DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner acknowledges receipt of Preliminary Amendment, filed of the Application No.: 16/651,086 on 03/26/2020 prior to examination. Claims 1-50 have been canceled and claims 51-70 have been added new.

Priority
This Application is a continuation of U.S. Application Serial No.15/079,762, filed on March 24, 2016, which is a continuation of International Application No. PCT/EP2013/070288, filed on September 27, 2013 is acknowledged.

Information Disclosure Statement
The IDS received on 03/26/2020 and 11/30/2021 have been entered and references cited within carefully considered.
Drawings
The drawings are filled on 03/26/2020 are accepted. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claims 51, 52, 62, 63 and 70 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnaswamy et al. (US Patent No.: 9,455,897 B2) in view of Kanugovi et al. (US Patent No..: 10,142,965 B2). 
Regarding claim 51, Krishnaswamy discloses a method comprising: allocating a first IP address to a first interface of a client device for data communications using a first sub-flow over a first path (The client node 602 may also add one or more secondary IP address for another path through the same proxy node 604 or a different proxy node. The client node 602 and the proxy node 604 may communicate with different WWAN networks. In general, the WWAN networks or channels or protocols or technologies that the proxy node and the client node use to communicate with their respective networks can be the same or different. Traffic allocating a second IP address to a second interface of the client device for data communications using a second sub-flow over a second, different path (The network 608 directs the subflow traffic for the secondary IP address to the proxy node 604 (820). The proxy node 604 then delivers the traffic received for the client’s secondary IP address to the client 602 over a peer-to-peer (P2P) link between the proxy node 604 and the client 602 (822) [col. 11, lines 28-33]), the second IP address being associated with the first IP address (FIG. 16 is a flow chart 1600 of an exemplary method/ process. Using the process, a device may communicate with a server through a first MPTP path using a first IP address (1602); communicate with the server through a second MPTP path using a second IP address, the communication with the server through the second MPTP path being through a wireless node at the second IP address (1604); and communicate with the wireless node through peer-to-peer communication (1606) [col. 20, lines 27-35, see also lines 42-51]); and sending information relating to the allocated first and second IP addresses for the client device (A P2P application can be used to deliver the packets associated with the Secondary IP subflow. Subsequently the subflows are merged at the client 602, and delivered to the client application. In the reverse path from the client 602 to the server 608, the client sends subflow traffic for the primary IP address to the network 610 (818), and the subflow traffic for the secondary IP address to the proxy node 604 (822) which forwards to the network 610 (820). The network 610 sends traffic for both subflows 
Although Krishnaswamy discloses everything as applied above, Krishnaswamy does not explicitly discloses to an aggregating device for aggregating the first and second sub-flows, when received from the client device, for providing aggregated data to a destination device. However, these concepts are well known in the art as taught by Kanugovi.
In the same field of endeavor, Kanugovi discloses to an aggregating device for aggregating the first and second sub-flows (the UE 1 receives the first sub-flow SF1 from the eNB 105M through destination port number VV1, and receives the second sub-flow SF2 from the eNB 105S-1 through destination port number VV2. At the MPTCP layer, the UE 1 aggregates the first and second sub-flows SF1 and SF2 using the connection-level sequence numbers provided by the MPTCP to re-assemble packets received in each sub-flow, thereby receiving the application service data. Referring now to the example in FIG. 3, the UE 1 establishes a MPTCP connection with the application/proxy server 110 for the application 110A. As with FIG. 2, in the example shown in FIG. 3, the MPTCP connection includes two sub-flows SF1 and SF2 [col. 13, lines 31-45]), when received from the client device, for providing aggregated data to a destination device (Still referring to FIG. 4, at step S414 the UE 1 aggregates the multiple sub-flows for the MPTCP connection to receive the application service from the application/proxy server 110. .
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Kanugovi method into Krishnaswamy invention. One of ordinary skill in the art would have been motivated to offered to the application as an aggregate using the multipath TCP connection protocol (MPTCP) [Kanugovi, col. 2, lines 1-3].

