Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is in response to application filed 05/31/2022.
Claims 1-21 are pending in this application.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/31/2022 has been entered.

 Response to Arguments
Applicant’s arguments with respect to claim(s) 05/31/2022 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Objections
Claim 20 is objected to because of the following informalities:  The claim recites “…an untrusted device list; or.” in line 11 of the claim.  Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 3-4, 8, 10, 15-17, 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman et al. (US 10,873,587 B2) in view of Ravinutala et al. (US 2016/0381015 A1).
Regarding claim 1, Kuperman discloses a computer-implemented method comprising:
selecting a position in the unique encryption code (column 12, 18-40:  The SDK 215 may include a hash function and/or encryption function to better secure the token against abuse. For example, in one embodiment, the SDK 215 includes a hash function to generate a hash of the UID and/or timestamp. Examples of hashing functions include, but are not limited to SHA256 or MD5. The hash may be truncated. In one example, a SHA256 hashing function outputs a 65-character hash based on the inputs, which may include the UID and timestamp. In turn, the first 20 characters may be selected to truncate the hash); 
identifying a corresponding set of values at that position in the unique encryption code (column 12, 18-40:  The hash may be truncated in a variety of ways, for example, the first X many characters of the hash may be selected, the last X many characters selected, every other character, or character selection based on a truncating function to select X many characters or even a variable number of characters. In one example, a SHA256 hashing function outputs a 65-character hash based on the inputs, which may include the UID and timestamp. In turn, the first 20 characters may be selected to truncate the hash); and 
generating a message that includes the position in the unique encryption code and the corresponding set of values at that position in the unique encryption code for use for a receiver of the packet to verify a sender of the message (column 13, 13-19:  the proxy 205 receives API requests from clients 101, 105. When the proxy 205 receives an API request (e.g., over HTTP) from a client, 101, 105, the authenticator 210 inspects the received API request. For example, the authenticator 210 checks a header of the received API request for any token and checks for an IP address associated with the client from which the API request was received. Claim 1:  verifying a truncated hash attribute of the token generated by the client device matches a truncated hash generated by the proxy from one or more of the attributes of the token, wherein the hash attribute is truncated based upon a character selection of the hash attribute).
However, Kuperman does not disclose generating a unique encryption code using an encryption module having an encryption type and at least one of a secret key and a secret text.
In an analogous art, Ravinutala discloses generating a unique encryption code using an encryption module having an encryption type and at least one of a secret key and a secret text ([0025]:  the authentication type field 304 of the authentication request 412 may include a predetermined value indicating what type of authentication is requested by the source network device (e.g. the network device 402). Exemplary types of authentication may include clear text, a cryptographic hash (e.g., MD5, secure hash algorithm (SHA)), a symmetric encryption (e.g., data encryption standard (DES), advanced encryption standard (AES)), or an asymmetric encryption. If the authentication type is clear text, in one non-limiting embodiment, the authentication field 306 may include a request for example, a request for password, a pre-configured security question, a request for an authentication key, etc. In another embodiment, if the authentication type is clear text and only the password (or authentication key) is requested, the authentication field 306 may be undefined (e.g., the content of this field need not to be examined by the recipient)).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman to comprise “generating a unique encryption code using an encryption module having an encryption type and at least one of a secret key and a secret text” taught by Ravinutala.
One of ordinary skilled in the art would have been motivated because it would have enabled to authenticate a network device as peer VTEP in a VXLAN environment (Ravinutala, [0014]).  

Regarding claim 3, Kuperman-Ravinutala discloses the computer-implemented method of Claim 1 wherein the step of generating a unique encryption code using an encryption module having an encryption type and at least one of a secret key and a secret text further comprises: combining additional data with the secret text as an input when generating the unique encryption code (Ravinutala, [0028]:  the source IP address or other identifying information (e.g., MAC address) of an authentication packet originator may be used as part of the input for the hash function or encryption algorithms (e.g., a password or an authentication key may be concatenated with the source IP/MAC address and the concatenation being used for hash/encryption). The same rationale applies as in claim 1.

Regarding claim 4, Kuperman-Ravinutala discloses the computer-implemented method of Claim 3 wherein the additional data comprises the Media Access Control of the sender of the message (Ravinutala, [0028]:  MAC address of the packet originator).  The same rationale applies as in claim 3.

