Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This office action is response to the amendment filed on 09/03/2021 to the application 16/694,809 filed on 11/25/2019. Claims 1-6, 8-13 and 15-20 are pending in this communication. Applicant's arguments filed on 09/03/2021 have been fully considered but those are not persuasive. Thus, BHATT; Yogesh B. et al.  (US 2008/0013546 A1) and ATHMALINGAM; Manimuthu M. et al. (US 20200195431 A1) have been used to address the newly added issues. Accordingly, this action has been made final.

Response to Arguments
Applicant's arguments filed 09/03/2021 have been fully considered.
Applicant’s Argument:
Applicant has amended independent Claims 1, 8, and 15 to incorporate the allowable subject matter of dependent Claim 7, which renders these rejections moot.
Examiner’s response:
The primary examiner appreciates the effort to advance the prosecution, however, the application is not in the condition of allowance.
Applicant’s Argument:

Applicant respectfully requests appropriate evidentiary support. For example, if the Examiner is relying on alleged "common knowledge," alleged "well known" principles, "Official Notice," or other information within the Examiner's personal knowledge, Applicant respectfully requests that the Examiner cite a reference as documentary evidence in support of this position or provide an affidavit. See M.P.E.P. § 2144.03 and 37 C.F.R. § 1.104(d)(2).

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 5, 8, 9, 11, 12, 15, 16, 18 & 19 are rejected under AIA  35 U.S.C. 103 as being unpatentable over YANG; Li-Jau (Steven), Pat. No.: US 7,003,118 B1 in view of HUANG; Zhenjie et al., Pub. No.: US 2018/0191493 A1 and further in view of BHATT; Yogesh B. et al., Pub. No.: US 2008/0013546 A1.

Regarding Claim 1, YANG discloses a networking device, comprising:
one or more processors; and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the networking device to perform operations {col. 10 lines 29-33, “Any software embodying any portion of the present invention is a computer program product which is a storage medium (media) having instructions stored thereon/in which can be used to control, or cause, a computer to perform any of the processes of the present invention. … lines 43-46, “Stored on any one of the computer readable medium (media), the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor”} comprising:
… 
receiving an Internet Protocol (IP) packet from the peer, the IP packet comprising an outer IP header, an Encapsulating Security Payload (ESP) header, a protocol header, data, an ESP trailer, and ESP authentication data {col. 5 lines 38-47, “Turning now to FIG. 2B, a field diagram illustrates the placement of Encapsulated Security Payload (ESP) related fields, and identification of fields encrypted and authenticated in an ESP packet in Transport and Tunnel Modes.  … A Tunnel Mode ESP packet 260 includes a new IP header 270 along with the fields for ESP 245, original IP header 205, TCP 210, Data 215, ESP Trailer 250, and ESP Auth 255”. Examiner’s note: TCP is the protocol header for the cited IP packet}; and
performing, using an IP Security (IPSec) authentication algorithm, authentication checks for the outer IP header, the ESP header, the protocol header, the data, the ESP trailer, and the ESP authentication data of the IP packet {col. 14 lines 8- 14 (claim 19),”authenticating the entire packet except for mutable fields; … and said packet is in tunnel mode, adding a new IP Header and …, and authenticating the entire packet except for mutable fields”. Examiner’s note: the entire packet fields are described above in col.5 lines 38-47}.
YANG, however, does not explicitly disclose 
negotiating a security association with a peer;
wherein the networking device receives IP address information from the peer prior to receiving the IP packet from the peer.
In an analogous reference HUANG discloses
negotiating a security association with a peer {[0009], “When IKEv2 initial exchanges (including IKE_SA_INIT and IKE_AUTH) are successfully setup, … and the IKE Security Association, SA and the first IPSec SA or tunnel are setup. The IPSec tunnel is used as a user data path for the PDN connection. Notably, the IKE_SA_INIT exchange is used to setup the IKE SA including IKE SPI assignment, negotiate cryptographic algorithms”};
In another analogous reference BHATT discloses
wherein the networking device receives IP address information from the peer prior to receiving the IP packet from the peer {[0014] In FIG. 1, the Peer-A 101 would like to establish an IP session with Peer-B 103. However, because there is no centralized switch in the various embodiments, Peer-A 101 must acquire reachability information for Peer-B 103 before an IP session can be established. Therefore, Peer-A 101 broadcasts a Peer Lookup Query 107 to a Peer Discovery Service (PDS) 105}.

