DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08 February 2022 has been entered.
 
Response to Arguments
Applicant's arguments filed 08 February 2022 have been fully considered but they are not persuasive.
Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
Applicant states at page 11, “Because claims 11, 14-17 are each dependent upon an allowable base claim…these claims are patentable over the combination…”.  

In response to applicant’s arguments that the cited prior art does not teach “the Ethernet at…neighbors using LLDP,” page 8, lines 14-19, the examiner respectfully disagrees.
White discloses LLDP is a technique used for Ethernet network devices including switches to advertise information about themselves to other nodes on the network and store information they discover using the Management Information Base (MIB), wherein LLDP information is transmitted periodically and stored and a network device receives an LLDP advertisement and stores the information within it (Col. 8).  The LLDP information is transmitted and received using a constrained LLDP multicast address (Col. 9, lines 13-21, 39-58).
Combining the references brings about a system that sends LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the  LLDP agent discovers neighbors using LLDP.  Therefore, the aforementioned limitations are taught by the combination of the cited prior art.

Claim Interpretation
The following is the examiner’s interpretations and suggestions for portions of the claims:
It should be noted that it is unclear as to what the “digital signature” entails.  The specification does not provide a definition for the digital signature.  Using the broadest reasonable interpretation, a digital signature may be an identifier, such as a manufacturer identifier or a product identifier as stated in claim 13.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 5, 6, and 10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 1, lines 41-42—“an Ethernet key,” line 44 “the Ethernet key,” line 43—“a network switch,” and line 45—“the network switch,” it is unclear as to whether the Ethernet key is referring to the “compact computing device” and whether the “network switch” is referring to the “host.”   The specification describes at Para. 25—“compact computing device 100 is an Ethernet key” and that “Ethernet key is plugged directly into an Ethernet port of a host, e.g., a network switch”.  For purposes of 

Regarding claim 5, line 3—“configuration of the host,” it is not clear as to whether the configuration is the same as or different than the “configuration information” of claim 1.  The examiner suggests amending the claim to indicate --the configuration information--, for example.

Claims 5, 6, and 10 are additionally rejected for being dependent on a rejected base claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious 

