Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
This is in response to Application #17/027,424 filed on 09/21/2020 in which Claims 1-20 are presented for examination.

Status of Claims
Claims 1-20 are pending, of which Claims 1, 2, 5, 6, 10, 11, 14, 15, 19 is/are rejected under 35 U.S.C. 102.  Claims 3, 4, 12, 13, 20 is/are rejected under 35 U.S.C. 103.  Claims 7-9, 16-18 are objected to as being allowable as a whole under prior art if rewritten in independent form including all of the limitations of their base claim and any intervening claims as well as addressing any additional issues described below.

Claim Objections
Regarding Claim 1, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 8-10.  There is no mention of “first security association parameters” for the purpose of “establishing the data plane with the first network device through the second network” before the appearance of the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 8-10.

Regarding Claim 5, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the second security association parameters for establishing the data plane with the second network device through the second network” in Lines 2-3.  There is no mention of “second security association parameters” for the purpose of “establishing the data plane with the second network device through the second network” before the appearance of the intended limitation “the second security association parameters for establishing the data plane with the second network device through the second network” in Lines 2-3.

Regarding Claim 7, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the symmetrical key for establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” in Lines 5-7.  There is no mention of a “symmetrical key” for the purpose of “establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” before the appearance of the intended limitation “the symmetrical key for establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” in Lines 5-7.

Regarding Claim 9, this claim is objected to for an apparent typographical error.  This claim recites the limitation “the a same entity” in Line 2.  For the purposes of this examination, this limitation is construed to read as “a same entity”.

Regarding Claim 10, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 11-13.  There is no mention of “first security association parameters” for the purpose of “establishing the data plane with the first network device through the second network” before the appearance of the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 11-13.

Regarding Claim 14, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the second security association parameters for establishing the data plane with the second network device through the second network” in Lines 3-4.  There is no mention of “second security association parameters” for the purpose of “establishing the data plane with the second network device through the second network” before the appearance of the intended limitation “the second security association parameters for establishing the data plane with the second network device through the second network” in Lines 3-4.

Regarding Claim 16, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the symmetrical key for establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” in Lines 6-8.  There is no mention of a “symmetrical key” for the purpose of “establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” before the appearance of the intended limitation “the symmetrical key for establishing the data plane with the second network device through the second network based on the pair of symmetrical keys” in Lines 6-8.

Regarding Claim 18, this claim is objected to for an apparent typographical error.  This claim recites the limitation “the a same entity” in Line 2.  For the purposes of this examination, this limitation is construed to read as “a same entity”.

Regarding Claim 19, this claim is objected to for lack of antecedent basis.  This claim recites the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 9-11.  There is no mention of “first security association parameters” for the purpose of “establishing the data plane with the first network device through the second network” before the appearance of the intended limitation “the first security association parameters for establishing the data plane with the first network device through the second network” in Lines 9-11.

Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim(s) 10-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.

Regarding Claim 10, a system/device is described comprising “one or more processors of a controller”, potentially implemented in software configured to cause the actions described in Claim 10.  In addition regarding Claim 10, the system/device is described as also comprising “a computer-readable medium comprising instructions stored therein”, as a signal stores information as it propagates, applicant's specification fails to exclude signals as a form of medium.  As a result, the “computer readable medium” in the claims can be interpreted as including various types of transmission medium including signals or carrier waves which are also not implemented in hardware.
Accordingly, the recited “system” is nothing more than software per se and is not a “process,” a “machine,” a “manufacture” or a “composition of matter,” as defined in 35 U.S.C. 101.

Regarding Claim(s) 11-18, they/it are/is (a) dependent claim(s) dependent on Claim(s) 10 which have/has inherited the deficiencies of the parent claim and have/has not resolved the deficiencies. Therefore, they/it are/is rejected based on the same rationale as applied to the parent Claim(s) 10 above.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1, 2, 5, 6, 10, 11, 14, 15, 19 is/are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by Smith et al. US Patent Application Publication #2016/0366105.

