DETAILED ACTION
This non-final office action is in response to claims 1-24 filed on 06/27/2019 for examination. Claims 1-24 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because: 
Reference character “140” has been used to designate “original author 140” (see, e.g., [0031]), “publisher 140” (see, e.g., [0027]), and “device 140” (see, e.g., [0027]).  
Reference character “140” has been used to designate both “data packet 145” (see, e.g., [0029]) and “data 145” (see, e.g., [0027]).  
The drawings are further objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: “420” (see Fig. 4), “425” (see Fig. 4), “700” (see Fig. 7), “1000” (see Fig. 10), and “1160” (see Fig. 11).  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to alter the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 1-24 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Particularly, claim 1 introduces “a node” in line 6, and further introduces “a consumer node” in line 14. Subsequently, claim 1 recites “the node” in line 16. It is unclear which of the first or second “node” is being referred to by recitation of “the node”. Claims 2, 4, 6, 9-10, 12, 14, 17-18, 20, and 22 recite a similar deficiency with regards to “the node”, and are rejected under like rationale. Claims 3, 5, 7-8, 11, 13, 15-16, 19, 21, and 23-24 incorporate the deficiency of their parent claim, and are rejected under like rationale.

Consideration Under 35 USC § 101
Note: the claims have been considered and analyzed by the Examiner under 35 USC § 101 with respect to statutory category and judicial exceptions, and appear to recite a form of subject matter statutorily compliant with § 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 9, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Aiash et al. (NPL: “A Formally Verified Access Control Mechanism for Information Centric Networks”; July 2015, Hereinafter “Aiash”) in view of Scheidt et al. (US20110178930, Hereinafter “Scheidt”).
Regarding claim 1, Aiash teaches a system for information-centric network namespace policy-based content delivery (pg. 1, “Introduction” – access control system for an information centric network delivering named data objects), the system comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the at least one processor to perform operations (pg. 1, “Introduction” – system is implemented using servers providing stored digital objects to other computing systems <i.e., comprises processors, memory, and computer instructions>) to: 
receive a registration request from a node on an information-centric network (ICN) (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node on the NetInf network; pg. 1, “Introduction” – NetInf is an Information Centric Network “ICN”); 
validate credentials of the node (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials); 
register the node with the ICN based on results of the validation (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials and registers the publisher); 
register a set of content items associated with the node with the ICN (§ 2.3.2 and 3.1 – content items are published on the ICN by the publisher node,  wherein the content items have an object token comprising an access control label <i.e., security level>, e.g., an object can have an access control label of level “.3” that may only be accessed by subscribers with access abilities of “.3.1”, “.3.2”, etc.); 
receive an interest packet from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> to request a content item, the packet including the subscriber’s/interest packet’s access control label <i.e., security level> to access the content item. E.g., an object can have an access control label of level “.3” that may only be accessed by subscribers that submit an interest packet for the object with access ability label of “.3.1”, “.3.2”, etc.); 
determine compliance of the security level of the node with the interest packet security level (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> for a content item that includes the subscriber’s/interest packet’s access control label <i.e., security level> to access the content item. E.g., an object can have an access control ; and 
transmit, responsive to the compliance determination, the content item to the consumer node (§ 2.3.2 and 3.1 – if the subscriber node has the appropriate label, the named data object is returned to the subscriber node).
While Aiash teaches a system for validating a registration request based on received credentials (see, e.g., § 2.3.2 and 3.1), and publishing objects with a specific security level (Id.), Aiash appears to fail to specifically disclose wherein validation of the credentials includes verification of a security level and a category included in the credentials.
However, Scheidt teaches a similar system for authenticating a node to a content sharing system and providing access control of shared objects (see, e.g., [0010-011], [0048-050] – ability to write and read shared objects is based upon security level of the object/user), wherein validation of the credentials includes verification of a security level and a category included in the credentials (0048-050] – domain members have security levels, where the users authenticate to the system using their credentials. Based on the member’s login level, they may write objects to be shared that are based on their security level; [0040-042] and [0074] – credentials comprise categories and security levels).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Aiash with the teachings of Scheidt, wherein validation of the credentials includes verification of a security level and a category included in the credentials, so that content publishers may publish items with an appropriate security level to their credentials (see, e.g., Scheidt at [0050] with Aiash at § 2.3.2).