Claims 1 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch et al. (US 2014/0181248 A1) in view of Koningstein et al. (US 2014/0173059 A1) in view of Yi et al. (US 2017/0273084) in view of White (US 8,443,065 B1) and further in view of Jueneman et al. (US 2013/0046993 A1).
Regarding claim 1, Deutsch teaches a compact computing device, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), comprising: 
an interface, e.g. USB (Para. 57, 129), through which communications are performed with a host, i.e. a Device Services Controller (DSC) (Fig. 1, el. 102, 112; Fig. 7, el. 702), associated with a private network via a link, e.g. the DSC includes an Ethernet connection to the network, wherein the network is protected by a firewall (Fig. 1, el. 104, 106, 114, 116; Para. 129), 
wherein the host is in a factory default configuration, e.g. wherein the DSC may be newly-installed (Para. 124); wherein a system reset may have been performed on the DSC (Para. 128); 
a compact shielding case, wherein the footprint is only large enough that one side wall of the compact shielding case simply accommodates only the interface, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57); 
a discovery agent, which responsive to the interface being coupled to the host discovers the host, e.g. inserting the thumb drive into the drive port and uploading the boot up file into the DSC (Para. 126, 129); 
a memory, e.g. a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), having stored therein information that is to be transferred to the host, e.g. embedding a copy of an executable boot up file on the thumb drive (Para. 125),
wherein the information that is to be transferred to the host includes a token and configuration information that is used to identify the host to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a Device Service Manager (DSM) (Fig. 1, el. 110; Fig. 8, el. 810), and enables the network management appliance or the network management service to cause the host to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator, i.e. an administrator (Fig. 8), of the private network via the network management appliance or the network management service by providing the host with the configuration information, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Para. 128, 130, 148).  
Deutsch does not clearly teach a compact computing device without Universal Serial Bus (USB) port; an Ethernet interface through which communications are performed with a host associated with a private network via an Ethernet link, wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is only large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host; the memory operable to store information that is received from the host; and a micro-controller to control exchange of the information with the host through the Ethernet link, wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the LLDP agent discovers neighbors using LLDP, and wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.  
a compact computing device without Universal Serial Bus (USB) port, i.e. an inclusion key device (Fig. 1, el. 10A, 11A), wherein the inclusion key may be a small device similar to a Flash drive memory device and may not include a USB port (Para. 19), comprising: 
an Ethernet interface through which communications are performed with a host, e.g. an appliance (Fig. 1, el. 10, 11), associated with a private network, i.e. an automation network (Fig. 1, el. 7), via an Ethernet link, i.e. an Ethernet port (Para. 19), e.g. the inclusion key may communicate with the appliance via the Ethernet port (Para. 19),
wherein the host is in a factory default configuration, e.g. wherein the appliance may be a new or uncommissioned appliance (Para. 18, 23); 
a compact shielding case, e.g. wherein the inclusion key may be a small device similar to a Flash drive memory device (Para. 19); 
a memory having stored therein information that is to be transferred to the host and operable to store information that is received from the host, e.g. information may be retrieved from or delivered to the inclusion key (Para. 21); wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Para. 29, 30),
wherein the information that is to be transferred to the host includes a token and configuration information that is used to identify the host to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a network controller (Fig. 1, el. 15), and enables the network management appliance or the network management service to cause the host to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator of the private network via the network management appliance or the network management service by providing the host with the configuration information, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30),
authenticating the host during a security handshake process with the host, e.g. performing an authentication handshake with the appliance (Para. 35).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch to include an Ethernet interface through which communications are performed with a host associated with a private network via an Ethernet link, wherein the host is in a factory default configuration; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host; and authenticating the host during a security handshake process with the host, using 
Deutsch in view of Koningstein does not clearly teach wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is only large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host; the memory operable to store information that is received from the host; and a micro-controller to control exchange of the information with the host through the Ethernet link, wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the LLDP agent discovers neighbors using LLDP, and wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.
compact computing device without universal serial bus (USB), i.e. a DFS master device that may be a dongle device (Fig. 13, el. 1304; Para. 40), comprising: 
an Ethernet interface through which communications are performed with a host, i.e. an access point device (Fig. 13, el. 1302), associated with a private network via an Ethernet link, i.e. an Ethernet port (Fig. 13, el. 1306), e.g. plugging the device into the Ethernet port of the access point and initiating and changing configuration settings (Para. 95),
wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE), e.g. enabling the DFS master device to receive power via PoE (Yi-Para. 96);
a compact shielding case, wherein the footprint is only large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface, e.g. the dongle may be a small device that is easily transportable and plugs into the access point Ethernet port (Fig. 13, el. 1304; Para. 95); 
an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the host, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95); 
a memory, e.g. a memory (Para. 35), having stored therein information that is to be transferred to the host and operable to store information that is received from the host, e.g. the device provides instructions to the access point (Para. 95); and -2-Appl. No. 15/718,957 Amdt. Dated July 10, 2020 Reply to Office Action of April 14, 2020
a micro-controller, e.g. a processor (Para. 35), to control exchange of the information with the host through the Ethernet link, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein to include wherein the Ethernet interface receives electrical power from the host using power-over-Ethernet (PoE); wherein the footprint is only large enough that one side wall of the compact shielding case simply accommodates only the Ethernet interface; and the micro-controller to control exchange of the information with the host through the Ethernet link, wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link, using the known method of initiating and changing configuration settings on the access point upon plugging the Ethernet dongle into the access point and utilizing a processor to perform operations, as taught by Yi, in combination with the host configuration system of Deutsch in view of Koningstein, for the purpose of providing a plug-and-play functionality that enables the device configure settings on the access point while the device is also easily transportable and moved and is unobtrusively installed (Yi-Para. 95).
wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the LLDP agent discovers neighbors using LLDP, and wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.
White teaches wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the LLDP agent discovers neighbors using LLDP, e.g. enabling an existing neighboring device to send required location and addressing information periodically using LLDP (Col. 3, lines 30-65; Col. 8, lines 3-18; Col. 9, lines 30-38); a newly deployed network device receives the information and the information allows the device to connect to the network manager (Col. 3, lines 30-65); the network manager may have its operators send the provisioning information to the network device (Col. 3, lines 52-65); LLDP is a technique used for Ethernet network devices including switches to advertise information about themselves to other nodes on the network and store information they discover using the Management Information Base (MIB) (Col. 8, lines 3-18); LLDP information is transmitted periodically and stored; a network device receives an LLDP advertisement and stores the information within it (Col. 8, lines 44-67); a constrained LLDP multicast address (Col. 9, lines 13-21, 39-58).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi to include wherein the Ethernet discovery agent uses link layer discovery protocol (LLDP) to discover the host by sending LLDP information to a constrained multicast address on the Ethernet at regular intervals, wherein an LLDP agent of an Ethernet key receives the LLDP information and transmits information about itself back to a network switch in order for the Ethernet key and the network switch to communicate via layer 2, wherein the LLDP agent discovers neighbors using LLDP, as taught by White, in combination with the host configuration system of Deutsch in view of Koningstein in view of Yi, for the purpose of utilizing a well-known Ethernet discovery protocol to discover and provision new devices while reducing the time required and errors produced (White-Col. 1, lines 13-29).
Deutsch in view of Koningstein in view of Yi in view of White does not explicitly teach wherein the micro-controller further authenticates the host during a security handshake process with the host based on a digital signature of the host received from the host via the Ethernet link.
wherein a micro-controller, i.e. a processor/controller device (Fig. 6, el. 611), further authenticates the host, i.e. a Host Computing Device (Fig. 2, el. 201), during a security handshake process with the host based on a digital signature of the host received from the host via a link, e.g. (Jueneman-Para. [0094] “A significant advantage of the system according to the present invention comprising a SPED and a HCD is that the system comprises a set of sequential procedures for system installation and initialization of hardware and software subsystems to configure and integrate physical and logical levels of access authorization for portable memory storage apparatus {i.e. authentication handshake process}.  The present invention accomplishes this by means of a K out of N split-knowledge technique {i.e. security handshake process} that combines a mandatory minimum set of: 1) Host Authorization Code (HAC) information that can be specific to a HCD and enables a unique transformed external secret for each HCD, 2) the user's PIN, 3) an optional security officer's PIN, 4) SPED-specific internal identification information, and 5) other unique identifier information that may be optionally required by an organization's security policies and procedures.”);
sending the HAC from the HCD to the SPED and utilizing the HAC to authenticate the HCD to the SPED (Jueneman-Para. 106, 107, 111).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White to include wherein the micro-controller further authenticates the host during a security handshake process with 

