DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 11/03/2021.
Claims 1, 8-9 and 16 have been amended.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment, filed on November 03, 2021, has claims 1, 8-9 and 16 amended, and all other claims previously presented. Among the amended claims, claims 1, 9 and 16 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on November 03, 2021 at page 9, asserts, “In the Action, the Office objects to claim 8, as allegedly containing a typographical error. As shown above, Applicant herein amends claim 8, thus obviating the grounds for the objection.”

Applicant’s remark, filed on November 03, 2021 at page 9, indicates, “it can be seen that Coyle does not teach at least "prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol, sending, by a first switch of a first electronic device to a second switch of a second electronic device, first data that indicates capability of the first switch with respect to a media access control (MAC) security (MACSec) protocol" and "prior to generating or receiving the CAK and the CKN, and using the discovery protocol, receiving, by the first switch from the second switch, second data that indicates capability of the second switch with respect to the MACSec protocol," as recited in amended claim 1. For at least the reasons presented herein, the combination of Chimakurthy, Coyle and DU does not teach or suggest all of the features of claim 1. Accordingly, Applicant respectfully requests that the Office withdraw the § 103 rejection of claim 1.”
Applicant’s argument presented above has been considered and is found persuasive due to Applicant’s amendment necessitates a new ground of rejection.
Accordingly, a new ground of rejection based on newly identified prior-art by Mohamed et al. (US 2015/0207793) has been applied to the amendment.
Specifically, Mohamed discloses a method where a discovery message may be used to communicate information related to one or more attributes of a feature i.e., TLV/MacSec capability) of a network device. A network device receiving the discovery message may parse the message for the information related to the one or more attributes of a neighbor network device. Based on the information related to one or more attributes from the discovery message, the network device may enable or disable a feature. (See Parag. [0014]). In addition, Mohamed discloses, the attributes may relate to one or more features of the port of the network device. For example, features of the network device may include IEEE 802.1AE defining the IEEE Media Access Control (MAC) Security standard (MACsec), 802.1X defining the Extensible Authentication Protocol (EAP) over IEEE 802, MACsec Key Agreement (MKA), etc. Attributes related to the feature may include, for example, capability of the network device enabling the feature, state of enablement of the feature on the network device, etc. Information related to the attributes may be information indicating the state of the attribute with respect to the network device, for example, that the network device is capable of enabling a feature. (See Parag. [0020]. Finally, Mohamed disclose discovery messages may be generated in accordance with link layer discovery protocol (LLDP), Cisco Discover Protocol (CDP), Extreme Networks Discovery Protocol (ENDP), etc. It may be appreciated that a discovery protocol that is extendable to permit configuration to include information related to attributes as discussed herein may be utilized. Examples as discussed herein are discussed with respect to LLDP (See Parag. [0024]); After a successful authentication, both switches perform a MACsec Key Agreement (MKA) negotiation between network to obtain symmetric keys used for MACsec encryption of their secure channel through pass through device (See Parag. [0061]).
Thus, Examiner submits that Mohamed teaches the amended feature limitation, “… prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol, sending, by a first switch of a first electronic device to a second witch of a second electronic device, first data that indicates capability of the first switch with respect to a media access control (MAC) security (MACSec) protocol; ”  and the amended feature limitation, “… prior to generating or receiving the CAK and the CKN, and using the discovery protocol, receiving, by the first switch from the second switch, second data that indicates capability of the second switch with respect to the MACSec protocol”.
The new combination of Chimakurthy, Mohamed and Du discloses teaches claim 1 as well as other pending independent claims.  Please refer to the prior-art rejection below for details.
Applicant’s remarks regarding amended independent claims 9 and 16 has been considered and is addressed based on the same rationale presented for the amended claim 1.
Applicant further recites similar remarks as listed above for dependent claims, 2-8, 10-15 and 17-20. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Chimakurthy, Mohamed and Du would render the claimed limitations obvious. In addition, Examiner submits that claims 4-16 the newly applied combination and Sankaran 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6, 9-11 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 10,686,595) hereinafter Chimakurthy in view of Mohamed et al. (US 2015/0207793) hereinafter Mohamed and in further view of Du et al. (US 2018/0145905) hereinafter Du.
As per claim 1, Chimakurthy teaches a method comprising: 
[prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol, sending, by a first switch of a first electronic device to a second witch of a second electronic device, first data that indicates capability of the first switch with respect to a media access control (MAC) security (MACSec) protocol]; 
[prior to generating or receiving the CAK and the CKN, and using the discovery protocol, receiving, by the first switch from the second switch, second data that indicates capability of the second switch with respect to the MACSec protocol]; 
[initiating, by the first switch, mutual authentication between the first switch and the second switch]; 