Regarding claim 9, Aiash teaches at least one non-transitory machine readable medium including instructions for information-centric network namespace policy-based content delivery (pg. that, when executed by at least one processor, cause the at least one processor to perform operations (pg. 1, “Introduction” – system is implemented using servers providing stored digital objects to other computing systems <i.e., comprises processors, memory, and computer instructions>) to: 
receive a registration request from a node on an information-centric network (ICN) (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node on the NetInf network; pg. 1, “Introduction” – NetInf is an Information Centric Network “ICN”); 
validate credentials of the node (2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials), wherein validation of the credentials includes verification of a security level and a category included in the credentials; 
register the node with the ICN based on results of the validation (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials and registers the publisher); 
register a set of content items associated with the node with the ICN (§ 2.3.2 and 3.1 – content items are published on the ICN by the publisher node,  wherein the content items have an object token comprising an access control label <i.e., security level>, e.g., an object can have an access control label of level “.3” that may only be accessed by subscribers with access abilities of “.3.1”, “.3.2”, etc.); 
receive an interest packet from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> to request a content item, the packet including the subscriber’s/interest packet’s access control ; 
determine compliance of the security level of the node with the interest packet security level (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> for a content item that includes the subscriber’s/interest packet’s access control label <i.e., security level> to access the content item. E.g., an object can have an access control label of level “.3” that may only be accessed by subscribers that submit an interest packet for the object with access ability label of “.3.1”, “.3.2”, etc.); and 
transmit, responsive to the compliance determination, the content item to the consumer node (§ 2.3.2 and 3.1 – if the subscriber node has the appropriate label, the named data object is returned to the subscriber node).  
While Aiash teaches a system for validating a registration request based on received credentials (see, e.g., § 2.3.2 and 3.1), and publishing objects with a specific security level (Id.), Aiash appears to fail to specifically disclose wherein validation of the credentials includes verification of a security level and a category included in the credentials.
However, Scheidt teaches a similar system for authenticating a node to a content sharing system and providing access control of shared objects (see, e.g., [0010-011], [0048-050] – ability to write and read shared objects is based upon security level of the object/user), wherein validation of the credentials includes verification of a security level and a category included in the credentials (0048-050] – domain members have security levels, where the users authenticate to the system using their credentials. Based on the member’s login level, they may write objects to be shared that are based on their security level; [0040-042] and [0074] – credentials comprise categories and security levels).
Aiash with the teachings of Scheidt, wherein validation of the credentials includes verification of a security level and a category included in the credentials, so that content publishers may publish items with an appropriate security level to their credentials (see, e.g., Scheidt at [0050] with Aiash at § 2.3.2).