Regarding claim 5, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches wherein the information stored in the memory includes configuration information of the host, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Deutsch-Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Deutsch-Para. 126); 
Also note Koningstein discloses wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Koningstein-Para. 29, 30).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman and further in view of Rukmangathan et al. (US 2014/0298007).
Regarding claim 6, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches all elements of claims 1 and 5.
Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman does not clearly teach wherein the configuration of the host is encrypted.
Rukmangathan teaches wherein a configuration of a host is encrypted, e.g. copying an encrypted configuration file from a server to a portable storage medium and then copying the encrypted configuration file from the portable storage medium to a network switch (Para. 26).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman to include wherein the configuration of the host is encrypted, using the known method of copying an encrypted configuration file from a server to a portable storage medium and then copying the encrypted configuration file from the portable storage medium to a network switch, as taught by Rukmangathan, in combination with the host configuration system of Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman, for the purpose of reducing the time and effort involved for users to edit a switch configuration and its . 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman and further in view of Pi et al. (US 2007/0171201).
Regarding Claim 10, Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman teaches all elements of claim1.
Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman does not clearly teach further comprising a state indicator providing information indicative of a running state of the compact computing device.
Pi teaches a state indicator providing information indicative of a running state of the compact computing device, e.g. including a status indicator on an external fob or dongle (Fig. 5, el. 501, 405; Para. 62, 63).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman to include a state indicator providing information indicative of a running state of the compact computing device, using the known method of including a status indicator on an external fob or dongle, as taught by Pi, in combination with the host configuration system of Deutsch in view of Koningstein in view of Yi in view of White in view of Jueneman, for the purpose of providing the user with a visual indicator that indicates the status of the dongle (Pi-Para. 62, 63). 

