DETAILED ACTION

1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1, 3-12, 14, 15, and 17-23 are presented for allowance. 

3.	Claims 2, 13 and 16 have been canceled, claims 1, 7, 15, 17, 18 and 20 have been amended, and new claims 21-23 have been added.

4.	This allowance of application 16/712584 is in response to Applicant’s claim amendments and remarks filed on September 23, 2021.

Examiner’s Amendment
5.	An examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

6.	Authorization for this examiner’s amendment was given by Ryan Davis via email to USPTO on October 26, 2021.

7.	The claims have been amended as follows:

1.	(Previously Presented) A method comprising:
receiving, at an Address Resolution Protocol (ARP) responder, an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment, 
wherein the ARP request includes requestor attestation information of the ARP requestor;
verifying trustworthiness of the ARP requestor using the requestor attestation information of the ARP requestor included in the ARP request;
performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy;
building, by the ARP responder, an ARP response including attestation information of the ARP responder;
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information of the ARP responder for verifying the ARP responder using the ARP response and the attestation information of the ARP responder
extracting a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response; and
adding an ARP entry including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store if the ARP responder is verified using the attestation information of the ARP responder in the ARP response.

2.	(Canceled)

3.	(Currently Amended) The method of claim 1, further comprising performing ARP attack mitigation in the network environment if the ARP responder is not verified using the attestation information of the ARP responder in the ARP response.

4.	(Currently Amended) The method of claim 3, wherein the ARP attack mitigation includes refraining from adding an entry including a mapping of a MAC address of the ARP responder with  the IP address of the ARP responder in  the ARP mapping data store.

5.	(Currently Amended) The method of claim 3, wherein the ARP attack mitigation includes sending an alert indicating that the ARP responder failed verification using the attestation information of the ARP responder.

6.	(Currently Amended) The method of claim 3, wherein the ARP attack mitigation includes creating a log entry indicating the ARP responder failed verification using the attestation information of the ARP responder and  the mapping of  the MAC address of the ARP responder with  the IP address of the ARP responder.

7.	(Currently Amended) The method of claim 1, further comprising maintaining  the ARP mapping data store of a plurality of ARP entries including mappings of MAC addresses of ARP responders and IP addresses of the ARP responders, wherein each entry of the plurality of ARP entries are associated with varying timeout lengths based on whether corresponding ARP responders of the ARP entries are verified or not verified according to corresponding attestation information of the ARP responder included in ARP responses received from the ARP responders.

8.	(Currently Amended) The method of claim 7, further comprising:
identifying a specific timeout length of an ARP entry for the ARP responder based on whether the ARP responder is verified or not verified according to the attestation information of the ARP responder included in the ARP response; and
maintaining the ARP entry for the ARP responder in the ARP mapping data store for the specific timeout length.

9.	(Original) The method of claim 1, further comprising sending the attestation information of the ARP responder from the ARP requestor to a verifier, wherein the verifier is configured to remotely verify the ARP responder using the attestation information of the ARP responder received from the ARP requestor.

10.	(Currently Amended) The method of claim 1, further comprising:
stapling, by the ARP responder, the attestation information of the ARP responder included in the ARP response with a verifier signed key, 
wherein the verifier signed key is generated based on a verifier validating the attestation information of the ARP responder; and
sending the ARP response including the attestation information of the ARP responder with the verifier signed key from the ARP responder to the ARP requestor, 
wherein the ARP requestor is configured to locally verify the ARP responder using the attestation information of the ARP responder and the verifier signed key received from the ARP responder.

11.	(Currently Amended) The method of claim 10, wherein the verifier validates the attestation information of the ARP responder to generate the verifier signed key before the ARP request is received at the ARP responder from the ARP requestor.

12.	(Original) The method of claim 10, wherein the verifier signed key is associated with a validity time frame, and the ARP responder is configured to verify the ARP responder using the verifier signed key if the validity time frame is active.