Chimakurthy, Col. 3, lines 15-18; “The MKA protocol allows peer discovery with confirmation of mutual authentication and sharing of MACsec secret keys to protect data exchanged by the peers.” … Col. 6, lines 34-37; “establishing a MACsec session may include initiating, by first MACsec capable device 104, the MACsec key agreement protocol with second MACsec capable device 106.”); 
[establishing the secure connection between the first switch and the second switch]; 
receiving, by the first switch from the second switch via the secure connection, a request for the CAK and the CKN (Chimakurthy, Col. 5, lines 54-65; “In response to authentication of second MACsec device by authentication engine, generation engine may generate a random Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. In an example, this may include comparing the MAC address of first MACsec capable device 104 with the MAC address of second MACsec capable device 106. In response to a determination that the MAC address of first MACsec capable device 104 is lower than the MAC address of second MACsec capable device 106, first MACsec capable device 104 may be elected as a key server, which may then generate the CAK, the CKN, and the nonce.” Examiner submits when authentication process finished there is a comparison of MAC addresses that will determine who will be the key provider and the key supplicant; in this case device 104 is the provider and device 106 is the supplicant.  Device 106 must ask (request) for the keys.); 
generating, by the first switch, the CAK and the CKN (Chimakurthy, Col. 2, lines 20-23; “The first MACsec capable device may generate a Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce.”); 
sending, by the first switch to the second switch via the secure connection, the CAK and the CKN (Chimakurthy, Col. 2, lines 26-32; “The first MACsec capable device may send the encrypted packet to the second MACsec capable device. The encrypted packet may be useable by the second MACsec capable device to configure the CAK and the CKN on the second MACsec capable device by decrypting the encrypted packet using a private key corresponding public key of the second MACsec capable device.”); and Lee &Hayes2 of 15c237-0065US 
Serial No. 16/742,627based at least in part on the CAK and the CKN, establishing a MACSec session between the first switch and the second switch in accordance with the MACSec protocol (Chimakurthy, Col. 1, lines 51-57; “The identification of MACsec participants in a network may be determined by a set of keys: Connectivity Association Key (CAK) and Connectivity Association Name (CKN). These keys are used by the MACsec Key agreement protocol for establishing a MACsec session (s). In order for two MACsec capable devices to communicate, the same CAK and CKN keys must be configured on both devices.”).
Chimakurthy, Col.1, lines 51-56; “The identification of MACsec participants in a network may be determined by a set of keys: Connectivity Association Key (CAK) and Connectivity Association Name (CKN). These keys are used by the MACsec Key agreement protocol for establishing a MACsec session (s).” … Col. 2, lines 20-23; “The first MACsec capable device may generate a Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce.”).
Chimakurthy does not expressly teach:
prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol, sending, by a first switch of a first electronic device to a second witch of a second electronic device, first data that indicates capability of the first switch with respect to a media access control (MAC) security (MACSec) protocol;
prior to generating or receiving the CAK and the CKN, and using the discovery protocol, receiving, by the first switch from the second switch, second data that indicates capability of the second switch with respect to the MACSec protocol;
 initiating, by the first switch, mutual authentication between the first switch and the second switch;
establishing the secure connection between the first switch and the second switch.;
But, Mohamed teaches:
Mohamed, Parag. [0030-0035]; “FIG. 2 depicts an example structure of a discovery message 202 using LLDP. As shown in FIG. 2, discovery message 202 includes a plurality of fields related to the port of the network device, the discovery message 202 configured in accordance with LLDP. In addition, discovery message 202 includes attributes 204. Attributes 204 may be implemented as a plurality of fields including information related to attributes of one or more features of the port of the network device 100 In the example depicted in FIG. 2, attributes 204 includes type-length-value field 205 indicating custom fields outside the standard LLDP fields; type-length-value field 207 indicating length of the custom fields;  organizationally unique identifier field 209;  organizationally defined subtype field 211;  MACsec capability field 206, and is populated with an indication that the port of the network device 100 is capable of the MACsec feature” … Parag. [0049 – 0050]; “As shown in FIG. 4, a discovery message may be generated 402. The discovery message may include information relating to one or more attributes of the port of the network device sending the discovery message. For example, if the port of the network device has the capability to enable 802.1X, when generating a discovery message, attributes related to the 8021 X feature may be included in the generated message. These attributes may include whether the port is capable of enabling 802.1X, the state of enablement of 802. 1X, etc. 0050. The network device may transmit the generated discovery message to one or more neighbor network devices 404.” …. Parag. [0061]; “Once the pass through feature is enabled at network device 502, network devices 500 and 504 may conduct 802. 1X authentication to validate that the network devices 500 and 504 have valid credentials and/or is allowed to communicate. After a successful authentication, 802.1X can also be used to perform a MACsec Key Agreement (MKA) negotiation between network device 500 and 504 to obtain symmetric keys used for MACsec encryption of their secure channel through pass through device 502.” Examiner submits that Mohamed teaches the discovering process under the discovery protocol using the LLDP.  Mohamed further teaches that the MACsec Key Agreement (MKA) negotiation (i.e., the operation of generating/receiving the CAK and CKN, as disclosed by Chimakurthy above in details) follows after the discovery and authentication. Thus, Mohammed teaches the discovering process of the device capability before generating the CAK and CKN keys by teaching that the MACSec Key Agreement is performed after the determination of the device’s MACSec capability and authentication (i.e.,”prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol”).); 
