Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-6, 8,11-13, 15, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No.: US 2015/0372901 A1 (Pacella) in view of United States Patent No.: US 9,161,227 B1 (Bye et al.).

As Per Claim 1: Pacella teaches An apparatus, comprising:
- one or more processors; and
- one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the apparatus to perform operations comprising:
	(Pacella, Paragraph [0057], “FIG. 6 is a block diagram illustrating exemplary components of a network device 600 that may correspond to one or more of the devices in the previous figures. For example, CEs 230 and/or PEs 240 may be implemented according to the components illustrated Network device 600 may include a processor 610, a switch fabric 620, and physical network interfaces 630-1 through 630-X, in which X>1 (also referred to collectively as physical network interfaces 630 or individually 
	(Pacella, Paragraph [0058], “Processor 610 may include one or more processors, microprocessors, application specific integrated circuits (ASICs), field programming gate arrays (FPGAs), and/or processing logic that may be optimized for networking and communications. Processor 610 may also include one or multiple static memories 615 (e.g. read only memory (ROM)), one or multiple dynamic memories (e.g. random access memory (RAM)), one or multiple onboard caches and/or flash memories for storing data and/or machine-readable instructions.”).

- determining a (
- determining an alternate (
- routing network traffic through the first plurality of network nodes of the (
- detecting a failure in the (
- rerouting the network traffic through the second plurality of network nodes of the alternate (
	(Pacella, Paragraph [0031], “In existing networks, maintenance events occurring on a particular PE 240-x(e.g., PE 240-1) may cause many (e.g., dozens in a typical network) of CEs 230 to lose packets before BFD failure detection declares the interface down. If this loss is within the service level agreement (SLA), similar to transport maintenance events, existing mechanisms may compensate and/or care for the traffic losses. However, such an “intentional” loss event may require customer notification. If the packet loss is not tolerable to the customer/client device and/or change to the process is not desired, 

Though Pacella does briefly mention security (Pacella, Paragraph [0028]), Pacella does not explicitly go in-depth with the path being a
- secure path
However Bye et al. in analogous art does teach the above limitation:
	(Bye et al., Claim 15, “A method of wireless communication enabled by hardware assisted trust, comprising: attaching, via a first enhanced node B, a mobile communication device to a first long term evolution wireless network; performing signaling on behalf of the mobile communication device to establish a trusted bearer communication link path between the mobile communication device and the first long term evolution wireless network via the first enhanced node B, wherein the first enhanced node B comprises a trust zone, wherein the trust zone provides hardware assisted trust; establishing the trusted 
	A secure path in the case of Pacella’s invention something of a common-sense expectation Bye et al teaches an obvious interchangeable variation readily implemented with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention providing details to securing a path of communication.

As Per Claim 8: Claim 8 is substantially a restatement of the apparatus of claim 1 as a method and is rejected under substantially the same reasoning.

As Per Claim 15: Claim 15 is substantially a restatement of the apparatus of claim 1 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

As Per Claim 4: The rejection of claim 1 is incorporated and further Pacella does not explicitly teach the following limitation however Bye et al. in analogous art does teach the following limitation:
- the operations further comprising validating the secure path through the first plurality of network nodes within the network, wherein validating the secure path comprises one of the following: receiving a validation of the secure path from a controller of the network; receiving a validation of the secure path from a PCE of the network; or determining that the secure path is valid based on contents received from a Record Route Object (RRO) of an Resource Reservation Protocol (RSVP) message.
	(Bye et al., Column 1, Lines 34-62, “In an embodiment, a method of wireless communication enabled by hardware assisted trust is disclosed. The method comprises receiving a trust zone request by an enhanced node B from an electronic device attached to a long term evolution (LTE) wireless network and forwarding the trust zone request from the enhanced node B to a home subscription server (HSS), wherein the enhanced node B forwards the trust zone request while executing in a trust zone of the enhanced node B, wherein the trust zone provides hardware assisted trust. The method further comprises receiving a trust zone request acknowledgement by the enhanced node B from the home subscription server while executing in the trust zone of the enhanced node B, forwarding the trust zone request acknowledgement by the enhanced node B to the electronic device, wherein the enhanced node B forwards the trust zone acknowledgement while executing in the trust zone of the enhanced node B, and receiving a trusted service request by the enhanced node B from the electronic device. The method further comprises forwarding the trusted service request by the enhanced node B to a policy control rules function (PCRF) server, wherein the enhanced node B forwards the trusted service request while executing in the trust zone of the enhanced node B, receiving a trusted service request acknowledgement by the enhanced node B from the policy control rules function server while executing in the trust zone of the enhanced node B, and forwarding the trusted service request acknowledgement to the electronic device, whereby the electronic device is provided a trusted bearer communication link.”).