Regarding Claim 1, Smith et al. discloses:
A method, comprising: receiving, at a controller of a first network through a control plane, first security association parameters from a first network device; receiving, at the controller through the control plane, second security association parameters from a second network device [(Smith et al. Abstract Lines 1-9; Par 10 Lines 1-6; Fig 1) where Smith et al. teaches a rendezvous server or controller of multiple network domains or multiple networks receiving from a first registrar of a first network domain or first network a first registration message and receiving from a second registrar of a second network domain or second network a second registration message, over a cross-domain command and control message bus or control plane and the setting up of a rendezvous point or safe zone through which the rendezvous server or controller to receives discovery and security parameters from the devices on the different domains so that discovery, security, and data exchange can be negotiated between the different network devices on the different network domains or networks];
determining that the first network device and the second network device are permitted to connect to each other via a data plane extending, at least in part, through a second network [(Smith et al. Par 20 Lines 1-3; Fig 1; Fig 2) where Smith et al. teaches that the first and second network devices establish an end-to-end secure session over a data connection or data plane after the aid of the rendezvous server in arranging the end-to-end secure session, with the data connection or data plane connection occurring over both the first and second network]; and
sending, from the controller to the second network device over the control plane, the first security association parameters for establishing the data plane with the first network device through the second network [(Smith et al. Abstract Lines 1-14; Par 10 Lines 1-6; par 13 Lines 1-10; Par 17 Lines 1-15; Par 20 Lines 1-2; Fig 1; Fig 2) where Smith et al. teaches a rendezvous server or controller of multiple network domains or multiple networks that provides the exchange of security association parameters between separate networks and network devices over a control plane in order to negotiate the creation of a data plane end to end secure session].

Regarding Claim 2, Smith et al. discloses:
The method of claim 1, further comprising refraining, by the controller, from sending the first security association parameters to the second network device through the second network [(Smith et al. Abstract Lines 1-14; Par 10 Lines 1-6; par 13 Lines 1-10; Par 17 Lines 1-15; Par 20 Lines 1-2; Fig 1; Fig 2) where Smith et al. teaches a rendezvous server or controller of multiple network domains or multiple networks that provides the exchange of security association parameters between separate networks and network devices over a control plane in order to negotiate the creation of a data plane end to end secure session, thereby refraining from sending these security association parameters over the second network data plane].

Regarding Claim 5, Smith et al. discloses:
The method of claim 1, further comprising sending, from the controller to the first network device over the control plane, the second security association parameters for establishing the data plane with the second network device through the second network. [(Smith et al. Abstract Lines 1-14; Par 10 Lines 1-6; par 13 Lines 1-10; Par 17 Lines 1-15; Par 20 Lines 1-2; Fig 1; Fig 2) where Smith et al. teaches a rendezvous server or controller of multiple network domains or multiple networks that provides the exchange of security association parameters between separate networks and network devices over a control plane in order to negotiate the creation of a data plane end to end secure session].

Regarding Claim 6, Smith et al. discloses:
The method of claim 1, wherein the first network device and the second network device are configured to refrain from establishing one or more control plane channels in the control plane between each other. [(Smith et al. Abstract Lines 1-14; Par 10 Lines 1-6; par 13 Lines 1-10; Par 17 Lines 1-15; Par 20 Lines 1-2; Fig 1; Fig 2) where Smith et al. teaches a rendezvous server or controller of multiple network domains or multiple networks that provides the exchange of security association parameters between separate networks and network devices over a control plane controlled by the rendezvous server or controller of multiple network domains, which indicates the first and second network devices refrain from setting up their own control planes between each other, but instead in this invention, utilize the rendezvous server or controller of multiple network domains controlled control plane for control plane communications].

Regarding Claim 10:
It is a system claim corresponding to the method claim of claim 1. Therefore, claim 10 is rejected with the same rationale as applied against claim 1 above.
In addition, Claim 15 discloses: one or more processors of a controller of a first network and a computer-readable medium [(Smith et al. Par 50 Lines 1-12; Par 53 Lines 1-4; Fig 5) where Smith et al. teaches one or more processors of a controller of a first network and a computer-readable medium].