13.	(Canceled)

14.	(Currently Amended) The method of claim 1, wherein the ARP responder is configured to disregard the ARP request if the ARP requestor is verified as the untrustworthy as part of performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as the trustworthy or the untrustworthy.

15.	(Currently Amended) A system comprising:
one or more processors; and
at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
receiving, at an Address Resolution Protocol (ARP) responder, an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment, 
wherein the ARP request includes requestor attestation information of the ARP requestor;
verifying trustworthiness of the ARP requestor using the requestor attestation information of the ARP requestor included in the ARP request;
performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy;
building, by the ARP responder, an ARP response including attestation information of the ARP responder;
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information of the ARP responder for verifying the ARP responder using the ARP response and the attestation information of the ARP responder;
extracting a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response;
adding an ARP entry including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store if the ARP responder is verified using the attestation information of the ARP responder in the ARP response; and
performing ARP attack mitigation in the network environment if the ARP responder is not verified using the attestation information of the ARP responder in the ARP response.

16.	(Canceled)

17.	(Previously Presented) The system of claim 15, 
wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform the operations further comprising sending the attestation information of the ARP responder from the ARP requestor to a verifier, 
wherein the verifier is configured to remotely verify the ARP responder using the attestation information of the ARP responder received from the ARP requestor.

18.	(Currently Amended) The system of claim 15, wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform the operations further comprising:
stapling, by the ARP responder, the attestation information of the ARP responder included in the ARP response with a verifier signed key, 
wherein the verifier signed key is generated based on a verifier validating the attestation information of the ARP responder; and
sending the ARP response including the attestation information of the ARP responder with the verifier signed key from the ARP responder to the ARP requestor, 
wherein the ARP requestor is configured to locally verify the ARP responder using the attestation information of the ARP responder and the verifier signed key received from the ARP responder.

19.	(Currently Amended) The system of claim 18, wherein the verifier validates the attestation information of the ARP responder to generate the verifier signed key before the ARP request is received at the ARP responder from the ARP requestor.

20.	(Previously Presented) A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations comprising:
receiving, at an Address Resolution Protocol (ARP) responder, an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment, 
wherein the ARP request includes requestor attestation information of the ARP requestor;
verifying trustworthiness of the ARP requestor using the requestor attestation information of the ARP requestor included in the ARP request;
performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy;
building, by the ARP responder, an ARP response including attestation information of the ARP responder;
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information of the ARP responder for verifying the ARP responder using the ARP response and the attestation information of the ARP responder;
extracting a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response; and
adding an ARP entry including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store if the ARP responder is verified using the attestation information of the ARP responder in the ARP response. 

21.	(Previously Presented) The system of claim 18, wherein the verifier signed key is associated with a validity time frame, and the ARP responder is configured to verify the ARP responder using the verifier signed key if the validity time frame is active.

22.	(Currently Amended) The system of claim 15, wherein the ARP responder is configured to disregard the ARP request if the ARP requestor is verified as the untrustworthy as part of performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as the trustworthy or the untrustworthy.

23.	(Currently Amended) The system of claim 15, 
wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform the operations further comprising maintaining  the ARP mapping data store of a plurality of ARP entries including mappings of MAC addresses of ARP responders and IP addresses of the ARP responders,
wherein each entry of the plurality of ARP entries are associated with varying timeout lengths based on whether corresponding ARP responders of the ARP entries are verified or not verified according to corresponding attestation information of the ARP responder included in ARP responses received from the ARP responders.

Reason for Allowance

8.	Claims 1 and 20 of the present invention are directed towards an Address Resolution Protocol (ARP) responder receiving an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment.  Independent claims 1 and 20 each identify the following uniquely distinct combination of features:
receiving, at an Address Resolution Protocol (ARP) responder, an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment 
wherein the ARP request includes requestor attestation information of the ARP requestor
verifying trustworthiness of the ARP requestor using the requestor attestation information of the ARP requestor included in the ARP request
performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy
building, by the ARP responder, an ARP response including attestation information of the ARP responder
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information of the ARP responder for verifying the ARP responder using the ARP response and the attestation information of the ARP responder
extracting a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response
adding an ARP entry including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store if the ARP responder is verified using the attestation information of the ARP responder in the ARP response.