	Bye et al teaches an obvious interchangeable variation readily implemented with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention providing details to securing a path of communication.

As Per Claim 5: The rejection of claim 1 is incorporated and further Pacella teaches:
- detecting the failure in the secure path using single-hop BFD authentication comprises determining that a Platform Configuration Register (PCR) value included in a BFD packet has changed.
	(Pacella, Paragraph [0031], “In existing networks, maintenance events occurring on a particular PE 240-x(e.g., PE 240-1) may cause many (e.g., dozens in a typical network) of CEs 230 to lose packets before BFD failure detection declares the interface down. If this loss is within the service level agreement (SLA), similar to transport maintenance events, existing mechanisms may compensate and/or care for the traffic losses. However, such an “intentional” loss event may require customer notification. If the packet loss is not tolerable to the customer/client device and/or change to the process is not desired, embodiments described herein may utilize the above described control channel wherein PE 240-x(e.g., PE 240-1) may signal one or more “local” CEs 230 (i.e., CEs 230 which are directly connected to PE 240-x via physical interfaces 270, such as, for example, CE 230-1) that a maintenance event is imminent by shutting down the BFD session on the control channel associated with the interconnecting physical channel (e.g., int1 270-1). For example, CE 230-1 which is local to PE 240-1 may detect the closure of the BFD session as a signal for impending maintenance, and adjust the VLANs going to PE 240-1 to avoid packet losses by redirecting traffic to other paths, as long as other paths are available. When this occurs, the “remote” CE devices (e.g., CE 230-2) may detect asymmetric metrics (e.g., based upon pre-defined values) and may perform adjustments on the remote side. The overall effect may emulate an overload so conventional routing algorithms in the appropriate CEs 230 reroute the affected traffic. For example, traffic exchanged between CE 230-1 and CE 230-2 would no longer use PW1 260-1 which relies PE 240-1 and PE 240-3. Instead, CE 230-1 and CE 230-2 may exchange traffic bidirectionally over PW 2 260-2, which relies upon PE 240-2 and PE 240-4 for support.”).
	 BDF where change to the process is not desired.

As Per Claim 6: The rejection of claim 1 is incorporated and further Pacella teaches:
- detecting the failure in the secure path using single-hop BFD authentication comprises determining that a PCR value included in a BFD packet is different than the expected PCR value.
	(Pacella, Paragraph [0031], “In existing networks, maintenance events occurring on a particular PE 240-x(e.g., PE 240-1) may cause many (e.g., dozens in a typical network) of CEs 230 to lose packets before BFD failure detection declares the interface down. If this loss is within the service level agreement (SLA), similar to transport maintenance events, existing mechanisms may compensate and/or care for the traffic losses. However, such an “intentional” loss event may require customer notification. If the packet loss is not tolerable to the customer/client device and/or change to the process is not desired, embodiments described herein may utilize the above described control channel wherein PE 240-x(e.g., PE 240-1) may signal one or more “local” CEs 230 (i.e., CEs 230 which are directly connected to PE 240-x via physical interfaces 270, such as, for example, CE 230-1) that a maintenance event is imminent by shutting down the BFD session on the control channel associated with the interconnecting physical channel (e.g., int1 270-1). For example, CE 230-1 which is local to PE 240-1 may detect the closure of the BFD session as a signal for impending maintenance, and adjust the VLANs going to PE 240-1 to avoid packet losses by redirecting traffic to other paths, as long as other paths are available. When this occurs, the “remote” CE devices (e.g., CE 230-2) may detect asymmetric metrics (e.g., based upon pre-defined values) and may perform adjustments on the remote side. The overall effect may emulate an overload so conventional routing algorithms in the appropriate CEs 230 reroute the affected traffic. For example, traffic exchanged between CE 230-1 and CE 230-2 would no longer use PW1 260-1 which relies PE 240-1 and PE 240-3. Instead, CE 230-1 and CE 230-2 may exchange traffic bidirectionally over PW 2 260-2, which relies upon PE 240-2 and PE 240-4 for support.”).
	 BDF where change to the process is not desired.