Regarding claim 52, Krishnaswamy/Kanugovi disclose everything as discuss above,  Krishnaswamy further discloses allocating one or more further IP addresses to respective further interfaces of the client device for data communications using respective further sub-flows over respective different paths (FIG. 4 is a block diagram 400 illustrating path coordination and path management overlay Support for inter-carrier skew and flow management. Path managers 406, 408 in the tunneling server and path managers 456, 458 in the tunneled client are created for each path associated with each WWAN carrier. The path managers enable discovery and setup for each subflow for each carrier. An inter-carrier path coordinator 404 is established at the tunneling server 304 and an inter-carrier path coordinator 454 is established at the tunneled client 302. The inter-carrier path coordinators 404, 454 dynamically analyze the performance of each path and then optimize the distribution of flow across the available paths. Application-layer overlays can be established between the tunneling server 304 and the tunneled client 302 to the further IP addresses being associated with the first and second IP addresses, and sending information relating to the further IP addresses for the client device to the aggregating device (By contrast, if the MNO does not have an anchor supported for multipath aggregation, then an application service provider may install a multipath server 1304, to enable a multipath session to the client device 1302 using available client IP addresses. In such an aspect, the Multi Path TCP anchor 1316 may reside in a server belonging to the application service provider (e.g., a streaming media content provider could directly set up a multipath session with the client device). A tunneling anchor 1316 may still be used if the content is delivered from a server that is different from the server that may provide the multipath aggregation Support. In such an aspect, data may be streamed in a single path from the content provider server 1308 to the MultiPath TCP server 1304, which may then streams data using multipath streams to the client device 1302 [col, 14, lines 64-67, and col. 15, lines 1-11].

Regarding claim 62, it is substantially the same as claim 51, since claim 62 is also in method claim format.  Because the same reasoning applies, claim 62 is rejected under the same reasoning as claim 51.

Regarding claim 63, Krishnaswamy/Kanugovi disclose everything as discuss above,  Krishnaswamy further discloses sending one or more further requests for respective further IP addresses to the allocating system; receiving information relating to one or more respective IP addresses from the allocating system (FIG. 4 is a block diagram 400 illustrating path coordination and path management overlay Support for inter-carrier skew and flow management. Path managers 406, 408 in the tunneling server and path managers 456, 458 in the tunneled client are created for each path associated with each WWAN carrier. The path managers enable discovery and setup for each subflow for each carrier. An inter-carrier path coordinator 404 is established at the tunneling server 304 and an inter-carrier path coordinator 454 is established at the tunneled client 302. The inter-carrier path coordinators 404, 454 dynamically analyze the performance of each path and then optimize the distribution of flow across the available paths. Application-layer overlays can be established between the tunneling server 304 and the tunneled client 302 to exchange information between the inter-carrier path coordinators 404, 454 and the path managers at tunneled client 302 and tunneling server 304 to optimize the simultaneous utilization of paths using the MPTP tunnel 402, 452 between the nodes 302,304. In one aspect, as discussed with reference to FIGS. 10, 11 and 12, tunneling client 302 may be operable to act as an ad hoc access point for other devices (e.g., UEs)[col. 9, lines 29-49], the IP addresses being allocated to respective further interfaces for data communications using further sub-flows over further paths (By contrast, if the MNO does not have an anchor supported for   

Regarding claim 70, it is substantially the same as claim 51, except claim 70 is in apparatus claim format.  Because the same reasoning applies, claim 70 is rejected under the same reasoning as claim 51, where Krishnaswamy further discloses an apparatus [Fig. 1, Apparatus 100], the apparatus having at least one processor and at least one memory having computer-readable code stored thereon which when executed controls the at least one processor: [col. 7, lines 23-67 and col. 8, lines 1-6].


	Claims 53-58, 60, 61 and 63-69 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnaswamy et al. (US Patent No.: 9,455,897 B2) in view of 
Regarding claim 53, Krishnaswamy/Kanugovi disclose wherein the first IP address is allocated responsive to a first request from the client device, and the second IP address is allocated responsive to a second request from the client device as discuss above. 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose identifying, or deriving, an association key from the second request, which association key identifies or generates the device-specific pool of IP addresses from which the second IP address is allocated. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses identifying, or deriving, an association key from the second request, which association key identifies or generates the device-specific pool of IP addresses from which the second IP address is allocated (In a step S103, the router 202 retrieves, based on the entity name (identifier) contained in the Certificate Solicitation received from the network interface 301 in the step S102, the registered public key v i from the RAM 305 or the HD 306, and confirms the legitimacy of the authenticating signature utilizing such public key [col. 11, lines 10-16, see also col. 16, lines 39-49]). US 7,461,251 B2
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been 