Regarding claim 17, Aiash teaches a method for information-centric network namespace policy-based content delivery (pg. 1, “Introduction” – access control system for an information centric network delivering named data objects), the method comprising: 
receiving a registration request from a node on an information-centric network (ICN) (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node on the NetInf network; pg. 1, “Introduction” – NetInf is an Information Centric Network “ICN”); 
validating credentials of the node (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials); 
registering the node with the ICN based on results of the validation (§ 2.3-2.3.2 – a Name Resolution System “NRS” receives a registration request from a publisher node, during the registration of the publisher node the publisher node provides identification credentials. The NRS system authenticates/validates the identification credentials and registers the publisher); 
registering a set of content items associated with the node with the ICN (§ 2.3.2 and 3.1 – content items are published on the ICN by the publisher node,  wherein the content items have an object token comprising an access control label <i.e., security level>, e.g., an object can have an access ; 
receiving an interest packet from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> to request a content item, the packet including the subscriber’s/interest packet’s access control label <i.e., security level> to access the content item. E.g., an object can have an access control label of level “.3” that may only be accessed by subscribers that submit an interest packet for the object with access ability label of “.3.1”, “.3.2”, etc.); 
determining compliance of the security level of the node with the interest packet security level (§ 2.3.2 and 3.1 – a GET packet indicating interest <i.e., interest packet> is received from a subscriber node <i.e., consumer node> for a content item that includes the subscriber’s/interest packet’s access control label <i.e., security level> to access the content item. E.g., an object can have an access control label of level “.3” that may only be accessed by subscribers that submit an interest packet for the object with access ability label of “.3.1”, “.3.2”, etc.); and 
transmitting, responsive to the compliance determination, the content item to the consumer node (§ 2.3.2 and 3.1 – if the subscriber node has the appropriate label, the named data object is returned to the subscriber node).  
While Aiash teaches a system for validating a registration request based on received credentials (see, e.g., § 2.3.2 and 3.1), and publishing objects with a specific security level (Id.), Aiash appears to fail to specifically disclose wherein validation of the credentials includes verification of a security level and a category included in the credentials.
However, Scheidt teaches a similar system for authenticating a node to a content sharing system and providing access control of shared objects (see, e.g., [0010-011], [0048-050] – ability to write and wherein validation of the credentials includes verification of a security level and a category included in the credentials (0048-050] – domain members have security levels, where the users authenticate to the system using their credentials. Based on the member’s login level, they may write objects to be shared that are based on their security level; [0040-042] and [0074] – credentials comprise categories and security levels).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Aiash with the teachings of Scheidt, wherein validation of the credentials includes verification of a security level and a category included in the credentials, so that content publishers may publish items with an appropriate security level to their credentials (see, e.g., Scheidt at [0050] with Aiash at § 2.3.2).

Claim(s) 2-4, 10-12, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Aiash in view of Scheidt, further in view of Ghali et al. (NPL: “Interest-Based Access Control for Content-Centric Networks”, May 2015, Hereinafter “Ghali”).
Regarding claim 2, the combination of Aiash and Scheidt teach the system of claim 1. While the combination of Aiash and Scheidt further teach an access control system, comprising signing an interest packet using a public key of a subscriber (see, e.g., Aiash at § 3.1), the combination of Aiash and Scheidt appear to fail to specifically disclose the system using a group key and signatures. Particularly, the combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node.
Ghali teaches a similar system, wherein an information-centric network uses an access control system for accessing content based on group membership (see, e.g., pg. 1, “Introduction”), further comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key (§ 2 – consumers post an interest packet requesting content comprising a “Payload” field; § 6.1 and 6.3 – digital signature included in the interest packet’s “Payload” field, the digital signature generated using a group key. The group key is then received and verified.); 
identify that the node is a member of a group associated with the group key (§ 2 – consumers post an interest packet requesting content objects comprising a “Payload” field; § 6.1 and 6.3 – node identity and group identity included in the interest packet’s “payload”, the consumer’s group identity associated with a group key); 
validate a group signature included in the interest packet (§ 6.2 and 6.3 – signature in the payload of the interest packet is verified); and 
transmit, upon validation of the group signature, the content item to the consumer node (§ 6.2 and 6.3 – object is returned to the requestor if the group signature in the consumer’s interest packet is validated)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Ghali, comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).

Regarding claim 3, the combination of Aiash, Scheidt, and Ghali teach the system of claim 2, further comprising instructions that cause the at least one processor to: 
encapsulate the content item in a data packet (Ghali at § 2 – requested content is placed into a content packet to be forwarded to the consumer); 
sign the data packet with the group key (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2 – the digital signature included in the content package generated using the group key); and 
transmit the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2-6.3 – the digital signature included in the content package generated using the group key. The signature is validated and the item is accessed).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Ghali with the teachings of Ghali, comprising instructions that cause the at least one processor to: encapsulate the content item in a data packet; sign the data packet with the group key; and transmit the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).

Regarding claim 4, the combination of Aiash, Scheidt, and Ghali teach the system of claim 2, further comprising: instructions that cause the at least one processor to: determine that the node is not a member of the group associated with the group key (§ 6.1-6.3 – the consumer node must have ; and prevent transmission of the content item to the consumer node (§ 6.1-6.3 – the consumer node must have valid group identity information. If the group signature created using a group key is verified, the corresponding object is returned to the consumer <i.e., the object is not returned if the key is not verified>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Sheidt, and Ghali with the teachings of Ghali, comprising: instructions that cause the at least one processor to: determine that the node is not a member of the group associated with the group key; and prevent transmission of the content item to the consumer node, so that consumers without appropriate access control permissions may not access protected content (see, e.g., Aiash at § 6.1-6.2).

