Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/27/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
Drawings filed on 05/08/2020 are accepted.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. - An element in a claim for a combination may be
expressed as a means or step for performing a specified function without the recital of
structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents
thereof.
The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation

a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
 (A) 	the claim limitation uses the term "means" or "step" or a term used as a substitute for "means" that is a generic placeholder (also called a nonce term or a nonstructural term having no specific structural meaning) for performing the claimed
function;
(B) 	the term "means" or "step" or the generic placeholder is modified by functional
language, typically, but not always linked by the transition word "for" (e.g., "means for'') or another linking word or phrase, such as "configured to" or "so that"; and
(C) 	the term "means" or "step" or the generic placeholder is not modified by sufficient
structure, material, or acts for performing the claimed function.
Use of the word "means" (or "step") in a claim with functional language creates a
rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim

Claim limitations in this application that use the word "means" (or "step") are
being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word "means" (or "step") are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.
Such claim limitation(s) is/are:
"processing device is configured to execute", in Claim 1 line 6 (see MPEP 2181 I A)
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C.112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

It should be noted that independent claim 1 refers to "processing device is configured to execute". It becomes difficult as an Examiner to clearly understand the definition and meaning of these limitations as the phrase "processing device" is a generic placeholder and term. The Specification state on Par. (0048) " As illustrated in FIG. 1, the CGA authorization computing system 101 may be a networked server, routing device, or other type of computing system within the network environment which performs the CGA authorization processes (e.g., network traffic monitoring, setting network data requirements, performing hash verifications, and the like) as described elsewhere herein. Accordingly, the CGA authorization computing system 101 may comprise a processing device 114 operatively coupled to a communication device 112 and a memory device 116 having data storage 118 and computer readable instructions 120 stored thereon. As used herein, the term "processing device" generally includes circuitry used for implementing the communication and/or logic functions of the particular system. For example, a processing device may include a digital signal processor device, a microprocessor device, and various analog-to-digital converters, digital-to-analog converters, and other support circuits and/or combinations of the foregoing. Control and signal processing functions of the system are allocated between these processing devices according to their respective capabilities. The processing device may include functionality to operate one or more software programs based on computer-readable instructions thereof, which may be stored in a memory device.".


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale,
or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) (1, 2, 6, 8, 9, 13, 14, 15, 18 and 19) is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by THUBERT et al. (US- 20080304457-A1, hereinafter referred to as " THUBERT ")

Regarding claim 1, THUBERT teaches A system for generating and signing cryptographically generated addresses ("CGA") using computing network traffic, the system comprising:
a memory device with computer-readable program code stored thereon (THUBERT, (par. [0027]) “FIG. 4 illustrates an example method between the mobile IPv6 node 12 and the home agent 16 of generating a secure IPv6 home address 32 for use by the mobile IPv6 node 12, according to an example embodiment. The steps described in FIG. 4 can be implemented as executable code stored on a computer readable medium (e.g., floppy disk, hard disk, EEPROM, CD-ROM, etc.) that are completed based on execution of the code by a processor”);
a communication device (THUBERT, (par. [0020]) “The home agent 16 includes an IPv6 interface circuit 32); and
a processing device operatively coupled to the memory device and the communication device (THUBERT, (par. [0020]) “The home agent 16 includes an IPv6 interface circuit 32, a mobile IPv6 home agent circuit 34, and a memory circuit 36. The IPv6 interface circuit 32 is configured for sending and receiving advertisement messages.”, wherein the processing device is configured to execute the computer-readable program code to (THUBERT, (par. [0027]) “The steps described in FIG. 4 can be implemented as executable code stored on a computer readable medium (e.g., floppy disk, hard disk, EEPROM, CD-ROM, etc.) that are completed based on execution of the code by a processor”):
implement one or more network data rules for a network (THUBERT, (par. [0010]) “method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node”, Examiner interpret the rule as the request from the network node should  include a selected subset of parameters in order to receive a secure IPv6 address);
continuously collect network data by monitoring network traffic according to the one or more network data rules (THUBERT, (par. [0012]) “the home agent of the mobile IPv6 node, acting as a proxy on behalf of the mobile IPv6 node, can generate the secure IPv6 home address for the mobile IPv6 node according to the CGA algorithm”, Examiner interpret proxy as a firewall or a filter which it job to monitor the traffic and apply rules), (THUBERT, (par. [0020], FIG. 2) “FIG. 2 illustrates an example home agent 16, according to an example embodiment. The home agent 16 includes an IPv6 interface circuit 32, a mobile IPv6 home agent circuit 34, and a memory circuit 36. The IPv6 interface circuit 32 is configured for sending and receiving advertisement messages (e.g., neighbor solicitation messages, neighbor advertisement messages, router advertisement messages) according to the secure neighbor discovery protocol (as specified in RFC 3971) on a local link 18, as well as any data traffic, for example in the case of a data packet destined for a local IPv6 node 38 that is attached to the local link 18. The IPv6 interface circuit 32 also is configured for receiving the binding update message 14 from the mobile node via an egress link 40 supplied by an access router within the wide area network 26. As described below, the IPv6 interface circuit also is configured for outputting the binding acknowledgment messages 32 onto the egress link 40 for delivery to the mobile node 12 via the globally-reachable care of address specified in the binding update message 14”);
detect that a computing device on the network has generated a CGA associated with the computing device (THUBERT, (par. [0010]) “a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node”), wherein the CGA comprises a public key associated with the computing device (THUBERT, (par. [0010]) “a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node”); 
based on the network data and the public key associated with the computing device, compute a CGA validation output (THUBERT, (par. [0010]) “ a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node”), (THUBERT, (par. [0021]) “The CGA generator circuit 44 is configured for generating the CGA address 30 on behalf of the mobile node 12 in response to receiving the CGA request 28, and based on the public key 64 supplied in the binding update message 14. The authentication circuit 46 is configured for validating any received CGA addresses, any CGA signatures, or any RSA signature”); and 
validate the CGA associated with the computing device using the CGA validation output (THUBERT, (par. [0021]) “The CGA generator circuit 44 is configured for generating the CGA address 30 on behalf of the mobile node 12 in response to receiving the CGA request 28, and based on the public key 64 supplied in the binding update message 14. The authentication circuit 46 is configured for validating any received CGA addresses, any CGA signatures, or any RSA signature”).