motivation is data origin authentication by identifying who sent the data, keeping data confidentiality by encryption by ensuring that the data has not been read during transmission and connectionless integrity by ensuring the data has not been changed during transmission. VPN using IPsec tunnel keeps data confidential over inherently unsafe public network such as internet and provides low cost secure tunnels for data exchange for stake holders.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 2, YANG as modified by HUANG discloses all the features of claim 1. The combination further discloses
wherein an Internet Key Exchange (IKE) protocol is used to negotiate the security association with the peer {HUANG: [0009], “When IKEv2 initial exchanges (including IKE_SA_INIT and IKE_AUTH) are successfully setup, … and the IKE Security Association, SA and the first IPSec SA or tunnel are setup. The IPSec tunnel is used as a user data path for the PDN connection. Notably, the IKE_SA_INIT exchange is used to setup the IKE SA including IKE SPI assignment, negotiate cryptographic algorithms”}.

Regarding Claim 4, YANG as modified by HUANG discloses all the features of claim 1. The combination further discloses
the IKE protocol is the IKE version 2 (IKEv2) protocol {HUANG: [0051], “[0051] FIG. 1 illustrates a sequence diagram for establishing multiple PDN connections over an untrusted 3GPP, e.g., WiFi access using IKEv2 and IPSec”};
the IP address information is included in a traffic selector payload received by the networking device from the peer {HUANG: [0036], “The UE IP address may be encoded in a traffic selector payload”}; and
the IP address information comprises original source and destination IP addresses {HUANG: [0036], “supporting handover from one radio network such as LTE or WiFi to the untrusted WiFi network, the security gateway receives the IKE request message, this time comprising the UE IP address previously allocated when the UE was attached to the previous radio network prior to handover. … In this scenario, the UE may also include the APN used for the PDN connection in the previous radio network and may also include the previously used PDN-GW address”}.

Regarding Claim 5, YANG as modified by HUANG discloses all the features of claim 1. The combination further discloses
the IP packet further comprises a User Datagram Protocol (UDP) encapsulation header; and the operations further comprise performing, using the IPSec authentication algorithm, an authentication check for the UDP encapsulation header of the IP packet {YANG: col. 2 lines 17-19, “IPSEC can encrypt data sent by any application. IPSEC therefore becomes a transparent add-on to such protocols as TCP and UDP”. Examiner’s note: for IPSEC protocol handling of TCP can be replaced by UDP and all the applied authentication of entire packet in base claim 1 applies}.

Regarding claim 8, claim 8 is claim to a method using the networking device of claim 1. Therefore, claim 8 is rejected for the reasons set forth for claim 1.

Regarding claim 9, claim 9 is a dependent claim of claim 8, claim 9 is claim to method using the networking device of claim 2. Therefore, claim 9 is rejected for the reasons set forth for claim 2.

Regarding claim 11, claim 11 is a dependent claim of claims 9 & 8, claim 11 is claim to method using the networking device of claim 4. Therefore, claim 11 is rejected for the reasons set forth for claim 4.

Regarding claim 12, claim 12 is a dependent claim of claim 8, claim 12 is claim to method using the networking device of claim 5. Therefore, claim 12 is rejected for the reasons set forth for claim 5.

Regarding claim 15, claim 15 is claim to a computer-readable non-transitory storage media using the networking device of claim 1. Therefore, claim 15 is rejected for the reasons set forth for claim 1.

Regarding claim 16, claim 16 is a dependent claim of claim 15, claim 16 is claim to computer-readable non-transitory storage media using the networking device of claim 2. Therefore, claim 16 is rejected for the reasons set forth for claim 2.

Regarding claim 18, claim 18 is a dependent claim of claims 16 & 15, claim 18 is claim to computer-readable non-transitory storage media using the networking device of claim 4. Therefore, claim 18 is rejected for the reasons set forth for claim 4.

Regarding claim 19, claim 19 is a dependent claim of claim 15, claim 19 is claim to computer-readable non-transitory storage media using the networking device of claim 5. Therefore, claim 19 is rejected for the reasons set forth for claim 5.

Claims 3, 10 & 17 are rejected under AIA  35 U.S.C. 103 as being unpatentable over YANG; Li-Jau (Steven), Pat. No.: US 7,003,118 B1 in view of HUANG; Zhenjie et al., Pub. No.: US KOZAKAI; Yasuyuki et al., Pub. No.: US 2007/0110054 A1.

