Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.  Claims 1, 8 and 15 are amended.  Claim 21 is canceled.  Claim 20 is previously canceled.  Claim 22 is added.  Claims 1-19 and 22 are pending.

Response to Arguments
2.	Applicant's arguments with respect to amended claim filed on 11/9/2021 with respect to claim rejection under 35 U.S.C. 103 have been fully considered but they are not persuasive. 
	In remarks, Applicant argues:
	With respect to Claim 1
	Applicant argues:
 	Claim 1 recites in part: “receiving, by a controller, over a first second control channel, key parameters generated by a first node…maintaining, by the controller, the key parameters for the first node…receiving, by the controller, a request from a second node for the key parameters of the first node…transmitting, by the controller over a second secure control channel, the key parameters of the first node to the second node”.  The art of record does not teach or suggest at least these limitations.  
 	
Applicant further argues:
 	The cited prior art, Gooding, “recites clients from security associations with each other and with CCS and do not allow any network traffic that does not come through a valid security association.  This limits the possible entry points for a cyber-attack” Gooding at [0139].  The CCS, according to Table )-33 of Gooding, is “Common Cybersecurity Service{s}.”  As such, there is no communication with a controller and moreover there is not teaching or suggestion that key parameters are sent between different nodes and the controller.  Moreover, the security association appears to be either “access control lists” or using keys to create the security association (which can then be used or suggest “secure control channels”  Further, using keys to create the security association to then transfer data (the key parameters) completely discredits the use of Gooding to transfer the key parameters over a secure control channel (that had to be previously established before the key parameters wsere sent on the secure control channel).  That is, in order to use the key parameters to create a security association, the key 

	Applicant further argues that the cited prior art, Grunwal, fails to teach the similar claimed limitation between the buffering proxy for telnet access, Specifically, has a telnet server that can authenticate a user trying to connect with telnet from the database of credentials.  


	Examiner respectfully disagrees.
 	In Specification, Applicant describes:

	0033] Block 200: where the node N(i) establishes a Control Channel with the controller 102. In one embodiment the Control Channel may be established using a protocol such as SSL. One advantage of using SSL to establish the control channel 112 is that SSL is a relatively lightweight protocol compared to say IKE. Once established the Control Channel is persistent over time or always available;

 	0061] An exemplary construction of a node 700 of the network topology 100 will now be described by reference to FIG. 7, which shows an exemplary client node 700 according to an embodiment of the present invention. The node 700 comprises a memory 702, a control block 704 and an interface 706. The memory 702, which stores encryption keys, may be a volatile memory, or may alternatively be a non-volatile memory, or persistent memory, that can be electrically erased and reprogrammed and that may be implemented, for example, as a flash memory or as a data storage module. The memory 702 could further represent a plurality of memory modules comprising volatile and/or non-volatile modules. The controller 704 may be any commercially available, general-purpose processor, or may be specifically designed for operation in the node 700. The controller 704 may be operable to execute processes related to the present invention described above in addition to numerous other processes. The controller 704 may also comprise an array of processors and/or controllers. The interface 706 communicates with other nodes of network topology 100. It may be implemented as one single device or as distinct devices for receiving and sending signaling, messages and data. The node 700 may comprise, in various embodiments, various types of devices such as, for example, a satellite TV decoder, a cable TV decoder, a personal computer, a gaming device, a router, and the like. Therefore the interface 706 may comprise a plurality of devices for connecting on links of different types. Only one generic interface 706 is illustrated for ease of presentation of the present invention.
	

	Therefore, the control channel may be established using different security protocols and the controller as describes may be any commercial available, general-purpose processor used to establish data communication channels.  

	The cited prior art, Granwald, mentions the use of a proxy resides in a network connection between a client and server (node 1 and node 1) and implementing a single or multi-protocol buffering proxy.  The proxy taught by Granwald teaches using single or different protocols between the client and the server.  Thus, meets the amended feature of the controller communicate with the second node using a second secure channels.

	Thus, Examiner respectfully disagree that the cited prior art fails to meet the claimed limitation as recited in claim 1.  

Claim Rejections - 35 USC § 103
3.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
 	A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
 	Claims 1-19 and 22 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Tanizawa (U.S. Patent Application Publication No. 2013/0251154, hereinafter Tanizawa) in view of Grunwald et al. (U.S. Patent Application Publication No. 2006/0155721, hereinafter .
 	With respect to claims 1, 8 and 15, Tanizawa discloses a method, system and non-transitory computer readable medium comprising:
 	 receiving, by a controller, key parameters generated by a first node; maintaining, by the controller, the key parameters for the first node; receiving, by the controller, a request from a second node for the key parameters of the first node (e.g. Tanizawa, paragraph 0003, “...Each node has a function of generating and sharing a random number with an opposing node connected through the link); 
 	Tanizawa discloses an intermediary node connecting the link between the first node and connecting the node between the second nodes (e.g. Fig. 1, 100b) 	
 	Tanizawa does not explicitly disclose the intermediary node receive and transmit the key from the first node to the second node, transmitting, by the controller over a second secure control channel.  However, Granwald mentions an authentication proxy server or key distribution server or any other mechanism that can validate user credentials and maintain a database of valid credentials for user access rights and using single or different protocols (e.g. Granwald, paragraphs 0046 and 0081).
 	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tanizawa’s intermedia node to serves as a proxy node, either the same or different protocols between the key sharing of two nodes to ensure the key is properly shared to the proper node  (Granwald, paragraphs 0046 and 0081).   

