DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Scott Lloyd (Reg. No. 56,650) on December 08, 2021.

Claims
The application has been amended as follows: 

Regarding claim 1: (Currently Amended) A system for agentless identity-based network switching of data traffic among network-enabled devices, the system comprising:
a querying device in network communication with a target device, wherein the target device comprises an X.509 certificate identifying the target device; and
a query module, an analysis module and a switching module, each tangibly stored on a non-transitory computer readable medium; wherein

the analysis module comprises instructions which when executed by a processor cause the processor to:
parse the X.509 certificate into individual information elements;
compare the individual information elements to a set of reference information elements;
generate an analytical output comprising a validated identity of the target device based on comparison of the individual information elements to the reference information elements; and
transmit the analytical output to the switching module; and
the switching module comprises instructions which when executed by a processor cause the processor to execute a switching action on the data traffic received by the querying device from the target device over the first data path based on the analytical output;
wherein the switching action is selected from the group consisting of blocking the target device’s access to a network, permitting the target device’s access to the network, limiting the target device’s access to the network or diverting the target device’s access away from the network, local physical switching, logical switching, application of firewall rules, remote logical signaling, and configuring the target device’s access to the network.

Regarding claim 4: (Currently Cancelled)

Regarding claim 6: (Currently Amended) The system of claim 1, further comprising an intermediate device in network communication with the querying device, target device, query module, analysis module and switching module, the intermediate device comprising at least one switch interface and a management control interface, wherein:
the query module further comprises instructions which when executed by a processor cause the processor to establish a second data path between the querying device and the target device through the intermediate device and obtain the X.509 certificate; and
the switching module further comprises instructions which when executed by a processor cause the processor to:
establish a logical interface between the switching module and the management control interface; and
execute a switching action on the data traffic received by the querying device from the target device over the logical interface based on the analytical output;
wherein the switching action is selected from the group consisting of blocking the target device’s access to a network, permitting the target device’s access to the network, limiting the target device’s access to the network or diverting the target device’s access away from the network, local physical switching, logical switching, application of firewall rules, remote logical signaling, and configuring the target device’s access to the network.

Regarding claim 9: (Currently Cancelled)

Regarding claim 11: (Currently Amended) A method for agentless identity-based network switching of data traffic between network-enabled devices, the method comprising:
initiating from a querying device a request for an X.509 certificate from a target device in network communication with the querying device;
establishing via a processor 
parsing[[es]] the X.509 certificate in response to instructions communicated to the processor from an analysis module tangibly stored on a non-transitory computer readable medium into individual information elements and compares the individual information elements to a set of reference information elements to generate an analytical output comprising a validated identity of the target device based on comparison of the individual information elements to the reference information elements;
transmitting[[s]] the analytical output to a switching module tangibly stored on a non-transitory computer readable medium; and
executing[[es]] a switching action in response to instructions communicated to the processor from the switching module on data traffic received by the querying device from the target device over the first data path based on the analytical output;
wherein the switching action is selected from the group consisting of blocking the target device’s access to a network, permitting the target device’s access to the network, limiting the target device’s access to the network or diverting the target device’s access away from the network, local physical switching, logical switching, application of firewall rules, remote logical signaling, and configuring the target device’s access to the network.
 
Regarding claim 13: (Currently Cancelled) 

Regarding claim 14: (Currently Amended) The method of claim 11, wherein the target device is a fixed application device.

Regarding claim 15: (Currently Amended) The method of claim 11, wherein the target device is selected from the group consisting of cameras, printers, access controllers, alarms, paging systems, locking systems, safe deposit boxes, cash management systems, automatic teller machines and card readers.

Regarding claim 16: (Currently Amended) The method of claim 11, the method further comprising:
establishing via a processor 
transmitting[[s]] the analytical output to a switching module tangibly stored on a non-transitory computer readable medium;
ing[[es]] a logical interface between the switching module and a management control interface of the intermediate device; and
executing[[es]] via the intermediate device ;
wherein the switching action is selected from the group consisting of blocking the target device’s access to a network, permitting the target device’s access to the network, limiting the target device’s access to the network or diverting the target device’s access away from the network, local physical switching, logical switching, application of firewall rules, remote logical signaling, and configuring the target device’s access to the network.

Regarding claim 18: (Currently Cancelled) 
 
Regarding claim 19: (Currently Amended) The method of claim 11, wherein the target device is a fixed application device.

Regarding claim 20: (Currently Amended) The method of claim 11, wherein the target device is selected from the group consisting of cameras, printers, access controllers, alarms, paging systems, locking systems, safe deposit boxes, cash management systems, automatic teller machines and card readers.


Reasons for Allowance

The following is an examiner’s statement of reasons for allowance: 
Claims 1-3, 5-8, 10-12, 14-17 and 19-20 are considered allowable.
The Prior Art Benoit et al. US Patent Application Publication No. 2015/0229475 teaches a device provisioning (e.g., enrollment, configuration, and/or authentication) of a client device with a network device may be assisted using a configurator device. The configurator device may obtain a client public key associated with the client device and send the client public device to the network device. The network device may use the client public key in an authentication process between the network device and the client device. Following the authentication process, the client device may be configured for use with the network device to gain access to other network resources. In this manner, permission to gain access to the network device can be transparent to the user, often without the user having to enter codes or passwords.
The Prior Art HAZARI US Patent Application Publication No. 2014/0057599 teaches a method of accessing a resource requiring identity authentication, the method comprising: receiving at a communications device an encrypted token in response to an identity of the communications device being authenticated over a first radio access technology; decrypting the encrypted token using the identity of the communications device; and using the decrypted token over a second radio access technology to authenticate the identity of the communications device so as to allow access to the resource via the second radio access technology.

The instant application is allowable over Benoit et al., HAZARI and Lee described above, either singularly or in combination, due to the instant application teaching a different and detailed systems and methods for agentless identity- based authentication of network-enabled devices for control of network traffic to and from each device based on identity. The invention leverages X.509 certificates associated with network devices and comprises at least one querying device in communication with at least target device and optionally at least one intermediate device, such as but not limited to a switching device that can interface with the target device and enable the querying device to query the target device to obtain an X.509 certificate and any extensions, then dictate switching actions, which may be carried out by the querying device according to instructions provided by a switching module residing on the querying device or located external to the querying device. The 
The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “[A] system for agentless identity-based network switching of data traffic among network-enabled devices, the query module comprises instructions which when executed by a processor cause the processor to establish a first data path between the querying device and the target device and obtain the X.509 certificate; parse the X.509 certificate into individual information elements; generate an analytical output comprising a validated identity of the target device based on comparison of the individual information elements to the reference information elements; and transmit the analytical output to the switching module; and wherein the switching action is selected from the group consisting of blocking the target device’s access to a network, permitting the target device’s access to the network, limiting the target device’s access to the network or diverting the target device’s access away from the network, local physical switching, logical switching, application of firewall rules, remote logical signaling, and configuring the target device’s access to the network” as recited in independent claims 1 and 11 in combination with the remaining elements of the claim as a whole. Therefore, the claims of the instant application are allowable over the cited prior art.[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439              



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439