Claims 11 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi.
Regarding claim 11, Deutsch teaches a compact computing device, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), comprising: 
an interface, e.g. USB (Para. 57, 129), through which communications are performed with a network device, i.e. a Device Services Controller (DSC) (Fig. 1, el. 102, 112; Fig. 7, el. 702), associated with a private network via a link, e.g. the DSC includes an Ethernet connection to the network, wherein the network is protected by a firewall (Fig. 1, el. 104, 106, 114, 116; Para. 129), 
wherein the network device is in a factory default configuration, e.g. wherein the DSC may be newly-installed (Para. 124); wherein a system reset may have been performed on the DSC (Para. 128); 
a compact shielding case having a side wall accommodating the interface, e.g. a thumb drive (Fig. 8, el. 834); a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57); 
a discovery agent, which responsive to the interface being coupled to the host discovers the network device to which the compact computing device is connected, e.g. inserting the thumb drive into the drive port and uploading the boot up file into the DSC (Para. 126, 129); 
a flash memory, e.g. a USB flash drive (Para. 57, 129); a portable computer readable medium (Para. 57), having stored therein information that is to be transferred to the network device, e.g. embedding a copy of an executable boot up file on the thumb drive (Para. 125),
wherein the information includes a token and configuration information that is used to identify the network device to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a Device Service Manager (DSM) (Fig. 1, el. 110; Fig. 8, el. 810), and enables the network management appliance or the network management service to cause the network device to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator, i.e. an administrator (Fig. 8), of the private network via the network management appliance or the network management service by providing the network device with the configuration information, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Para. 128, 130, 148); and
delivering the token to the network device through the link, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Para. 125).
Deutsch does not clearly teach an Ethernet interface through which communications are performed with a network device associated with a private network via an Ethernet link; a compact shielding case having a side wall accommodating the Ethernet interface;
an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to a host discovers the network device to which the compact computing device is connected; and a micro-controller operable to deliver the token to the network device through the Ethernet link.  
Koningstein teaches a compact computing device, i.e. an inclusion key device (Fig. 1, el. 10A, 11A), wherein the inclusion key may be a small device similar to a Flash drive memory device and may not include a USB port (Para. 19), comprising: 
an Ethernet interface through which communications are performed with a network device, e.g. an appliance (Fig. 1, el. 10, 11), associated with a private network, i.e. an automation network (Fig. 1, el. 7), via an Ethernet link, i.e. an Ethernet port (Para. 19), e.g. the inclusion key may communicate with the appliance via the Ethernet port (Para. 19),
wherein the network device is in a factory default configuration, e.g. wherein the appliance may be a new or uncommissioned appliance (Para. 18, 23); 
a compact shielding case having a side wall accommodating the Ethernet interface, e.g. wherein the inclusion key may be a small device similar to a Flash drive memory device (Para. 19); 
a flash memory having stored therein information that is to be transferred to the network device, e.g. information may be retrieved from or delivered to the inclusion key (Para. 21); wherein the inclusion key may include network-related data or information for commissioning the appliance into the network for retrieval by the appliance (Para. 29, 30),
wherein the information includes a token and configuration information that is used to identify the network device to i) a network management appliance or (ii) a network management service associated with the private network, i.e. a network controller (Fig. 1, el. 15), and enables the network management appliance or the network management service to cause the network device to be initialized with the configuration information corresponding to the token that allows the host to be centrally managed by an administrator of the private network via the network management appliance or the network management service by providing the network device with the configuration information, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30),
delivering the token to the network device through the Ethernet link, e.g. enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Para. 29, 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch to include an Ethernet interface through which communications are performed with a network device associated with a private network via an Ethernet link, wherein the network device is in a factory default configuration; a compact shielding case having a side wall accommodating the Ethernet interface; an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the network device to which the compact computing device is connected, using the known method of enabling the appliance to be commissioned into the network by the network controller using the inclusion key, 
Deutsch in view of Koningstein does not clearly teach a micro-controller operable to deliver the token to the network device through the Ethernet link.
Yi teaches a compact computing device, i.e. a DFS master device that may be a dongle device (Fig. 13, el. 1304; Para. 40), comprising: 
an Ethernet interface through which communications are performed with a network device, i.e. an access point device (Fig. 13, el. 1302), associated with a private network via an Ethernet link, i.e. an Ethernet port (Fig. 13, el. 1306), e.g. plugging the device into the Ethernet port of the access point and initiating and changing configuration settings (Para. 95);
a compact shielding case having a side wall accommodating the Ethernet interface, e.g. the dongle may be a small device that is easily transportable and plugs into the access point Ethernet port (Fig. 13, el. 1304; Para. 95); 
an Ethernet discovery agent, which responsive to the Ethernet interface being coupled to the host discovers the network device to which the compact computing device is connected, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95); 
a memory, e.g. a memory (Para. 35), having stored therein information that is to be transferred to the network device, e.g. the device provides instructions to the access point (Para. 95); and -2-Appl. No. 15/718,957 Amdt. Dated July 10, 2020 Reply to Office Action of April 14, 2020
a micro-controller, e.g. a processor (Para. 35), operable to deliver the token to the network device through the Ethernet link, e.g. upon plugging the device into the access point one or more programs or applications on the device can initiate and change configuration settings on the access point (Para. 95).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein to include a micro-controller operable to deliver the token to the network device through the Ethernet link, using the known method of initiating and changing configuration settings on the access point upon plugging the Ethernet dongle into the access point, as taught by Yi, in combination with the host configuration system of Deutsch in view of Koningstein, for the purpose of providing a plug-and-play functionality that enables the device configure settings on the access point while the device is also easily transportable and moved and is unobtrusively installed (Yi-Para. 95).