Regarding claim 54, Krishnaswamy/Kanugovi disclose everything as discuss above 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose generating a first association key responsive to the first request and sending information to the client device for the client device to generate a corresponding first association key identifiable or derivable from the second request from the client device. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses generating a first association key responsive to the first request and sending information to the client device for the client device to generate a corresponding first association key identifiable or derivable from the second request from the client device (It is also assumed in this case that the Certification Authority 209 and the default gateway 202 (or DHCP server or exclusive CA server) can execute a secure and reliable communication through the internet, for example by securely exchanging public key cryptosystems or securely sharing a secret encrypting key. The administrator of the Certification Authority 209 determines a public key V ca for the CA. The administrator of the router 202 determines and discloses the aforementioned public parameters p, get c. Also it determines the public key V router for the router. When a user i applies for an access to the LAN, the user generates its own secret key S i utilizing the public parameters p, g etc., calculates a  the administrator of LAN (administrator of the router 202). The administrator of LAN (administrator of the router 202), after executing an identification of the user i and a password check according to its operating policy, permits an access. The administrator makes a registration in the RAM304 or the HD 306 in such a manner that the corresponding public key can be retrieved from the entity name. The public parameters p, get c. and the public key V i, and particularly the Secret key Si are managed by the user i and are made securely usable in the host 206 [col. 15, lines 54-67 and col. 16, lines 1-11]). US 7,461,251 B2
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include xxx method into Faerber invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 55, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the first association key is generated by: receiving a public key A from the client device; computing a local 
In the same field of endeavor, Oishi discloses wherein the first association key is generated by: 3Docket No. NC103268-US-PCT Customer No. 73658receiving a public key A from the client device; computing a local public key B (When a user i applies for an access to the LAN, the user generates its own secret key S i utilizing the public parameters p, g etc., calculates a corresponding public key v i and submits the user name, the password and the public key V i to the administrator of LAN (administrator of the router 202). The administrator of LAN (administrator of the router 202), after executing an identification of the user i and a password check according to its operating policy, permits an access. The administrator makes a registration in the RAM304 or the HD 306 in such a manner that the corresponding public key can be retrieved from the entity name. The public parameters p, get c. and the public key V i, and particularly the Secret key Si are managed by the user i and are made securely usable in the host 206 [col. 10, lines 26-39]); and generating a local first association key S based on the received public key A and the local public key B (In a step S101, the host 206 generates a Certificate Solicitation. The Certificate Solicitation is a message requesting an anonymous public key certificate and is generated in such a format understandable to the router 202 that it requests an anonymous public key certificate and that it contains the interface ID of the interface 301. The content is calculated from the entity name (user name), the password and a serial number. The serial number can be, for example, formed by concatenating an IPv6 link local  time. In order to prevent a replay attack and an impersonation, the Certificate Solicitation contains a digital signature (authenticating signature) (Sig i(hash(entity name, password, serial number))) generated by entering the entity name (user name), the password and the serial number into the Hash function utilizing the secret keys I [col. 10, lines 59-67 and col. 11, lines 1-7]). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 56, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the public key A is received from the client device with an identifier of the first interface of the client device, the method further comprising associating the first IP address with the first interface identifier. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses wherein the public key A is received from the client device with an identifier of the first interface of the client device, the method further comprising associating the first IP address with the first interface identifier (The host 1406, utilizing the public key V ca of the  anonymous public key certificate APC cai)=(g, Vi', X, Sig ca(g, Vi', X)), namely a legitimate correspondence between (g, V i') and Sig ca(g, V i', X). For example, the host 1406 extracts (g, Vi', X) from the anonymous public key certificate APCcai) and calculates a Hash value thereof (for example H(g'v i'IX), wherein “” indicates an association), thereby confirming whether Sig ca(g, V i', X) is a correct digital signature for the Hash value, utilizing the public key V ca. The host 1406 memorizes the public key Vca of the Certification Authority 1408 in advance. In an architecture where the public key certificate of the public key V ca is included in the management/attribute information X of the anonymous public key certificate, the host 1406 at first confirms that the memorized public key Vca coincides with the public key V ca of the public key certificate, included in the management/attribute information X of the anonymous public key certificate, and then confirms the legitimacy of the anonymous public key certificate utilizing Such public key W. Ca. In the foregoing protocol, the data sent and received in the steps S1305 and S1309 may be collectively sent in the step S1305. In such case, though not illustrated, the host 1406 sends the random interface ID, the CHAP-response and the Certificate Solicitation (similar to that in the first embodiment) to the PPP peer 1402 in a step S1305'. Then, in a step S1306, the PPP peer 1402 confirms the legitimacy of the CHAP-response, retrieves the registered public key V i, generates data including an IPv6 global address to be assigned to the host 1406 (from the IPv6 prefix and the interface ID) and its lifetime (validity period of use, for example 24 hours), and generates an authenticating sig 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 57, Krishnaswamy/Kanugovi disclose everything as discuss above. 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose sending the local public key B to the client device for generating a comparison first association key S. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses sending the local public key B to the client device for generating a comparison first association key S (It is also assumed in this case that the Certification Authority 209 and the default gateway 202 (or DHCP server or exclusive CA server) can execute a secure and reliable communication through the internet, for example by securely exchanging public key cryptograms or securely sharing a secret encrypting key [col. 10, lines 7-12]. After the authentication, the router 202 generates an IPv6 global address of the host 206 from the prefix of the IPv6 global address and the interface ID of the interface 301 of the host 206. Then, in a step S103A, it generates a random number r, and determines (g, Vi') (gr mod p, (vi) (r) mod p) from the generator g and the public key  foregoing (g' and V i' being called anonymous public keys). In this manner, the CPU 303 generates a public key Vi' from the public key Vi. Then there is generated an authenticating signature (2) which is a signature of the router 202 for the IPv6 global address of the host 206 and the anonymous public keys (g, V i') [col. 11, lines 26-38, see also col. 21, lines 31-51]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 58, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose responsive to receiving the second request, generating a second association key, linked to the first association key, and sending information to the client device for the client device to generate a corresponding second association key identifiable or derivable from a subsequent request from the client device. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses responsive to receiving the second request, generating a second association key, linked to the first association key [col. 8, lines 25-62], and sending information to the client device for the client device to generate a corresponding second association key identifiable or derivable from a subsequent request from the client device [col. 11, lines 44-65].  
