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems on the Internet).

	Regarding Claim 20, Heldman discloses network devices utilize an Intermediate System-to-Intermediate System (ISIS) protocol within the
(page 10,  par (0064), line 10-20, the BGP is the core routing protocol of the Internet. The edge routers can maintain a table of IP networks which designate network reachability among autonomous systems).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are:
Henry et al. (US 20210258773, Aug.19, 2021) teaches GPS-Attack Prevention System and Method for fine timing meaurement.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to IQBAL ZAIDI whose telephone number is (571)270-3943.  The examiner can normally be reached on M to Thu 8.a.m to 6.p.m..
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NGO RICKY can be reached on 571-272-3139.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).





Primary Examiner, Art Unit 2464