Regarding claim 2, THUBERT teaches the system according to claim 1, wherein validating the CGA associated with the computing device comprises:
detecting a match between the CGA associated with the computing device and the CGA validation output 
(THUBERT, (par. [0018]) “The home agent 16, in response to receiving the binding update message 14, can dynamically generate the CGA 30 based on dynamically generating a required random number using the public key supplied by the mobile node 12, and sending the CGA 30 back to the mobile node 12 via the wide area network in a binding acknowledgment message 32”,  Examiner interpret the process of sending the CGA 30 back to the mobile node as a result for matching process); and
based on detecting the match, determining that the computing device is an authorized device (par. [0021]) “The CGA generator circuit 44 is configured for generating the CGA address 30 on behalf of the mobile node 12 in response to receiving the CGA request 28, and based on the public key 64 supplied in the binding update message 14. The authentication circuit 46 is configured for validating any received CGA addresses, any CGA signatures, or any RSA signature”, Examiner interpret the process of “generating the CGA address 30 on behalf of the mobile node 12” would not happened without detecting a match between the CGA associated with the computing device and the CGA validation output).

Regarding claim 6, THUBERT teaches system according to claim 1, wherein monitoring network traffic comprises detecting Internet Control Message Protocol version 6 ("ICMPv6") messages (THUBERT, (par. [0012], FIG. 2, 3) “an apparatus comprises an IPv6 interface circuit configured for receiving a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure”, Examiner interpret availability of interface IPv6 at both the home agent and mobile node is ability to use ICMPv6, check FIG. 2 and 3), wherein the one or more network data rules comprise a rule to monitor a first type of network traffic over a first time period (THUBERT, (par. [0010]) “method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node”, Examiner interpret the first time period as the period without time restrictions).

Claim 8 recite a computer program product for generating and signing cryptographically generated addresses ("CGA") using computing network traffic, the computer program product comprising at least one non-transitory computer readable medium having computer-readable program code portions embodied with similar limitation to claim 1, therefore claim 8 rejected with same rational as claim 1.


Claim 9 recite computer program product with similar limitation to claim 2, therefore claim 9 rejected with same rational as claim 2.

Claim 13 recite computer program product with similar limitation to claim 6, therefore claim 13 rejected with same rational as claim 6.

Claim 14 recite a computer-implemented method with similar limitation to claim 1, therefore claim 14 rejected with same rational as claim 1.