prior to generating or receiving the CAK and the CKN, and using the discovery protocol, receiving, by the first switch from the second switch, second data that indicates capability of the second switch with respect to the MACSec protocol (Mohamed, Parag. [0030-0035]; “FIG. 2 depicts an example structure of a discovery message 202 using LLDP. As shown in FIG. 2, discovery message 202 includes a plurality of fields related to the port of the network device, the discovery message 202 configured in accordance with LLDP. In addition, discovery message 202 includes attributes 204. Attributes 204 may be implemented as a plurality of fields including information related to attributes of one or more features of the port of the network device 100 In the example depicted in FIG. 2, attributes 204 includes type-length-value field 205 indicating custom fields outside the standard LLDP fields; type-length-value field 207 indicating length of the custom fields;  organizationally unique identifier field 209;  organizationally defined subtype field 211;  MACsec capability field 206, and is populated with an indication that the port of the network device 100 is capable of the MACsec feature”.  Mohamed, Parag. [0050]; “The network device may then receive a response to the discovery message 406 from the neighbor network device. The response to the discovery message may include information related to one or more attributes of the port of the neighbor network device that the network device is connected to. When the network device receives a response to the discovery message from the port of the neighbor network device, the network device may parse the received response, to extract information associated with attributes of the port of the neighbor network device, for example, whether the port is capable of enabling 802.1X, the state of enablement of 802.1X, etc.” … Parag. [0061]; “Once the pass through feature is enabled at network device 502, network devices 500 and 504 may conduct 802. 1X authentication to validate that the network devices 500 and 504 have valid credentials and/or is allowed to communicate. After a successful authentication, 802.1X can also be used to perform a MACsec Key Agreement (MKA) negotiation between network device 500 and 504 to obtain symmetric keys used for MACsec encryption of their secure channel through pass through device 502.” Examiner submits that Mohamed teaches the discovering process under the discovery protocol using the LLDP.  Mohamed further teaches that the MACsec Key Agreement (MKA) negotiation (i.e., the operation of generating/receiving the CAK and CKN, as disclosed by Chimakurthy above in details) follows after the discovery and authentication. Thus, Mohammed teaches the discovering process of the device capability before generating the CAK and CKN keys by teaching that the MACSec Key Agreement is performed after the determination of the device’s MACSec capability and authentication (i.e.,”prior to generating or receiving a connectivity association key (CAK) and a connectivity association key name (CKN), and using a discovery protocol”).).
Chimakurthy and Mohamed are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for automatically establishing a media access control security (MACsec) session between two electronic devices using a discovery protocol.
Mohamed’s system into Chimakurthy’s system, with a motivation to provide a network device may enable or disable a pass through feature and provide secure communication between neighboring network devices based on information included in discovery messages (Mohamed, Parag. [0016]).
However, the combination of Chimakurthy and Mohamed does not expressly teaches:
initiating, by the first switch, mutual authentication between the first switch and the second switch;
establishing the secure connection between the first switch and the second switch;
But, Du teaches:
initiating, by the first switch, mutual authentication between the first switch and the second switch (Du, Parag. [0058]; “the network device and the registrar device perform mutual authentication based on the domain certificate of the network device and a domain certificate of the registrar device (the registrar device first allocates a domain certificate to the registrar device), and establish a security connection at the data link layer, for example, establish a MACsec channel.” Examiner submits that the network device is the first switch and the registrar is the second switch.);
establishing the secure connection between the first switch and the second switch (Du, Parag. [058]; “the network device and the registrar device perform mutual authentication based on the domain certificate of the network device and a domain certificate of the registrar device (the registrar device first allocates a domain certificate to the registrar device), and establish a security connection at the data link layer, for example, establish a MACsec channel.” Examiner submits that the network device is the first switch and the registrar is the second switch.);
Chimakurthy, Mohamed and Du are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for automatically establishing a media access control security (MACsec) session between two electronic devices using a discovery protocol.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Du system into Chimakurthy-Mohamed system, with a motivation to provide mutual authentication based on the domain certificate of the network device and a domain certificate of the registrar device (the registrar device first allocates a domain certificate to the registrar device), and establish a security connection at the data link layer, for example, establish a MACsec channel (Du, Parag. [0208]).