Regarding Claim 3, YANG as modified by HUANG discloses all the features of claim 1. The combination further discloses
the IP address information comprises original source and destination IP addresses {HUANG: [0036], “supporting handover from one radio network such as LTE or WiFi to the untrusted WiFi network, the security gateway receives the IKE request message, this time comprising the UE IP address previously allocated when the UE was attached to the previous radio network prior to handover. … In this scenario, the UE may also include the APN used for the PDN connection in the previous radio network and may also include the previously used PDN-GW address”}.
However, the combination does not disclose
the IKE protocol is the IKE version 1 (IKEv1) protocol;
the IP address information is included in a Network Address Translation-Original Address (NAT-OA) payload received by the networking device from the peer; and
…
In an analogous reference KOZAKAI discloses
the IKE protocol is the IKE version 1 (IKEv1) protocol {[0053], “The IKE processing unit 101 processes an IKE message which is a message transmitted to and received from the server 140 according to an IKE protocol. More specifically, to establish a security association, the IKE processing unit 101 generates an IKE message to establish security association for Internet Security Association Key Management Protocol (ISAKMP) and to require authentication”. Examiner’s note: cited IKE is IKEv1 protocol};
the IP address information is included in a Network Address Translation-Original Address (NAT-OA) payload received by the networking device from the peer {[0114], “As shown in FIG. 7, the IKE message 705 includes an ISAKMP header (HDR), a HASH payload (HASH(1)), an SA payload (SA), a Nonce payload (Ni), a Key Exchange payload (KE), two ID payloads (IDci and IDcr), and two NAT-OA payloads (NAT-OAi and NAT-OAr)”}; and
…
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify YANG’s technique (as modified by HUANG) of ‘authenticating an entire IP packet including new IP header and ESP fields and negotiating security association between peers before IPSEC data tunnel is established’ to ‘include IP address information in a NAT-OA payload’ by KOZAKAI, in order to protect and preserve integrity of IP packet exchange between IP peers. The motivation is - a network configuration using a Network Address Translation (NAT) device is popularly used so that a larger number of devices than a finite number of global Internet Protocol (IP) addresses are able to communicate simultaneously with other devices connected to the Internet. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes. The most common form of network translation involves a large private network using addresses in a private range.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. 

Regarding claim 10, claim 10 is a dependent claim of claims 9 & 8, claim 10 is claim to method using the networking device of claim 3. Therefore, claim 10 is rejected for the reasons set forth for claim 3.

Regarding claim 17, claim 17 is a dependent claim of claims 16 & 15, claim 17 is claim to computer-readable non-transitory storage media using the networking device of claim 3. Therefore, claim 17 is rejected for the reasons set forth for claim 3.

Claims 6, 13 & 20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over YANG; Li-Jau (Steven), Pat. No.: US 7,003,118 B1 in view of HUANG; Zhenjie et al., Pub. No.: US 2018/0191493 A1 and further in view of BHATT; Yogesh B. et al., Pub. No.: US 2008/0013546 A1 and ATHMALINGAM; Manimuthu M. et al., Pub. No.: US 2020/0195431 A1.

Regarding Claim 6, YANG as modified by HUANG and further modified by BHATT discloses all the features of claim 1. 
However, the combination does not explicitly disclose
wherein negotiating the security association with the peer comprises determining that the peer supports performing authentication checks for the outer IP header of the IP packet without using an IPsec Authentication Header (AH) protocol.
 In an analogous reference ATHMALINGAM discloses
wherein negotiating the security association with the peer comprises determining that the peer supports performing authentication checks for the outer IP header of the IP packet without using an IPsec Authentication Header (AH) protocol {[0002], “IPsec describes a secure network protocol suite of standards that use cryptography to secure communications over Internet Protocol (IP) networks. It may be used to authenticate endpoint hosts along with providing data confidentiality and integrity. IPsec may use the Internet Key Exchange (IKE) protocol to authenticate each peer in an IPsec session, negotiate security associations (SAs) between peers, and handle the exchange of session keys”. Examiner’s note: IPsec peers authenticating each other ‘without IPsec Authentication Header (AH) protocol’}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify YANG’s technique (as modified by HUANG) of ‘authenticating an entire IP packet including new IP header and ESP fields and negotiating security association between peers before IPSEC data tunnel is established’ to ‘authenticating an IPsec peer without using AH protocol’, by ATHMALINGAM. The motivation is to have options to authenticate IPsec peer with alternative protocols for additional flexibility and avoid AH protocol if necessary.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. 

Regarding claim 13, claim 13 is a dependent claim of claim 8, claim 13 is claim to method using the networking device of claim 6. Therefore, claim 13 is rejected for the reasons set forth for claim 6. 

Regarding claim 20, claim 20 is a dependent claim of claim 15, claim 20 is claim to computer-readable non-transitory storage media using the networking device of claim 6. Therefore, claim 20 is rejected for the reasons set forth for claim 6. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491