Claim 15 recite a computer-implemented method with similar limitation to claim 2, therefore claim 15 rejected with same rational as claim 2.

Claim 18 recite a computer-implemented method with similar limitation to claim 5, therefore claim 18 rejected with same rational as claim 5.

Claim 19 recite a computer-implemented method with similar limitation to claim 6, therefore claim 19 rejected with same rational as claim 6.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35
U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any
correction of the statutory basis for the rejection will not be considered a new ground of

the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.




Claims 3, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over THUBERT et al. (US- 20080304457-A1, hereinafter referred to as " THUBERT ") in view of SHEN et al. (US-20110099370-A1, hereinafter referred to as “SHEN”).

Regarding claim 3, THUBERT teaches the system according to claim 1.
However, THUBERT does not clearly teach wherein validating the CGA associated with the computing device comprises:
detecting a mismatch between the CGA associated with the computing device and the CGA validation output;
based on detecting the mismatch, determining that the computing device is an unauthorized device; and
in response to determining that the computing device is an unauthorized device, executing one or more remediation processes.
Wherein SHEN teaches wherein validating the CGA associated with the computing device comprises:
  (SHEN, (par. [0050])) “After obtaining the public key and CGA parameters of the DHCP message sender, the DHCP message receiver obtains a result by using a second chaotic algorithm based on the public key and CGA parameters of the DHCP message sender, and compares the obtained result with the CGA.”, (par. [0050]) “When the obtained result is not the same as the CGA, it indicates that the sender of the CGA is not the owner of the CGA. Therefore, the verification of the CGA fails.”).
based on detecting the mismatch, determining that the computing device is an unauthorized device (SHEN, (par. [0050]) “When the obtained result is not the same as the CGA, it indicates that the sender of the CGA is not the owner of the CGA. Therefore, the verification of the CGA fails.”, (par. [0053])) “When the verification of the signature fails, the DHCP message receiver does not process the DHCP message. Alternatively, the DHCP message receiver may also generate a log file or an alarm by using the information about the failure of the verification of the signature.”, Examiner interpret DHCP message receiver does not process the DHCP message as it considers the computing device is not part of the network due to un assigned IP address to the computing device which mean it treated as unauthorized device); and
in response to determining that the computing device is an unauthorized device, executing one or more remediation processes (SHEN, (par. [0080], FIG. 1106) “the apparatus includes an alarming unit 1106, which is configured to generate an alarm when either verification of the CGA or verification of the signature fails.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified THUBERT to incorporate the teaching of SHEN to utilize the above feature, with the motivation of enhancing the security by using CGA parameters, public key information for verification which can prevent all contents of the DHCP message from being maliciously tampered, as recognized by (SHEN [0048]).

Claim 10 recite a computer program product with similar limitation to claim 3, therefore claim 10 rejected with same rational as claim 3.
Same motivation statement as claim 3

Claim 16 recite the computer-implemented method with similar limitation to claim 3, therefore claim 16 rejected with same rational as claim 3.
Same motivation statement as claim 3


Claims 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over THUBERT et al. (US- 20080304457-A1, hereinafter referred to as " THUBERT ") in view of SHEN et al. (US-20110099370-A1, hereinafter referred to as “SHEN”) and further view of JONES et al. (US- 20200145824-A1, hereinafter referred to as “JONES”)

Regarding claim 4, the combination of (THUBERT-SHEN) teaches the system according to claim 3.
However, the combination of (THUBERT-SHEN) does not clearly teach wherein the one or more remediation processes comprises automatically removing and blocking the computing device from the network.
Wherein JONES teaches wherein the one or more remediation processes comprises automatically removing and blocking the computing device from the network. (JONES, (par. [0069]) “the computing device 308 may automatically block, throttle, and/or remove the device from the wireless network 309 or any secure/DMZ network to which the device attempted to connect and/or previously belonged.”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified (THUBERT-SHEN) to incorporate the teaching of JONES to utilize the above feature, with the motivation of increasing the security by identifying the abnormal behavior through monitor the data rate, data types, data volume, active times, or to/from addresses associated with a device, as recognized by (JONES [0069]).