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 60, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the public key C is received from the client device with an identifier of the second interface of the client device, the method further comprising associating the second IP address with the first interface identifier. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses wherein the public key C is received from the client device with an identifier of the second interface of the client device, the method further comprising associating the second IP address with the first interface identifier (The host 1406 executes the procedure shown in FIG. 13 for every communication counterpart, for every session or for every transmission of a communication packet, thus receiving the anonymous public key certificate from the Certification Authority 1408. Thus the host 1406 realizes the privacy protection by requesting and receiving a new public certificate whenever  sending a public key certificate including the IPv6 address to the communication counterpart. The public keys (g, V i') belong to a same entity but are changed with the lapse of time. In the foregoing, there has been explained an embodiment in which the PPP peer 1402 provides the host 206 with the prefix of the IPv6 address, and the host 1406 generates the IPv6 address from the IPv6 prefix and the interface ID, but an embodiment, in which the PPP peer 1402 transmits the IPv6 address to the host 1406 and the host 1406 utilizes such address, can also be realized by a similar protocol. In such case, the protocol can be same except that the IPv6 address is transmitted instead of the prefix in the step S1307 shown in FIG. 3 and that the process of address generation from the prefix in the step S1308 can be dispensed with [col. 22, lines 6-26]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 61, Krishnaswamy/Kanugovi disclose everything as discuss above. 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose responsive to receiving a further request, generating a further association key, linked to the first and second association keys, and sending 4Docket No. NC103268-US-PCT Customer No. 73658information to the client device for the client device to generate a corresponding further association key to the client device identifiable or 
In the same field of endeavor, Oishi discloses responsive to receiving a further request, generating a further association key, linked to the first and second association keys [col. 8, lines 25-62], and sending 4Docket No. NC103268-US-PCT Customer No. 73658information to the client device for the client device to generate a corresponding further association key to the client device identifiable or derivable from a subsequent request from the client device [col. 11, lines 44-65].  
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 64, Krishnaswamy/Kanugovi disclose everything as discuss above. 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the second request comprises an association key. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses wherein the second request comprises an association key (In a step S103, the router 202 retrieves, based on the entity name (identifier) contained in the Certificate Solicitation received from the network interface 301 in the step S102, the registered public key v i from the RAM  and confirms the legitimacy of the authenticating signature utilizing such public key [col. 11, lines 10-16, see also col. 16, lines 39-49]). 
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 65, Krishnaswamy/Kanugovi disclose everything as discuss above. 
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein a first association key is generated in response to a message from the allocating device in response to the first request. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses wherein a first association key is generated in response to a message from the allocating device in response to the first request (When a user i applies for an access to the LAN, the user generates its own secret key Si utilizing the public parameters p, g etc., calculates a corresponding public key vi and submits the user name, the password and the public key Vi to the administrator of LAN (administrator of the router 202). The administrator of LAN (administrator of the router 202), after executing an identification of the user i and a password check according to its operating policy, permits an access. The administrator makes a registration in the RAM304 or the HD 306 in such a manner that the corresponding public key can be retrieved from the  p, get c. and the public key Vi, and particularly the secret key Si are managed by the user i and are made securely usable in the host 206 [col. 10, lines 26-39])
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 66, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the first association key is generated by: receiving a public key B from the allocating device; and generating a comparison first association key S based on a computed local public key A and the received public key B. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses wherein the first association key is generated by: receiving a public key B from the allocating device (In a step S101, the host 206 generates a Certificate Solicitation. The Certificate Solicitation is a message requesting an anonymous public key certificate and is generated in such a format understandable to the router 202 that it requests an anonymous public key certificate and that it contains the interface ID of the interface 301. The content is calculated from the entity name (user name), the password and a serial number. The  concatenating an IPv6 link local address of the host 206, an IPv6 link local address of the default gateway and a current time. In order to prevent a replay attack and an impersonation, the Certificate Solicitation contains a digital signature (authenticating signature) (Sig i(hash(entity name, password, serial number))) generated by entering the entity name (user name), the password and the serial number into the Hash function utilizing the secret keys I [col. 10, lines 59-67 and col. 11, lines 1-7]); and generating a comparison first association key S based on a computed local public key A and the received public key B (In a step S101, the host 206 generates a Certificate Solicitation. The Certificate Solicitation is a message requesting an anonymous public key certificate and is generated in such a format understandable to the router 202 that it requests an anonymous public key certificate and that it contains the interface ID of the interface 301. The content is calculated from the entity name (user name), the password and a serial number. The serial number can be, for example, formed by concatenating an IPv6 link local address of the host 206, an IPv6 link local address of the default gateway and a current time. In order to prevent a replay attack and an impersonation, the Certificate Solicitation contains a digital signature (authenticating signature) (Sig i(hash(entity name, password, serial number))) generated by entering the entity name (user name), the password and the serial number into the Hash function utilizing the secret keys I [col. 10, lines 59-67 and col. 11, lines 1-7]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into 