Regarding claim 10, the combination of Aiash and Scheidt teach the at least one non-transitory machine readable medium of claim 9. While the combination of Aiash and Scheidt further teach an access control system, comprising signing an interest packet using a public key of a subscriber (see, e.g., Aiash at § 3.1), the combination of Aiash and Scheidt appear to fail to specifically disclose the system using a group key and signatures. Particularly, the combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node.
However, Ghali teaches a similar system, wherein an information-centric network uses an access control system for accessing content based on group membership (see, e.g., pg. 1, “Introduction”), further comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key (§ 2 – consumers post an interest packet requesting content comprising a “Payload” field; § 6.1 and 6.3 – digital signature included in the interest packet’s “Payload” field, the digital signature generated using a group key. The group key is then received and verified.); 
identify that the node is a member of a group associated with the group key (§ 2 – consumers post an interest packet requesting content objects comprising a “Payload” field; § 6.1 and 6.3 – node identity and group identity included in the interest packet’s “payload”, the consumer’s group identity associated with a group key); 
validate a group signature included in the interest packet (§ 6.2 and 6.3 – signature in the payload of the interest packet is verified); and 
transmit, upon validation of the group signature, the content item to the consumer node (§ 6.2 and 6.3 – object is returned to the requestor if the group signature in the consumer’s interest packet is validated)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Ghali, comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).

Regarding claim 11, the combination of Aiash, Scheidt, and Ghali teach the at least one non-transitory machine readable medium of claim 10, further comprising instructions that cause the at least one processor to: encapsulate the content item in a data packet (Ghali at § 2 – requested content is placed into a content packet to be forwarded to the consumer); 
sign the data packet with the group key (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2 – the digital signature included in the content package generated using the group key); and 
transmit the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2-6.3 – the digital signature included in the content package generated using the group key. The signature is validated and the item is accessed).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Ghali with the teachings of Ghali, comprising instructions that cause the at least one processor to: encapsulate the content item in a data packet; sign the data packet with the group key; and transmit the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).

Regarding claim 12, the combination of Aiash, Scheidt, and Ghali teach The at least one non-transitory machine readable medium of claim 10, further comprising: instructions that cause the at least one processor to: determine that the node is not a member of the group associated with the group key (§ 6.1-6.3 – the consumer node must have valid group identity information. If the group signature created using a group key is verified, the corresponding object is returned to the consumer); and prevent transmission of the content item to the consumer node (§ 6.1-6.3 – the consumer node must have valid group identity information. If the group signature created using a group key is verified, .  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Sheidt, and Ghali with the teachings of Ghali, comprising: instructions that cause the at least one processor to: determine that the node is not a member of the group associated with the group key; and prevent transmission of the content item to the consumer node, so that consumers without appropriate access control permissions may not access protected content (see, e.g., Aiash at § 6.1-6.2).

Regarding claim 18, the combination of Aiash and Scheidt teach the method of claim 17. While the combination of Aiash and Scheidt further teach an access control system, comprising signing an interest packet using a public key of a subscriber (see, e.g., Aiash at § 3.1), the combination of Aiash and Scheidt appear to fail to specifically disclose the system using a group key and signatures. Particularly, the combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node.
However, Ghali teaches a similar system, wherein an information-centric network uses an access control system for accessing content based on group membership (see, e.g., pg. 1, “Introduction”), further comprising instructions that cause the at least one processor to: determining that the interest packet has been signed with a group key (§ 2 – consumers post an interest packet requesting content comprising a “Payload” field; § 6.1 and 6.3 – digital signature included in the interest packet’s “Payload” field, the digital signature generated using a group key. The group key is then received and verified.); 
identifying that the node is a member of a group associated with the group key (§ 2 – consumers post an interest packet requesting content objects comprising a “Payload” field; § 6.1 and 6.3 – node identity and group identity included in the interest packet’s “payload”, the consumer’s group identity associated with a group key); 
validating a group signature included in the interest packet (§ 6.2 and 6.3 – signature in the payload of the interest packet is verified); and 
transmitting, upon validation of the group signature, the content item to the consumer node (§ 6.2 and 6.3 – object is returned to the requestor if the group signature in the consumer’s interest packet is validated)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Ghali, comprising instructions that cause the at least one processor to: determine that the interest packet has been signed with a group key; identify that the node is a member of a group associated with the group key; validate a group signature included in the interest packet; and transmit, upon validation of the group signature, the content item to the consumer node, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).
  