As Per Claim 11: The rejection of claim 8 is incorporated and further claim 11 is substantially a restatement of the apparatus of claim 4 as a method and is rejected under substantially the same reasoning.

As Per Claim 12: The rejection of claim 8 is incorporated and further claim 12 is substantially a restatement of the apparatus of claim 5 as a method and is rejected under substantially the same reasoning.

As Per Claim 13: The rejection of claim 8 is incorporated and further claim 13 is substantially a restatement of the apparatus of claim 6 as a method and is rejected under substantially the same reasoning.

As Per Claim 18: The rejection of claim 15 is incorporated and further claim 18 is substantially a restatement of the apparatus of claim 4 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

As Per Claim 19: The rejection of claim 15 is incorporated and further claim 19 is substantially a restatement of the apparatus of claim 5 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

As Per Claim 20: The rejection of claim 15 is incorporated and further claim 20 is substantially a restatement of the apparatus of claim 6 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

Claims 2, 3, 7, 9, 10, 14, 16, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No.: US 2015/0372901 A1 (Pacella) in view of United States Patent No.: US 9,161,227 B1 (Bye et al.) in further view of United States Patent Application Publication No.: US 2008/0170493 A1 (Vasseur).

As Per Claim 2: The rejection of claim 1 is incorporated and further Pacella does not explicitly teach the following limitation however Bye et al. in analogous art does teach the following limitation:

- and a constraint of the set of constraints is associated with a determination that each node of the first plurality of network nodes of the secure path is trustworthy.
	(Bye et al., Claim 15, “A method of wireless communication enabled by hardware assisted trust, comprising: attaching, via a first enhanced node B, a mobile communication device to a first long term evolution wireless network; performing signaling on behalf of the mobile communication device to establish a trusted bearer communication link path between the mobile communication device and the first long term evolution wireless network via the first enhanced node B, wherein the first enhanced node B comprises a trust zone, wherein the trust zone provides hardware assisted trust; establishing the trusted bearer communication path via the first enhanced node B, wherein the trusted bearer communication path comprises a plurality of network elements in signal communication with each other, wherein each network element along the trusted bearer communication path is associated with a corresponding trust zone, wherein, responsive to signaling, each corresponding trust zone along a respective trusted bearer communication path disables execution of at least some components that are outside of each corresponding trust zone, and denies components, that are outside of the trust zone, access to resources 
	Bye et al teaches an obvious interchangeable variation readily implemented with expectations of success to one of ordinary skill in the art before the effective filing date of the claimed invention providing details to securing a path of communication.

Pacella and Bye et al. do not explicitly teach the following limitation however Vasseur in analogous art does teach the following limitation:
- the apparatus is a local device; determining the secure path through the first plurality of network nodes within the network comprises calculating, by the local device, the secure path using constrained shortest path first (CSPF); CSPF uses a set of constraints to calculate the secure path through the first plurality of network nodes within the network; 
	(Vasseur, Paragraph [0020], “Establishment of an MPLS TE-LSP from a head-end LSR to a tail-end LSR involves computation of a path through a network of LSRs. Optimally, the computed path is the "shortest" path, as measured in some metric, that satisfies all relevant LSP Traffic Engineering constraints or "attributes," such as e.g., required bandwidth, "affinities" (administrative constraints to avoid or include certain links), priority, class type, etc. Path computation can either be performed by the head-end LSR or by some other entity operating as a path computation element (PCE) not co-located on the head-end LSR. The head-end LSR (or a PCE) exploits its knowledge of network topology and resources available on each link to perform the path computation according to the LSP Traffic Engineering constraints. Various 
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention readily implemented with expectations of success to incorporate the teachings of Vasseur into the method of Pacella and Bye et al. Vasseur provides specific means of path determination to Pacella use of paths.
 