Regarding claim 67, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose responsive to sending the second request, receiving information for generating a second association key, linked to the first association key, in a message from the allocating device. However, these concepts are well known in the art as taught by Oishi.
In the same field of endeavor, Oishi discloses responsive to sending the second request, receiving information for generating a second association key, linked to the first association key, in a message from the allocating device [col. 8, lines 25-62].  
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].

Regarding claim 68, Krishnaswamy/Kanugovi disclose everything as discuss above.
Although Krishnaswamy/Kanugovi disclose everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein the first IP address is 
In the same field of endeavor, Oishi discloses wherein the first IP address is allocated responsive to the first request from the client device (Upon receiving the this message, the DHCP server 203 executes processes of S103, S103A and S104 in FIG. 1 and receives an anonymous public key certificate from the Certification Authority 209 as in the step S106. Then the DHCP server 203 sends a DHCP Certificate Reply Message, including both a DHCP Reply Message and data corresponding to the Certificate Advertisement, to the host 206. Consequently, a DHCP Certificate Reply Message received in a step S1204 is data including both the DHCP Reply Message received in the step S1004 in FIG. 10 and data corresponding to the Certificate Advertisement received in the step S107 in FIG. 1 (transmission source being the DHCP server 203 instead of the router 202). Then it generates an IPv6 global address, assigns it to the interface 301 and confirms the legitimacy of the anonymous public key certificate. In the present case, the legitimacy of the anonymous public key certificate is confirmed, as in the step S108, by the public Vca of the Certification Authority 209 [col. 14, lines 3-20]) and wherein the device-specific pool of IP addresses comprises a chain of one or more further IP addresses, associated with the first IP address (A case where both the router 202 and the DHCP server 203 are relied on by the Certification Authority 209 functioning as the CA corresponds to a situation of receiving the Router  and stateful in a step S1104 in FIG. 11 (case “YES”), and, in such case, it is possible to apply the aforementioned two extended protocols in an arbitrary combination thereby achieving automatic setting and acquisition of the link local address, the site local address, the one-time IPv6 global address, the corresponding one-time anonymous public key certificate and the default gateway. In Such case, the router 202 and the DHCP server 203 correspond to a communication apparatus group providing the host (communication apparatus) 206 with the address information for setting the address, and the router 202 and the DHCP server 203 constituting a group of such information processing apparatuses request the public key certificate to the Certification Authority 209 and transmits the public key certificate, issued by the Certification Authority, to the host 206 [col. 14, lines 26-44]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].
 