Regarding claim 14, Deutsch in view of Koningstein in view of Yi teaches wherein, when executed by the network device, the configuration information causes a factory default configuration of the network device to be replaced with an initial configuration for use in connection with the private network, e.g. embedding a copy of an executable boot up file on the thumb drive, wherein the boot up file is scripted with code to determine a unique ID of the DSC, determine the DSC’s current IP address, supply the DSM’s IP address, and activate code to initiate communications with the DSM (Deutsch-Para. 125); the DSC uses the boot up file to automatically create a secure communications channel with the DSM (Deutsch-Para. 126); the DSC sends an initial configuration file to the DSM, wherein the file includes the DSC unique ID and the DSC IP address (Deutsch-Para. 127, 130); the DSM creates a master configuration file with the initial configuration file and additional information and sends the master configuration file to the DSC (Deutsch-Para. 128, 130, 148);
Also note Koningstein discloses enabling the appliance to retrieve the information by inserting the inclusion key into the appliance, wherein the information may include a network encryption key and the appliance IP address; the appliance establishes a communication path with the network controller using the information and may exchange additional configuration information, wherein the additional configuration information may include a MAC address, an IP address, and/or a configuration program URL (Koningstein-Para. 29, 30).

Regarding claim 15, Deutsch in view of Koningstein in view of Yi teaches wherein the network device comprises a network switch, e.g. a router (Koningstein-Para. 18); 
Also note Yi discloses a switch that facilitates the network (Yi-Para. 88).

wherein the network device comprises a network security device, e.g. a DSC that includes a security manager (Deutsch-Fig. 7); 
Also note Koningstein discloses a router (Koningstein-Para. 18); 
Also note Yi discloses an access point that includes a security module (Yi-Para. 220); a switch that facilitates the network (Yi-Para. 88).

