Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/654,160 is presented for examination by the examiner.


Specification
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 9-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 9 comprises computer readable medium.  Computer readable medium include signals.  Signals are not a statutory class 

Claims 1, 5, 8, 9, and 13-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract without significantly more. The claim(s) recite(s) series of generating a key and a tag, both of which are merely data which is a fundamental method of organizing human interaction.  Data is information and abstract.  A person can generate a key and data and send it to another person. This judicial exception is not integrated into a practical application because the claim lacks steps to integrate the abstract idea into a practical application. The verb provisioning is not tied to the art.  There is not cryptographic function or security being performed in these claims.  They generally amount to transmitting data with ordinary generic hardware.  In fact, orchestrators are not specific to any type of hardware and can be given to people performing the function of orchestrating. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because when considered separately and in combination, they do not add significantly more.  The dependent claims give the attribute where the tag my be implemented but no technology is being used.  In contrast with claims 2 and 17, those claims are tied to onboarding a nontrusted device to the network which achieves a result grounded in technology.  


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-15 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

As per claims 1 and 9, it unclear what is meant by provisioning a trusted network edge with the key.  Previously the claim the key was sent to the external segmentation orchestrator.  Is the step of provisioning the key a separate from sending the key to the external segmentation orchestrator or doe that happen automatically because the external segmentation orchestrator has possession of the key and provides the edge to what is outside the network?  Or does the external segmentation orchestrator send the key to a trusted network edge and if so is that network hardware?   Appropriate correction is required.




Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP Application Publication 2005/0190758 to Gai et al., hereinafter Gai.

As per claims 1 and 9, Gai teaches generating, by an internal segmentation orchestrator [internal router], a key to cipher/decipher [public key to be used by router 285; 0044] a cryptographic segmentation tag [SGT]  used by an untrusted device (Fig 3. 280); transmitting the key to an external segmentation orchestrator [router 285 | sending router (285) needs public key to encrypt packet with the SGT to internal routers so key exchange must occur; 0042, 0044, and 0074]; transmitting the cryptographic 
provisioning a trusted network edge with the key (0069).


As per claim 17, Gai teaches receiving, from an internal orchestrator and at an external orchestrator, a key [router 285 | sending router (285) needs public key to encrypt packet with the SGT to internal routers so key exchange must occur; 0042, 0044, and 0074]  to cipher/decipher a cryptographic segmentation tag [SGT] used by an untrusted device (Fig. 3, 280); receiving a segmentation tag from the internal orchestrator [router 220  has the SGT in insert into the packet and are present in communication between routers; 0071 and 0074]; 
applying a cipher to the segmentation tag to yield a ciphered segmentation tag (0042); and 
transmitting the ciphered segmentation tag to the untrusted device for use in onboarding the untrusted device to a segment of a trusted network at a trusted network edge [the server packet coming from the server to the untrusted device has a SFT and Gai teaches the  capable hosts can decrypt the packets which would still have the SGT inside; 0045 and 0080].
As per claims 2 and 10, Gia teaches onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator [interpreted one of two ways; the untrusted device receives the tag by that 

As per claims 3 and 11, Gia teaches the internal segmentation orchestrator and the trusted network edge are within a trusted network (0069).
As per claims 4 and 12, Gia teaches onboarding the untrusted device into a segment of a trusted network comprises receiving, at the trusted network edge, the cryptographic segmentation tag associated with the segment (0074).
As per claims 5 and 13, Gia teaches the cryptographic segmentation tag is configured for one of macro segmentation, micro-segmentation, or both macro-segmentation and micro- segmentation (0069).
As per claims 6 and 14, Gia teaches  the cryptographic segmentation tag is carried in a specific data-plane between the untrusted device and the trusted network edge (0095, 0099, and 0102).

As per claims 7 and 15, Gia teaches a signature for the cryptographic segmentation tag is applied (0043).
As per claims 8 and 16, Gia teaches provisioning the trusted network edge with the cryptographic segmentation tag (0062-0063 and 0105).

As per claim 18, Gai teaches the ciphered segmentation tag is used to onboard, based on the key, the untrusted device (0074).

As per claim 20, Gia teaches onboarding the untrusted device into a segment of a trusted network comprises receiving, at the trusted network edge, the cryptographic segmentation tag associated with the segment (0074).





Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431