As per claim 2, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 1. Mohamed further teaches wherein: the first data comprises a first protocol data unit (PDU), the first PDU configured in accordance with a discovery protocol and comprising a type-length-value (TLV) that indicates the capability of the first switch with respect to the MACSec protocol (Mohamed, Parag. [0030-0035]; “FIG. 2 depicts an example structure of a discovery message 202 using LLDP. As shown in FIG. 2, discovery message 202 includes a plurality of fields related to the port of the network device, the discovery message 202 configured in accordance with LLDP. In addition, discovery message 202 includes attributes 204. Attributes 204 may be implemented as a plurality of fields including information related to attributes of one or more features of the port of the network device 100 In the example depicted in FIG. 2, attributes 204 includes type-length-value field 205 indicating custom fields outside the standard LLDP fields; type-length-value field 207 indicating length of the custom fields;  organizationally unique identifier field 209;  organizationally defined subtype field 211;  MACsec capability field 206, and is populated with an indication that the port of the network device 100 is capable of the MACsec feature” … Parag. [0049 – 0050]; “As shown in FIG. 4, a discovery message may be generated 402. The discovery message may include information relating to one or more attributes of the port of the network device sending the discovery message. For example, if the port of the network device has the capability to enable 802.1X, when generating a discovery message, attributes related to the 8021 X feature may be included in the generated message. These attributes may include whether the port is capable of enabling 802.1X, the state of enablement of 802. 1X, etc. 0050. The network device may transmit the generated discovery message to one or more neighbor network devices 404.”); and 
Mohamed, Parag. [0050]; “The network device may then receive a response to the discovery message 406 from the neighbor network device. The response to the discovery message may include information related to one or more attributes of the port of the neighbor network device that the network device is connected to. When the network device receives a response to the discovery message from the port of the neighbor network device, the network device may parse the received response, to extract information associated with attributes of the port of the neighbor network device, for example, whether the port is capable of enabling 802.1X, the state of enablement of 802.1X, etc.”).