9.	Claim 15 of the present invention is directed towards an Address Resolution Protocol (ARP) responder receiving an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment.  Independent claim 15 identifies the following uniquely distinct combination of features:
one or more processors
at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations
receiving, at an Address Resolution Protocol (ARP) responder, an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment 
wherein the ARP request includes requestor attestation information of the ARP requestor
verifying trustworthiness of the ARP requestor using the requestor attestation information of the ARP requestor included in the ARP request
performing the address resolution between the ARP requestor and the ARP responder based on whether the ARP requestor is verified as trustworthy or untrustworthy
building, by the ARP responder, an ARP response including attestation information of the ARP responder
providing, from the ARP responder to the ARP requestor, the ARP response and the attestation information of the ARP responder for verifying the ARP responder using the ARP response and the attestation information of the ARP responder
extracting a media access control (MAC) address of the ARP responder and an Internet Protocol (IP) address of the ARP responder from the ARP response
adding an ARP entry including a mapping of the MAC address of the ARP responder with the IP address of the ARP responder in an ARP mapping data store if the ARP responder is verified using the attestation information of the ARP responder in the ARP response
performing ARP attack mitigation in the network environment if the ARP responder is not verified using the attestation information of the ARP responder in the ARP response.

10.	Regarding allowed claims 1, 15 and 20 presented above, the following is an examiner’s statement of reasons for allowance.  The following are the closest prior art:

Lootah et al. (“TARP:  Ticket-based Address Resolution Protocol”, 2005) Introduction section page 1 col 1, Background section page 2 col 1, A Ticket based Approached section page 3 col 2 and page 4 col 1, The TARP Protocol page 4 col 1, Revocation section page 5 col 1, Attacks against TARP section page 6 col 1, Implementation second page 6 col 1, and Figure 4.  These areas teach the “receiving,” “building,” and “providing” limitations.

Garg (US Pub 20190058731) [0004] [0010] [0026] [0033] [0035] [0039] teach “extracting” and “adding” limitations.

Tian et al. (“Securing ARP From the Ground Up”, 2015) Introduction section page 1 cols 1 & 2 teach “verifying” and “performing” limitations.
	
Ben-Shalom (US Pub 20170289138) [0009] [0016] [0022] [0066] where [0009] states “direct anonymous attestation (DAA) or other privacy preserving group or community keys can be generated and provide to computing devices.”  And, [0016] states “allowing the individual hosts to attest to the fact that they are valid members of a given group.”

Chauhan (US Pub 20200084284) [0141] [0167] where [0141] states “remote attestation or other evidence of integrity of the client software.”

Bakhache et al. (“Kerberos Secured Address Resolution Protocol (KARP)” page 212 col 2 states “the main weakness of ARP is its all-trusting nature so that it does not differentiate between received messages and blindly trusts all received replies.”

Kim et al. (WO 2012153913 A1) pages 2, 3, 6, 7, 8, and 9 teach parts of “extracting” and “adding” limitations.

Wang et al. (CN 109698868 A) pages 13, 24, and 25 teach extracting” and “mapping” features.

Baykal et al. (US Pub 20110029645) [0035] [0057] [0063] [0067] [0078] teach “extracts” and “mapping” features.

	Sawada et al. (US Pub 20020016858) [0236] [0244].

According to Dictionary.com, “attestation” is defined as “evidence or proof of something” such as “a declaration that something exists or is the case.”

11.	In summary, nowhere do the prior art disclose the unique combination of steps/elements listed above.  The unique combination of steps/elements listed above are a novel combination.  The definition, presented above, provides explanation/clarification to some critical features (e.g., attestation).  The prior art, either singularly or in combination fails to anticipate or render obvious the present invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

12.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992.  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
	November 1, 2021