Regarding claim 19, the combination of Aiash, Scheidt, and Ghali teach tyhe method of claim 18, further comprising: encapsulating the content item in a data packet (Ghali at § 2 – requested content is placed into a content packet to be forwarded to the consumer); signing the data packet using the group key (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2 – the digital signature included in the content package generated using the group key); and transmitting the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet (Ghali at § 2 – requested content is placed into a signed content packet to be forwarded to the consumer. The signature subsequently validated by the consumer node. § 6.2-6.3 – the digital signature included in the content package generated using the group key. The signature is validated and the item is accessed).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Ghali with the teachings of Ghali, comprising instructions that cause the at least one processor to: encapsulate the content item in a data packet; sign the data packet with the group key; and transmit the data packet to the consumer node, wherein a group signature included in the data packet is used by the consumer node to validate the authenticity of the data packet, so content policies may be provide access to multiple access groups or be unique for a single customer (see, e.g., Ghali at  § 5.1 and  § 6.2).

Regarding claim 20, the combination of Aiash, Scheidt, and Ghali teach the method of claim 18, further comprising: determining that the node is not a member of the group associated with the group key (§ 6.1-6.3 – the consumer node must have valid group identity information. If the group signature created using a group key is verified, the corresponding object is returned to the consumer); and preventing transmission of the content item to the consumer node (§ 6.1-6.3 – the consumer node must have valid group identity information. If the group signature created using a group key is verified, the corresponding object is returned to the consumer <i.e., the object is not returned if the key is not verified>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Sheidt, and Ghali with the teachings of Ghali, comprising: instructions that cause the at least one processor to: determine that the node is not a member of the group associated with the group key; and prevent transmission of the content item to Aiash at § 6.1-6.2).