As per claim 3, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 2. Mohamed further teaches wherein the TLV is proprietary to an organization hosting a network within which the first switch and the second switch desire to establish the MACSec session (Mohamed, Parag. [0030-0035]; “In the example depicted in FIG. 2, attributes 204 includes type-length-value field 205 indicating custom fields outside the standard LLDP fields; type-length-value field 207 indicating length of the custom fields; organizationally unique identifier field 209; organizationally defined subtype field 211; MACsec capability field 206, and is populated with an indication that the port of the network device 100 is capable of the MACsec feature.”).

As per claim 5, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 1. Chimakurthy teaches further comprising: selecting the first switch to generate the CAK and the CKN based on a parameter (Chimakurthy, Col. 5, lines 54-65; “In response to authentication of second MACsec device by authentication engine, generation engine may generate a random Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. In an example, this may include comparing the MAC address of first MACsec capable device 104 with the MAC address of second MACsec capable device 106. In response to a determination that the MAC address of first MACsec capable device 104 is lower than the MAC address of second MACsec capable device 106, first MACsec capable device 104 may be elected as a key server, which may then generate the CAK, the CKN, and the nonce.”).

As per claim 6, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 5. Chimakurthy further teaches wherein the parameter comprises one of (i) the first switch or the second switch having the lowest MAC. (ii) the first switch or the second switch having the highest MAC. or (iii) the first switch or the second switch having a most recent version of operating software (Chimakurthy, Col. 5, lines 54-65; “In response to authentication of second MACsec device by authentication engine, generation engine may generate a random Connectivity Association Key (CAK), a Connectivity Association Name (CKN), and a nonce. In an example, this may include comparing the MAC address of first MACsec capable device 104 with the MAC address of second MACsec capable device 106. In response to a determination that the MAC address of first MACsec capable device 104 is lower than the MAC address of second MACsec capable device 106, first MACsec capable device 104 may be elected as a key server, which may then generate the CAK, the CKN, and the nonce.”).

As per claim 9, it is a device claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. In addition, Chimakurthy teaches:
An electronic device comprising a first switch(Chimakurthy, Col. 2, lines 54-57; “For example, first MACsec capable device 104 and second MACsec capable device 106 may each be a network switch, a network router, a virtual switch, and a virtual router.”), the first switch comprising: one or more processors (Chimakurthy, Col. 8, lines 36-40; “Instructions 408 may be executed by processor 402 to authenticate, by the first MACsec capable device, the second MACsec capable device based on the device identifier of the second MACsec capable device.”); and 
one or more non-transitory computer-readable media storing computer- executable instructions (Chimakurthy, Col. 3, lines 63-66; “first MACsec capable device 104 is shown to include receipt engine, authentication engine, generation engine, encryption engine, transmission engine, comparison engine, configuration engine, and installation engine.” … Col. 4, lines 8-12; “the programming for the engines may be processor executable instructions stored on at least one non-transitory machine-readable storage medium and the hardware for the engines may include at least one processing resource to execute those instructions.”).

As per claim 10, the rejection of claim 9 it is incorporated. In addition, it is a device claim that recites similar limitations to those of claim 2, and therefore it is rejected for the same rationale applied to claim 2.

As per claim 11, the rejection of claim 10 it is incorporated. In addition, it is a device claim that recites similar limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 13, the rejection of claim 9 it is incorporated. In addition, it is a device claim that recites similar limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

As per claim 14, the rejection of claim 13 it is incorporated. In addition, it is a device claim that recites similar limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

Claims 4 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 10,686,595) hereinafter Chimakurthy in view of Mohamed et al. (US 2015/0207793) hereinafter Mohamed and in further view of Du et al. (US 2018/0145905) hereinafter Du as applied to claim 1 above, and further in view of Sankaran et al (US 2018/0302269) hereinafter Sankaran.
As per claim 4, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 1. [wherein establishing the MACSec session comprises: based at least in part on the CAK and the CKN, generating an integrity check value key (ICK) and key encryption key (KEK)].
However the combination of Chimakurthy, Mohamed and Du does not expressly teaches:
wherein establishing the MACSec session comprises: based at least in part on the CAK and the CKN, generating an integrity check value key (ICK) and key encryption key (KEK). 
But, Sankaran teaches:
wherein establishing the MACSec session comprises: based at least in part on the CAK and the CKN, generating an integrity check value key (ICK) and key encryption key (KEK). (Sankaran, Parag. [0020]; “MKA does not use the CAK directly but derives two further keys from the CAK using the Advanced Encryption Standard (AES) key wrap algorithm. These include the ICV Key (ICK) used to verify the integrity of MACsec Key Agreement Protocol Data Units (MPDUS) and to prove that the transmitter of the MKPDU possesses the CAK, and the Key Encrypting Key (KEK) used by Key Server to transport SAKs to the other member(s) of a CA. CAK may be used to generate the rest of the MACsec encryption keys (for example, ICK, KEK, and SAK). ICK and KEK derived from a CAK may be used to distribute SAKs to systems that possess that CAK.”).
Chimakurthy, Mohamed, Du and Sankaran are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for automatically establishing a media access control security (MACsec) session between two electronic devices using a discovery protocol.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sankaran system into Chimakurthy-Mohamed-Du system, with a motivation to provide methods for discovering MACsec peers and negotiating the security keys needed to secure a link (Sankaran, Parag. [0020]).