Regarding claim 17, Deutsch in view of Koningstein in view of Yi teaches wherein the network security device comprises a unified threat management (UTM) device, e.g. a DSC that includes a security manager (Deutsch-Fig. 7); 
Also note Koningstein discloses a router (Koningstein-Para. 18); 
Also note Yi discloses an access point that includes a security module (Yi-Para. 220); a switch that facilitates the network (Yi-Para. 88).

Claims 12, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Deutsch in view of Koningstein in view of Yi and further in view of Jueneman et al. (US 2013/0046993).
Regarding claim 12, Deutsch in view of Koningstein in view of Yi teaches all elements of claim 11.
Deutsch in view of Koningstein in view of Yi further teaches wherein the micro-controller further authenticates the network device during a security handshake process with the network device, e.g. performing an authentication handshake with the appliance (Koningstein-Para. 35).
Deutsch in view of Koningstein in view of Yi does not explicitly teach wherein the micro-controller further authenticates the network device during a security handshake process with the network device based on a digital signature of the host received from the network device via the Ethernet link.
Jueneman teaches wherein a micro-controller, i.e. a processor/controller device (Fig. 6, el. 611), further authenticates a network device, i.e. a Host Computing Device (Fig. 2, el. 201), during a security handshake process with the network device based on a digital signature of the network device received from the host via a link, e.g. (Jueneman-Para. [0094] “A significant advantage of the system according to the present invention comprising a SPED and a HCD is that the system comprises a set of sequential procedures for system installation and initialization of hardware and software subsystems to configure and integrate physical and logical levels of access authorization for portable memory storage apparatus {i.e. authentication handshake process}.  The present invention accomplishes this by means of a K out of N split-knowledge technique {i.e. security handshake process} that combines a mandatory minimum set of: 1) Host Authorization Code (HAC) information that can be specific to a HCD and enables a unique transformed external secret for each HCD, 2) the user's PIN, 3) an optional security officer's PIN, 4) SPED-specific internal identification information, and 5) other unique identifier information that may be optionally required by an organization's security policies and procedures.”);
sending the HAC from the HCD to the SPED and utilizing the HAC to authenticate the HCD to the SPED (Jueneman-Para. 106, 107, 111).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Deutsch in view of Koningstein in view of Yi to include wherein the micro-controller further authenticates the network device during a security handshake process with the network device based on a digital signature of the host received from the network device via the Ethernet link, using the known method of sending the HAC from the HCD to the SPED and utilizing the HAC to authenticate the HCD to the SPED, as taught by Jueneman, in combination with the host configuration system of Deutsch in view of Koningstein in view of Yi, for the purpose of severely mitigating or eliminating vulnerabilities or requiring levels of time and effort that could well render the value of the information as insignificant by the time it could be exposed (Jueneman-Para. 30). 

Regarding claim 13, Deutsch in view of Koningstein in view of Yi in view of Jueneman teaches wherein the digital signature includes one or more of a manufacturer identifier and a product identifier, e.g. the HAC includes a code that identifies the HCD, wherein the code uses a unique property of the HCD, such as an internal serial number of the bios chip, processor chip, or other secure readable or calculable method of identification installed by the manufacturer for unique HCD identification and licensing (Jueneman-Para. 87, 101, 105); the DSC unique ID, DSC IP address, or DSC MAC address (Deutsch-Para. 127); a model name (Koningstein-Para. 21).

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
J. Imtiaz et al. "A novel method for auto configuration of Realtime Ethernet Networks,"—discloses layer-2 auto-configuration of real-time Ethernet networks (Abstract).

Perkinson (US 8,402,120 B1)—Perkinson discloses utilizing the LLDP protocol and an LLDP multicast address (Figs. 1, 3A; Col. 9, lines 11-30).

Kinoshita (US 2017/0302621 A1)—Kinoshita discloses utilizing the LLDP protocol and an LLDP multicast address (Fig. 3A; Para. 63, 163).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM (ET).

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





09 March 2022
/Jeremy S Duffield/Primary Examiner, Art Unit 2498