Claims 5-7, 13-15, and 21-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Aiash in view of Scheidt, further in view of Lou et al. (NPL: “A Blockchain-based key Management Scheme for Named Data Networking”, August 2018, Hereinafter “Lou”).
Regarding claim 5, the combination of Aiash and Scheidt teach the system of claim 1. The combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN; validate a key status for a key associated with the consumer node; and transmit the content to the consumer node based upon the validation of the key status.  
However, Lou teaches a blockchain-based key management scheme for an information centric network (see abstract), comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN (§ III., B. and C. – the blockchain in the NDN stores a key status for users <i.e., nodes>; § I., “Introduction” – NDN is an information-centric network); 
validate a key status for a key associated with the consumer node (§ III., D. and E. – the key status is validated for the user; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); and 
transmit the content to the consumer node based upon the validation of the key status (§ III., D. and E. – the key status is validated for the user requesting content from the content store; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>, and is provided with the content when valid).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Lou, Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 6, the combination of Aiash, Scheidt, and Lou teach the system of claim 5, further comprising instructions that cause the at least one processor to: receive a key status update from the consumer node for the key (Lou at § III., E. – the blockchain receives a status update from the user indicating revocation of the key <i.e., receives key status update>; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); validate the key status update (Lou at § III., C. and E. – the trust domain administrator that receives the status update judges validity of the user request, which then signs the requested transaction); cache the key status update in a local key status cache of the node (Lou at § III., E. – blockchain revocation update is proposed; § III., C the routing system stores the user update in the cache of the trust domain administrator, and packages it to be stored in the blockchain); and synchronize the key status update to other nodes of the ICN (Lou at § III., C. and E. – the status update, e.g., revocation update, is received from the user and validated by the user, the blockchain update is then synchronized with the other nodes on the NDN <i.e., on an ICN>). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: receive a key status update from the consumer node for the key; validate the key status update; cache the key status update in a local key status cache of the node; and synchronize the key status update to other nodes of the ICN, to Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 7, the combination of Aiash, Scheidt, and Lou teach the system of claim 6, wherein the instructions to synchronize the key status update further comprises instructions that cause the at least one processor to: transmit the key status update to miner nodes on the ICN (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>); transmit the key status update from the miner nodes to respective key status update subscribers of the miner nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. – all users of the NDN <i.e., an ICN> then may verify/retrieve the user’s data key; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>); and transmit the key status update from router nodes to respective key status update subscribers of the router nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: transmit the key status update to miner nodes on the ICN; transmit the key status update from the miner nodes to respective key status update subscribers of the miner nodes; and transmit the key status update from router nodes to respective key status update subscribers of the router nodes, to permit a revocation system for users where keys change their status, and reduce the used number of signatures and keys needed to verify with other users (see, e.g., Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 13, the combination of Aiash and Scheidt teach the at least one non-transitory machine readable medium of claim 9. The combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN; validate a key status for a key associated with the consumer node; and transmit the content to the consumer node based upon the validation of the key status.  
However, Lou teaches a blockchain-based key management scheme for an information centric network (see abstract), comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN (§ III., B. and C. – the blockchain in the NDN stores a key status for users <i.e., nodes>; § I., “Introduction” – NDN is an information-centric network); 
validate a key status for a key associated with the consumer node (§ III., D. and E. – the key status is validated for the user; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); and 
transmit the content to the consumer node based upon the validation of the key status (§ III., D. and E. – the key status is validated for the user requesting content from the content store; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>, and is provided with the content when valid).  
Aiash and Scheidt with the teachings of Lou, comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN; validate a key status for a key associated with the consumer node; and transmit the content to the consumer node based upon the validation of the key status, to permit a revocation system for users, and reduce the used number of signatures and keys (see, e.g., Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 14, the combination of Aiash, Scheidt, and Lou teach the at least one non-transitory machine readable medium of claim 13, further comprising instructions that cause the at least one processor to: receive a key status update from the consumer node for the key (Lou at § III., E. – the blockchain receives a status update from the user indicating revocation of the key <i.e., receives key status update>; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); validate the key status update (Lou at § III., C. and E. – the trust domain administrator that receives the status update judges validity of the user request, which then signs the requested transaction); cache the key status update in a local key status cache of the node (Lou at § III., E. – blockchain revocation update is proposed; § III., C the routing system stores the user update in the cache of the trust domain administrator, and packages it to be stored in the blockchain); and synchronize the key status update to other nodes of the ICN (Lou at § III., C. and E. – the status update, e.g., revocation update, is received from the user and validated by the user, the blockchain update is then synchronized with the other nodes on the NDN <i.e., on an ICN>). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: receive a key status update from Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 15, the combination of Aiash, Scheidt, and Lou teach the at least one non-transitory machine readable medium of claim 14, wherein the instructions to synchronize the key status update further comprises instructions that cause the at least one processor to: transmit the key status update to miner nodes on the ICN (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>); transmit the key status update from the miner nodes to respective key status update subscribers of the miner nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. – all users of the NDN <i.e., an ICN> then may verify/retrieve the user’s data key; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>); and transmit the key status update from router nodes to respective key status update subscribers of the router nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>).  
Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: transmit the key status update to miner nodes on the ICN; transmit the key status update from the miner nodes to respective key status update subscribers of the miner nodes; and transmit the key status update from router nodes to respective key status update subscribers of the router nodes, to permit a revocation system for users where keys change their status, and reduce the used number of signatures and keys needed to verify with other users (see, e.g., Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 21, the combination of Aiash and Scheidt teach the method of claim 17. The combination of Aiash and Scheidt appear to fail to specifically disclose further comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN; validate a key status for a key associated with the consumer node; and transmit the content to the consumer node based upon the validation of the key status. 
However, Lou teaches a blockchain-based key management scheme for an information centric network (see abstract), further comprising: maintaining a key status blockchain for nodes on the ICN (§ III., B. and C. – the blockchain in the NDN stores a key status for users <i.e., nodes>; § I., “Introduction” – NDN is an information-centric network); validating a key status for a key associated with the consumer node (§ III., D. and E. – the key status is validated for the user; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); and transmitting the content to the consumer node based upon the validation of the key status (§ III., D. and E. – the key status is validated for the user requesting content from the content store; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>, and is provided with the content when valid).  
Aiash and Scheidt with the teachings of Lou, comprising instructions that cause the at least one processor to: maintain a key status blockchain for nodes on the ICN; validate a key status for a key associated with the consumer node; and transmit the content to the consumer node based upon the validation of the key status, to permit a revocation system for users, and reduce the used number of signatures and keys (see, e.g., Lou at § III., E.  and § VI., “Conclusion”).
 