As per claim 16, it is a method claim that recites similar limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. 
In addition, Mohamed teaches a method comprising: sending, by a first switch of a first electronic device to a second switch of a second electronic device, a first protocol data unit (PDU), the first PDU configured in accordance with a discovery protocol and comprising a type-length-value (TLV) that indicates capability of the first switch with respect to a media access control (MAC) security (MACSec) protocol (Mohamed, Parag. [0030-0035]; “FIG. 2 depicts an example structure of a discovery message 202 using LLDP. As shown in FIG. 2, discovery message 202 includes a plurality of fields related to the port of the network device, the discovery message 202 configured in accordance with LLDP. In addition, discovery message 202 includes attributes 204. Attributes 204 may be implemented as a plurality of fields including information related to attributes of one or more features of the port of the network device 100 In the example depicted in FIG. 2, attributes 204 includes type-length-value field 205 indicating custom fields outside the standard LLDP fields; type-length-value field 207 indicating length of the custom fields;  organizationally unique identifier field 209;  organizationally defined subtype field 211;  MACsec capability field 206, and is populated with an indication that the port of the network device 100 is capable of the MACsec feature” … Parag. [0049 – 0050]; “As shown in FIG. 4, a discovery message may be generated 402. The discovery message may include information relating to one or more attributes of the port of the network device sending the discovery message. For example, if the port of the network device has the capability to enable 802.1X, when generating a discovery message, attributes related to the 8021 X feature may be included in the generated message. These attributes may include whether the port is capable of enabling 802.1X, the state of enablement of 802. 1X, etc. 0050. The network device may transmit the generated discovery message to one or more neighbor network devices 404.”); 
receiving, by the first switch from the second switch, a second PDU, the second PDU configured in accordance with the discovery protocol and comprising the TLV that indicates capability of the second switch with respect to the media access control security (MACSec) protocol (Mohamed, Parag. [0050]; “The network device may then receive a response to the discovery message 406 from the neighbor network device. The response to the discovery message may include information related to one or more attributes of the port of the neighbor network device that the network device is connected to. When the network device receives a response to the discovery message from the port of the neighbor network device, the network device may parse the received response, to extract information associated with attributes of the port of the neighbor network device, for example, whether the port is capable of enabling 802.1X, the state of enablement of 802.1X, etc.”);
and Sankaran teaches:
based at least in part on the CAK and the CKN, generating, by the first switch and second switch, an integrity check value key (ICK) and key encryption key (KEK); and based at least in part on the ICK and the KEK, establishing a MACSec session between the first switch and the second switch in accordance with the MACSec protocol (Sankaran, Parag. [0020]; “MKA does not use the CAK directly but derives two further keys from the CAK using the Advanced Encryption Standard (AES) key wrap algorithm. These include the ICV Key (ICK) used to verify the integrity of MACsec Key Agreement Protocol Data Units (MPDUS) and to prove that the transmitter of the MKPDU possesses the CAK, and the Key Encrypting Key (KEK) used by Key Server to transport SAKs to the other member(s) of a CA. CAK may be used to generate the rest of the MACsec encryption keys (for example, ICK, KEK, and SAK). ICK and KEK derived from a CAK may be used to distribute SAKs to systems that possess that CAK.”).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sankaran system into Chimakurthy-Mohamed-Du system, with a motivation to provide methods for discovering MACsec peers and negotiating the security keys needed to secure a link (Sankaran, Parag. [0020]).