 	However, Gooding discloses the need of rekeying of expiring of SA (e.g. Goodling, paragraph 0376).  
 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Goodling’s rekeying at expiration of SA with Tanizawa’s teaching of key generating node that exchange and received key from another node.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Gooding and Tanizawa by frequent updating keys to enhance key security.

 	With respect to claim 2, Tanizawa, Grunwald and Gooding disclose the method of claim 1, further comprising: in response to receiving the key parameters of the first node, establishing a data channel, by the second node, with the first node (e.g. Tanizawa, Fig. 1, 300a and 300b).

 	With respect to claim 3, Tanizawa, Grunwald and Gooding disclose the method of claim 2, further comprising: transmitting, by the second node, data encrypted with the current key (e.g. Fig. 1, encrypt communication using link key).



 	With respect to claim 5, Tanizawa, Grunwald and Gooding disclose the method of claim 4, further comprising: transmitting, by the second node, data encrypted with the encryption by new key (e.g. Tanizawa, Fig. 1; Goodling, paragraph 0376).

 	With respect to claim 6, Tanizawa, Grunwald and Gooding do not explicitly disclose the method of claim 5, further comprising: in response to determining the data was encrypted with the new key, recording that the second node has the new key; and in response to determining the second node and additional nodes have previously received the key parameters and have been recorded as receiving the new key, invaliding the current key.
 	However, updating and record keeping of key distribution is well-known practice in any transaction operation to ensure proper key distribution and record keeping and to ensure successful encryption/decryption process.

 	With respect to claim 7, Tanizawa, Grunwald and Gooding  disclose the method of claim 1, further comprising: determining, by a key timer at the controller, that the current key is invalid (e.g. Goodling, paragraph 0376, rekeying at expiration encompasses the step of verifying expiration of old key).



 	With respect to claim 9, Tanizawa, Grunwald and Gooding disclose the system of claim 9, wherein the second node transmits data encrypted with current key (e.g. Tanizawa, Fig. 1,  300a and 300b).

 	With respect to claim 10, Tanizawa, Grunwald and Gooding disclose the system of claim 9, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: transmit, to the second node, updated key parameters including the new key (e.g. Tanizawa, Fig. 1, 300a and 300b; Gooding, paragraph 0376).

 	With respect to claim 11, Tanizawa, Grunwald and Gooding disclose the system of claim 11, wherein the second node transmits data encrypted with the new key (e.g. Tanizawa, Fig. 1, 300a and 300b; Goodling, paragraph 0376).  

 	With respect to claim 12, Tanizawa, Grunwald and Gooding do not explicitly mention the system of claim 12, wherein the first node records that the second node has the new key in response to determining the data was encrypted with the new key, and the first node invalidates the current key in response to determining the second node and additional nodes have previously received the key parameters and have been recorded as receiving the new key.


 	With respect to claim 13, Tanizawa, Grunwald and Gooding disclose the system of claim 13, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determine, by a key timer, that the current key is invalid (e.g. Gooding, paragraph 0376, rekeying after expiration of key encompasses the step of invalidating old key).

 	With respect to claim 14, Tanizawa, Grunwald and Gooding disclose the at least one non-transitory computer-readable medium of claim 15, wherein in response to receiving the key parameters of the first node, the second node establishes a data channel with the first node (e.g. Tanizawa, Fig. 1, 300a and 300b).

 	With respect to claim 15, Tanizawa, Grunwald and Goodling disclose the at least one non-transitory computer-readable medium of claim 16, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: transmit, to the second node, updated key parameters including the new key (e.g. Tanizawa, Fig. 1, 300a and 300b; Goodling, paragraph 0376).  



 	With respect to claim 17,  Tanizawa, Grunwald and Gooding  do not explicitly mention the at least one non-transitory computer-readable medium of claim 18, wherein the first node records that the second node has the new key in response to determining the data was encrypted with the new key, and the first node invalidates the current key in response to determining the second node and additional nodes have previously received the updated key parameters and have been recorded as receiving the new key.
 	However, updating, invalidating and record keeping of key is well-known practice in any transaction operation to ensure proper key distribution and record keeping and to ensure successful encryption/decryption process.

 	With respect to claim 18, Tanizawa, Grunwald and Gooding  disclose the at least one non-transitory computer-readable medium of claim 19, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determine, by a key timer, that the current key is invalid (e.g. Gooding, paragraph 0376, rekeying after expiration of key encompasses the step of invalidating old key).


However, updating, invalidating and record keeping of key is well-known practice in any transaction operation to ensure proper key distribution and record keeping and to ensure successful encryption/decryption process.

 	With respect to claim 22,  Tanizawa, Grunwald and Gooding disclose the method of claim 1, but does not explicitly mention wherein the rekey message is generated by a rekey timer.  However, periodically determine rekey schedule using a timer is old and well-known in the art.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to determine a rekey schedule based on a timer as a matter of design choice.

Conclusion
 4.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of 
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843.  The examiner can normally be reached on 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-


/TONGOC TRAN/Primary Examiner, Art Unit 2434