Regarding Claim 11:
It is a system claim corresponding to the method claim of claim 2. Therefore, claim 11 is rejected with the same rationale as applied against claim 2 above.

Regarding Claim 14:
It is a system claim corresponding to the method claim of claim 5. Therefore, claim 14 is rejected with the same rationale as applied against claim 5 above.

Regarding Claim 15:
It is a system claim corresponding to the method claim of claim 6. Therefore, claim 15 is rejected with the same rationale as applied against claim 6 above.

Regarding Claim 19:
It is a medium claim corresponding to the method claim of claim 1. Therefore, claim 8 is rejected with the same rationale as applied against claim 1 above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).

Claim(s) 3, 4, 12, 13, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. US Patent Application Publication #2016/0366105 in view of McMahon et al. US Patent Application Publication #2005/0114518.

Regarding Claim 3, Smith et al. discloses:
The method of claim 1,

Smith et al. does not appear to explicitly disclose:
wherein the second network is a public network

However, McMahon et al. discloses:
wherein the second network is a public network [(McMahon et al. Claim 4 Lines 1-3) where McMahon et al. teaches that a first network is a private network and a second network is a public network].

Smith et al. and McMahon et al. are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area”.  Namely, they are both from the field of “information security”.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith et al. and the teachings of McMahon et al. by providing that a first network is a private network and a second network is a public network as taught by McMahon et al. in the teaching described by Smith et al..
The motivation for doing so would be to increase the usability and flexibility of Smith et al. by providing that a first network is a private network and a second network is a public network as taught by McMahon et al. in the teaching described by Smith et al. to utilize Industry Standard Techniques of mixing private and public networks, depending on the level of security required for a specific application.

Regarding Claim 4, most of the limitations of this claim have been noted in the rejection of Claim 3.  Applicant is directed to the rejection of Claim 3 above.  In addition, the combination of Smith et al. and McMahon et al.  discloses:
The method of claim 1, wherein the first network is a private network [(McMahon et al. Claim 4 Lines 1-3) where McMahon et al. teaches that a first network is a private network and a second network is a public network].

Regarding Claim 12:
It is a system claim corresponding to the method claim of claim 3. Therefore, claim 12 is rejected with the same rationale as applied against claim 3 above.

Regarding Claim 13:
It is a system claim corresponding to the method claim of claim 4. Therefore, claim 13 is rejected with the same rationale as applied against claim 4 above.

Regarding Claim 20:
It is a medium claim corresponding to the combination of the rejections of method claims 3 and 4. Therefore, claim 20 is rejected with the same rationale as applied against claims 3 and 4 above.

Allowable Subject Matter
Claims 7-9, 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable as a whole under prior art if rewritten in independent form including all of the limitations of their base claim and any intervening claims as well as addressing any additional issues described above.

The following is a statement of reasons for the indication of allowable subject matter.  The examiner has found that the prior art of record Smith et al. US Patent Application Publication #2016/0366105, McMahon et al. US Patent Application Publication #2005/0114518, Hur US Patent #7,181,620, and Young et al. US Patent #7,350,076 does not teach, suggest, or render obvious:
receiving, at the controller from the second network device over the control plane, a symmetrical key of a pair of symmetrical keys generated by the second network device as part of the first security association parameters, and sending, from the controller to the first network device over the control plane, the symmetrical key for establishing the data plane with the second network device through the second network based on the pair of symmetrical keys, the control plane provides a disassociated path function with respect to the data plane extending, at least in part, through the second network, the first network device and the second network device are associated with a same entity and the controller is configured to determine that the first network device and the second network device are permitted to connect to each other via the data plane extending, at least in part, through the second network based on the first network device and the second network device being associated with the same entity.

As recited in dependent Claims 7-9, 16-18 when also incorporating all of the limitations of the base claim and any intervening claims as well as addressing any additional issues described above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hur US Patent #7,181,620: Hur teaches the secure initialization of network devices utilizing cryptographic keys.
Young et al. US Patent #7,350,076: Young et al. teaches network device and key authentication in a wireless network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272- 8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498