Regarding claim 69, Krishnaswamy/Kanugovi disclose everything as discuss above. 
Although Krishnaswamy/Kanugovi discloses everything as applied above, Krishnaswamy/Kanugovi do not explicitly disclose wherein one or more of the first and second IP addresses have an associated expiry time, the method further comprising sending a renewal request to the allocating device comprising at least 
In the same field of endeavor, Oishi discloses wherein one or more of the first and second IP addresses have an associated expiry time, the method further comprising sending a renewal request to the allocating device comprising at least one of the first and second IP addresses (The host 206 or 1406 executes the protocol shown in FIG. 11 or 13 for every communication counterpart (namely for every new connection to a site), or every session, thereby renewing or changing the IPv6 address and the public keys g and  Vi' to be used. The public keys g and Vi' may be renewed or changed for every transmission of a communication packet. Thus the host 1406 realizes the privacy protection by requesting and receiving a new public certificate whenever necessary, and also prevents impersonation by sending a public key certificate including the IPv6 address to the communication counterpart [col. 24, lines 10-20]).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to include Oishi method into Krishnaswamy/Kanugovi invention. One of ordinary skill in the art would have been motivated to prevent impersonation and key-substitution attacks [Oishi, col. 3, lines 10-11].
Allowable Subject Matter
Claim 59 is objected to as being dependent upon a rejected base claims, but would be allowable if rewritten in in independent form including all of the limitation of the base claim and nay intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. (1) Puthiyandyil et al. (US Patent No.:7,305,489 B2) teaches a method for allocating network addresses comprises providing an address pool comprising a plurality of network addresses and then dividing the address pool into a plurality of address sub-pool that comprise a unique subset of the network addresses of the address pool. Each of the sub-pools is available for use by any one of a plurality of routing devices of a network access server. The method then comprises receiving a request to assign a first network address to a first user, allocating a first address sub-pool of the plurality of address sub-pools to a first routing device of the plurality of routing devices and transmitting a first message to the other routing devices to indicate that the first address sub-pool has been allocated. The method additionally comprises assigning the first network address to the first user from the first address sub-pool and advertising an aggregate route for the first address sub-pool over a network. (2) Beeson (US Patent No.:7,869,593 B2) teaches  facilitating communication using a digital signature includes: communicating software to a first party; receiving from the first party public keys of public-private key pairs generated using the software; and recording in a database the public keys in association with information pertaining to the software. The key pairs have the same private key. The software additionally provides digital signatures utilizing this private key. Each public key of these key pairs is generated, in part, based on data that is specified by the first party. (3) Baucke et al. (US Patent No.:8,560,663 B2) teaches embodiments of the invention include a method performed by a cloud network manager flow entries in a cloud network. The CNM is coupled to .
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DHARMESH J PATEL whose telephone number is (571)272-2690.  The examiner can normally be reached on Monday-Friday 8:00AM-5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Marsha D Banks-Harold can be reached on (571) 272-7905.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


DHARMESH J. PATEL
Examiner
Art Unit 2465


/DHARMESH PATEL/
Examiner, Art Unit 2465

/MARSHA D BANKS HAROLD/Supervisory Patent Examiner, Art Unit 2465