Regarding claim 22, the combination of Aiash, Scheidt, and Lou teach the method of claim 21, further comprising: receiving a key status update from the consumer node for the key (Lou at § III., E. – the blockchain receives a status update from the user indicating revocation of the key <i.e., receives key status update>; § II., A. – user system send interest packets requesting content to the blockchain <i.e., user system is a consumer node>); validating the key status update (Lou at § III., C. and E. – the trust domain administrator that receives the status update judges validity of the user request, which then signs the requested transaction); caching the key status update in a local key status cache of the node (Lou at § III., E. – blockchain revocation update is proposed; § III., C the routing system stores the user update in the cache of the trust domain administrator, and packages it to be stored in the blockchain); and synchronizing the key status update to other nodes of the ICN (Lou at § III., C. and E. – the status update, e.g., revocation update, is received from the user and validated by the user, the blockchain update is then synchronized with the other nodes on the NDN <i.e., on an ICN>). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: receive a key status update from the consumer node for the key; validate the key status update; cache the key status update in a local Lou at § III., E.  and § VI., “Conclusion”).

Regarding claim 23, the combination of Aiash, Scheidt, and Lou teach the method of claim 22, wherein synchronizing the key status update further comprises: transmitting the key status update to miner nodes on the ICN (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>); transmitting the key status update from the miner nodes to respective key status update subscribers of the miner nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. – all users of the NDN <i.e., an ICN> then may verify/retrieve the user’s data key; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>); and transmitting the key status update from router nodes to respective key status update subscribers of the router nodes (Lou at § III., C. and E. – the trust domain administrator receives a status update from the user indicating revocation of the key <i.e., receives key status update>, the change to the blockchain is transmitted to consensus nodes on the ICN and recorded as part of the blockchain <i.e., received by miner nodes>; Lou at § III., A. and Fig. 1 – consensus nodes of the blockchain are site nodes on the ICN, which route the keys to the site’s user device <i.e., subscriber>). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Aiash, Scheidt, and Lou with the teachings of Lou, comprising instructions that cause the at least one processor to: transmit the key status update to miner nodes on the ICN; transmit the key status update from the miner nodes to respective key status update subscribers of the miner nodes; and transmit the key status update from router nodes to respective key status update subscribers of the router nodes, to permit a revocation system for users where keys change their status, and reduce the used number of signatures and keys needed to verify with other users (see, e.g., Lou at § III., E.  and § VI., “Conclusion”).

Claim(s) 8, 16, and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Aiash in view of Scheidt, further in view of Smeets et al. (US20140196127, Hereinafter “Smeets”).
Regarding claim 8, the combination of Aiash and Scheidt teach the system of claim 1, further comprising instructions that cause the at least one processor to: generate a data packet including the content item (Aiash at § 3.1 – a data packet is generated comprising the requested named data object <i.e., content item>); wherein transmission of the content item to the consumer node includes transmission of the data packet to the consumer node (Aiash at § 3.1 – a data packet is generated comprising the requested named data object <i.e., content item>, the data packet is then transmitted to the subscriber node to access the named data object). While the combination of Aiash and Scheidt further teaches the publishers and subscribers identifying themselves (see, e.g., Aiash at § 2.3), the combination of Aiash and Scheidt appear to fail to specifically teach the processors configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet; and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce, and the content item.
However, Smeets teaches a similar system comprising an access control system for a consumer of a service (see abstract), comprising a processor configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet ([0053] and [0064-065] – a ; and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce ([0060-061] – the access control system then responds with an answer comprising the authentication vector <which comprises a nonce, see [0058]> and the proof answer comprising TPM signatures of the attestation request.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Smeets, to be configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet; and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce, and the content item, to provide a high level of security to the access control by ensuring party authenticity (see, e.g., Smeets at [0064]).