As per claim 17, the rejection of claim 16 it is incorporated. In addition, it is a method claim that recites similar limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

As per claim 18, the rejection of claim 17 it is incorporated. In addition, it is a method claim that recites similar limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

As per claim 19, the rejection of claim 16 it is incorporated. In addition, it is a method claim that recites similar limitations to those of claim 7, and therefore it is rejected for the same rationale applied to claim 7.

20, the rejection of claim 16 it is incorporated. In addition, it is a network device claim that recites similar limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 10,686,595) hereinafter Chimakurthy in view of Mohamed et al. (US 2015/0207793) hereinafter Mohamed and in view of Du et al. (US 2018/0145905) hereinafter Du as applied to claim 1 above, and further in view of Hussain et al (US 2019/0116183) hereinafter Hussain.
As per claim 7, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 1, [further comprising: after sending the CAK and the CKN, discontinuing the secure connection]. 
However, the combination of Chimakurthy, Mohamed and Du does not expressly teaches:
further comprising: after sending the CAK and the CKN, discontinuing the secure connection. 
But, Hussain teaches:
further comprising: after sending the CAK and the CKN, discontinuing the secure connection (Hussain, Parag. [0055]; “In some implementations, network device 210-1 may establish or end the fast heartbeat session based on a status of an MKA session. For example, if the MKA session exchanges MKA packet data at an established interval (e. g., every two seconds) for a period of time, then network device 210-1 may end or deactivate the fast heartbeat session for the MKA session.”… Parag. [0057]; “process 400 may include determining, based on the fast heartbeat session, that the MKA session has ended (block 430). For example, network device 210-1 may determine that the MKA session has ended based on the fast heartbeat messages. Examiner submits that the keys were sent once the MKA session was established; MKA is responsible for key exchange.).
Chimakurthy, Mohamed, Du and Hussain are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for automatically establishing a media access control security (MACsec) session between two electronic devices using a discovery protocol.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hussain system into Chimakurthy-Mohamed-Du system, with a motivation to provide methods for determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending (Hussain, Parag. [0002]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 10,686,595) hereinafter Chimakurthy in view of Mohamed et al. (US 2015/0207793) hereinafter Mohamed and in view of Du et al. (US 2018/0145905) hereinafter Du as applied to claim 1 above, and further in view of Coyle (US 2021/0067329).
8, the combination of Chimakurthy, Mohamed and Du teaches the method of claim 1, [wherein the mutual authentication comprises one of (i) secure sockets layer (SSL)/transport layer security (TLS) protocol or (ii) secure shell (SSH) protocol]. 
However, the combination of Chimakurthy, Mohamed and Du does not expressly teaches:
wherein the mutual authentication comprises one of (i) secure sockets layer (SSL)/transport layer security (TLS) protocol or (ii) secure shell (SSH) protocol. 
But, Coyle teaches:
wherein the mutual authentication comprises one of (i) secure sockets layer (SSL)/transport layer security (TLS) protocol or (ii) secure shell (SSH) protocol (Coyle, Parag. [0022]; “. Accordingly, the dual-mode peer devices 102a-102N can perform simultaneous authentication exchanges (e.g., according to Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) between one another (see FIG. 2).”).
Chimakurthy, Mohamed, Du and Coyle are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide methods for automatically establishing a media access control security (MACsec) session between two electronic devices using a discovery protocol.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Coyle system into Chimakurthy-Mohamed-Du system, with a motivation to establish Coyle, Parag. [0016]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wang, C. et al.; US 2016/0014142: relates to a link discovery method and apparatus. The method includes: when a network device receives a first LLDP packet sent by a directly connected device, determining a security level of the directly connected device according to an authentication TLV.
Sirivara, S.; US 2016/0373441: relates to a method includes determining one or more nodes in a network system with at least one port that is enabled for security enabled services. The method also includes provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key.
Ganesa, S. et al.; US 2015/0117252: relates to information handling systems, and more particularly to automated Data Center Bridging (DCB) configuration of access switches.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/A.D.C./Examiner, Art Unit 2498   


/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498