Claim 11 recite a computer program product with similar limitation to claim 4, therefore claim 11 rejected with same rational as claim 4.
Same motivation statement as claim 4

Claim 17 recite the computer-implemented method with similar limitation to claim 4, therefore claim 17 rejected with same rational as claim 4.
Same motivation statement as claim 4


Claim 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over
THUBERT et al. (US- 20080304457-A1, hereinafter referred to as " THUBERT ") in view of Aura (T. Aura, Microsoft Research: "Cryptographically Generated Addresses (CGA)"
March 2005).
AURA teaches wherein computing the validation CGA output comprises:
generating a hash of the network data using a hash algorithm (Extension Fields, Page 6 “When Hash1 is computed, the input to the SHA-1 algorithm is the CGA Parameters data structure.”); and
using at least a portion of the hash of the network data and the public key associated with the computing device as inputs to a CGA algorithm (CGA Generation, Section 4, Page 6, “The process of generating a new CGA takes three input values: a 64-bit subnet prefix, the public key of the address owner as a DER-encoded ASN.1”). 
would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified THUBERT to incorporate the teaching of AURA to utilize the above feature, with the motivation of enhancing the security and avoid brute-force attacks, as recognized by (AURA [CGA Format, Section 2, Page 3]).

Claim 12 recite computer program product with similar limitation to claim 5, therefore claim 12 rejected with same rational as claim 5.
Same motivation statement as claim 5


Claim 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over
THUBERT et al. (US- 20080304457-A1, hereinafter referred to as " THUBERT ") in view of SALMAN et al. (US-20200177638-A1, hereinafter referred to as “SALMAN”).

	Regarding claim 7, THUBERT teaches the system according to claim 6, wherein the first type of network traffic comprises ICMPv6 Type 133 messages (THUBERT, (par. [0022]) “The neighbor cache 50 is configured for storing, for each received router advertisement message or neighbor advertisement message, a corresponding link local address 54 and the corresponding link layer (MAC) address 56 based on the received advertisement message, described in further detail in RFC 2461. The binding cache 48 is configured for storing the reachability of mobile IPv6 nodes 12, for example that the home address 30 assigned to the mobile node 12 is reachable via its corresponding specified care of address 58.”, Examiner interpret using RFC 2461 for advertisement message same as using ICMPv6 Type 133 message).
	However, THUBERT does not clearly teach wherein the first time period is 120 seconds.
Wherein SALMAN teaches wherein the first time period is 120 seconds (SALMAN, (par. [0024]) “A network traffic data collector may monitor actual network traffic over the permitted connections. Using the existing security rules and the monitored traffic, an enhanced security rule may be generated that that is configured to reduce data traffic over at least one of the permitted”, (par. [0060]) “Network traffic data controller 310 may monitor network data traffic in terms volume (e.g., the actual amount of incoming/outgoing data, such as in bytes, kilobytes, megabytes, etc.) and/or frequency (how often data is transmitted over each communication path). As described above, network traffic data controller 310 may monitor network data traffic over a time period. For instance, the time period may comprise any period of time that is representative of ordinary network usage, such as one day, one week, one month, etc., or any other predetermined time period.”, Examiner interpret “predetermined time period” as any time value that can set by user/admin which could be 120 seconds). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified THUBERT to incorporate the teaching of SALMAN to utilize the above feature, with the motivation of enhancing the security rules through generate a map based on the security rules and the network traffic data for a certain connection, as recognized by (SALMAN [0061]).

Claim 20 recite a computer-implemented method with similar limitation to claim 7, therefore claim 20 rejected with same rational and motivation statement as claim 7.
Same motivation statement as claim 7



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure. DROMS et al. (US-20080263353-A1, DROMS referred to as " DROMS”) suggests (TORMAN, (par. [0021]) “each router can dynamically generate the suffix for its autoconfigured delegated IPv6 address prefix based on generating a cryptographically-generated address (CGA) as described in RFC 3972, and obtaining the suffix based on retrieving a prescribed number of ending bits from the cryptographically-generated address.”)
Any inquiry concerning this communication or earlier communications from the
examiner should be directed to AHMED HUMADI whose telephone number is (571)272-2066.
The examiner can normally be reached (7:30 am - 4:00 pm) Monday to Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using
a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is
encouraged to use the USPTO Automated Interview Request (AIR) at
http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw, can be reached on (571) 272-3867. The fax phone number for the
organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be
obtained from Patent Center. Unpublished application information in Patent Center is available
to registered users. To file and manage patent submissions in Patent Center, visit:
https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more
information about Patent Center and https://www.uspto.gov/patents/docx for information about
filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC)
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service
Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELENI A SHIFERAW/            Supervisory Patent Examiner, Art Unit 2497