Regarding claim 16, the combination of Aiash and Scheidt teach the at least one non-transitory machine readable medium of claim 9, further comprising instructions that cause the at least one processor to: generate a data packet including the content item (Aiash at § 3.1 – a data packet is generated comprising the requested named data object <i.e., content item>); wherein transmission of the content item to the consumer node includes transmission of the data packet to the consumer node (Aiash at § 3.1 – a data packet is generated comprising the requested named data object <i.e., content item>, the data packet is then transmitted to the subscriber node to access the named data object). While the combination of Aiash and Scheidt further teaches the publishers and subscribers identifying themselves (see, e.g., Aiash at § 2.3), the combination of Aiash and Scheidt appear to fail to 
However, Smeets teaches a similar system comprising an access control system for a consumer of a service (see abstract), comprising a processor configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet ([0053] and [0064-065] – a trusted platform module <i.e., trusted execution environment> implements TCG technology for remote attestation; [0057-059] – an access request <i.e., operates similar to an interest packet> is received at the access control system comprising a nonce and proof request. The proof request asserts the types of proof that is asserted by the requesting entity <i.e., attestation based claims>); and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce ([0060-061] – the access control system then responds with an answer comprising the authentication vector <which comprises a nonce, see [0058]> and the proof answer comprising TPM signatures of the attestation request.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Smeets, to be configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet; and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce, and the content item, to provide a high level of security to the access control by ensuring authenticity of the party (see, e.g., Smeets at [0064]).

Regarding claim 24, the combination of Aiash and Scheidt teach the method of claim 17, further comprising: generating a data packet including the content item (Aiash at § 3.1 – a data packet is ; wherein transmission of the content item to the consumer node includes transmission of the data packet to the consumer node (Aiash at § 3.1 – a data packet is generated comprising the requested named data object <i.e., content item>, the data packet is then transmitted to the subscriber node to access the named data object). While the combination of Aiash and Scheidt further teaches the publishers and subscribers identifying themselves (see, e.g., Aiash at § 2.3), the combination of Aiash and Scheidt appear to fail to specifically teach the processors configured to identify a set of trusted execution environment-based attestation claims and a nonce in the interest packet; and generate a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce, and the content item.
However, Smeets teaches a similar system comprising an access control system for a consumer of a service (see abstract), comprising a processor configured to identifying a set of trusted execution environment-based attestation claims and a nonce in the interest packet ([0053] and [0064-065] – a trusted platform module <i.e., trusted execution environment> implements TCG technology for remote attestation; [0057-059] – an access request <i.e., operates similar to an interest packet> is received at the access control system comprising a nonce and proof request. The proof request asserts the types of proof that is asserted by the requesting entity <i.e., attestation based claims>); and generating a data packet including a proof based on the set of trusted execution environment-based attestation claims, the nonce ([0060-061] – the access control system then responds with an answer comprising the authentication vector <which comprises a nonce, see [0058]> and the proof answer comprising TPM signatures of the attestation request.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Aiash and Scheidt with the teachings of Smeets, to be configured to identify a set of trusted execution environment-based attestation claims and a nonce in Smeets at [0064]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Wang et al. (NPL: “Session-based Access Control in Information-Centric Networks: Design and Analyses”; January 2015) teaches a system for registering a node in an ICN, publishing data objects on the ICN, receiving an interest packet request for content, and returning the content to the requestor according to access control parameters (see, e.g., Wang at abstract and § IV. “Design of SAC”). Tourani et al. (NPL: “Security, Privacy, and Access Control in Information-Centric Networking: A Survey”, September 2015) teaches a plurality of access control systems usable for information-centric networks, including encryption based access control, attribute-based access control, identity-based access control, and PKI-based access control (see, e.g., Tourani at abstract and § 4).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438