As Per Claim 3: The rejection of claim 1 is incorporated and further Pacella and Bye et al. do not explicitly teach the following limitation however Vasseur in analogous art does teach the following limitation:
- determining the secure path through the first plurality of network nodes within the network comprises receiving the secure path from a path computation element (PCE).
	(Vasseur, Paragraph [0020], “Establishment of an MPLS TE-LSP from a head-end LSR to a tail-end LSR involves computation of a path through a network of LSRs. Optimally, the computed path is the "shortest" path, as measured in some metric, that satisfies all relevant LSP Traffic Engineering constraints or "attributes," such as e.g., required bandwidth, "affinities" (administrative constraints to avoid or include certain links), priority, class type, etc. Path computation can either be performed by the head-end LSR or by some other entity operating as a path computation element (PCE) not co-located on the head-end LSR. The head-end LSR (or a PCE) exploits its knowledge of network topology and resources available on each link to perform the path computation according to the LSP Traffic Engineering constraints. Various path computation methodologies are available including CSPF (constrained shortest path first). MPLS TE-LSPs can be configured within a single domain, e.g., area, level, or AS, or may also span multiple domains, e.g., areas, levels, or ASes.”).


As Per Claim 7: The rejection of claim 1 is incorporated and further Pacella and Bye et al. do not explicitly teach the following limitation however Vasseur in analogous art does teach the following limitation:
- communicating a path computation request (PCReq) message to a PCE to request a secure path to the PCE.
	(Vasseur, Paragraph [0028], “In accordance with RSVP, to request a data flow (TE-LSP) between a sender (head-end node) and a receiver (tail-end node), the sender may send an RSVP path request (Path) message downstream to the receiver along a path (e.g., a unicast route) to identify the sender and indicate e.g., bandwidth needed to accommodate the data flow, along with other attributes of the TE-LSP. The Path message may contain various information about the data flow including, e.g., traffic characteristics of the data flow, as well as an explicit route object (ERO), indicating a hop-by-hop path over which the message should traverse (or, notably, loose hops, etc., as will be understood by those skilled in the art). Also in accordance with RSVP, a receiver establishes the TE-LSP between the sender and receiver by responding to the sender's Path message with a reservation request (Resv) message. The reservation request message travels upstream hop-by-hop along the path from the receiver to the sender. The reservation request message contains information that is used by intermediate nodes along the path to reserve resources for the data flow between the sender and the receiver, to confirm the attributes of the TE-LSP, and provide a TE-LSP label. If an intermediate node in the path between the sender and receiver acquires a Path message or Resv message for a new or established reservation (TE-LSP) and encounters an error (e.g., insufficient resources, failed network element, etc.), the ”).
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention readily implemented with expectations of success to incorporate the teachings of Vasseur into the method of Pacella and Zgraggen et al. Vasseur provides specific means of path determination to Pacella use of paths.

As Per Claim 9: The rejection of claim 8 is incorporated and further claim 9 is substantially a restatement of the apparatus of claim 2 as a method and is rejected under substantially the same reasoning.

As Per Claim 10: The rejection of claim 8 is incorporated and further claim 10 is substantially a restatement of the apparatus of claim 3 as a method and is rejected under substantially the same reasoning.

As Per Claim 14: The rejection of claim 8 is incorporated and further claim 14 is substantially a restatement of the apparatus of claim 7 as a method and is rejected under substantially the same reasoning.

As Per Claim 16: The rejection of claim 15 is incorporated and further claim 16 is substantially a restatement of the apparatus of claim 2 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

As Per Claim 17: The rejection of claim 15 is incorporated and further claim 17 is substantially a restatement of the apparatus of claim 3 as a computer-readable non-transitory storage media and is rejected under substantially the same reasoning.

Additional Prior Art
United States Patent Application Publication No.: US 2021/0160056 A1 (Yan) teaches another method of trust evaluation for a communication path.
United States Patent Application Publication No.: US 2008/0170493 A1 (Vasseur2) has additional teachings about managing a communication path.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN A KAPLAN whose telephone number is (571)270-3170. The examiner can normally be reached 9:00 a.m. - 5:00 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/BENJAMIN A KAPLAN/Examiner, Art Unit 2434