Regarding claim 8, Kuperman discloses a computer-implemented method comprising: receiving at a receiving device a message sent from a sending device (claim 1, column 13, 13-19:  the proxy 205 receives API requests from clients 101, 105. When the proxy 205 receives an API request (e.g., over HTTP) from a client, 101, 105, the authenticator 210 inspects the received API request. For example, the authenticator 210 checks a header of the received API request for any token and checks for an IP address associated with the client from which the API request was received);
responsive to the receiving device identifying an indicator in a message that indicates enhanced verification (claim 1, column 13, 13-19: the authenticator 210 inspects the received API request. For example, the authenticator 210 checks a header of the received API request for any token and checks for an IP address associated with the client from which the API request was received), performing steps comprising: identifying in the message a position and a corresponding set of values that should exist at that position in a unique encryption code; and responsive to determining that the values at the same position in the unique encryption code match the corresponding set of values in the message [verified device] (claim 1, column 13, 13-19:  determining, in response to the API request including the token and the IP address, whether an existing verified IP address-token pair matches the IP address and the token combination associated with the API request…verifying a truncated hash attribute of the token generated by the client device matches a truncated hash generated by the proxy from one or more of the attributes of the token, wherein the hash attribute is truncated based upon a character selection of the hash attribute).
However, Kuperman does not disclose generating the unique encryption code using an encryption module having an encryption type and at least a secret key and a secret text, wherein the sending device and the receiving device each has access to an encryption module having the encryption type and each knows the at least one of the secret key and the secret text; [in response the unique encryption code match],adding a MAC address of the sending device that generated the message to a networking table as a verified device for which data traffic may be sent to, received from, or both.  
In an analogous art, Ravinutala discloses generating the unique encryption code using an encryption module having an encryption type and at least a secret key and a secret text, wherein the sending device and the receiving device each has access to an encryption module having the encryption type and each knows the at least one of the secret key and the secret text ([0025], [0027]:  he authentication type field 304 of the authentication request 412 may include a predetermined value indicating what type of authentication is requested by the source network device (e.g. the network device 402). Exemplary types of authentication may include clear text, a cryptographic hash (e.g., MD5, secure hash algorithm (SHA)), a symmetric encryption (e.g., data encryption standard (DES), advanced encryption standard (AES)), or an asymmetric encryption. If the authentication type is clear text, in one non-limiting embodiment, the authentication field 306 may include a request for example, a request for password, a pre-configured security question, a request for an authentication key, etc. In another embodiment, if the authentication type is clear text and only the password (or authentication key) is requested, the authentication field 306 may be undefined (e.g., the content of this field need not to be examined by the recipient.  If the authentication type is encryption, the authentication value may be an encryption result. For example, the encryption result may be obtained by applying a pre-configured encryption algorithm to the response to the challenge. In one embodiment, the encryption result may be an encryption result of a password, an answer to the security question, or an authentication key); [in response the unique encryption code match], adding a MAC address of the sending device that generated the message to a networking table as a verified device for which data traffic may be sent to, received from, or both ([0027]: the network device 402 may determine that the authentication response 416 is satisfactory only when the authentication value matches what is expected, regardless of whether it is clear text, hash or encryption. Once the authentication response 416 is successfully checked, the network device 404 may be authenticated as a peer VTEP and the route indicated in the route update packet 408 may be accepted. In the embodiment that the peer table is used, the status of the network device 404 may be updated to authentication success in the peer table.  [0044]: If the security check passes, the peer status may be updated to authentication success at 916 and the peer VTEP may be installed as a trusted peer VTEP and its route (e.g., IP address, MAC/MAC-IP, etc.)
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman to comprise “generating the unique encryption code using an encryption module having an encryption type and at least a secret key and a secret text, wherein the sending device and the receiving device each has access to an encryption module having the encryption type and each knows the at least one of the secret key and the secret text; [in response the unique encryption code match] adding a MAC address of the sending device that generated the message to a networking table as a verified device for which data traffic may be sent to, received from, or both” taught by Ravinutala.
One of ordinary skilled in the art would have been motivated because it would have enabled to authenticate a network device as peer VTEP in a VXLAN environment (Ravinutala, [0014]).  

Regarding claim 10, Kuperman-Ravinutala discloses the computer-implemented method of Claim 8 wherein the indicator is a bit in a header of the message and the position and the corresponding set of values is also in a header of the (Kuperman, column 13, 17-31:  the authenticator 210 checks a header of the received API request for any token and checks for an IP address associated with the client from which the API request was received. Claim 1:  verifying a truncated hash attribute of the token generated by the client device matches a truncated hash generated by the proxy from one or more of the attributes of the token, wherein the hash attribute is truncated based upon a character selection of the hash attribute).  

Regarding claim 15; the claim is interpreted and rejected for the same reason as set forth in claim 1.

Regarding claim 16; the claim is interpreted and rejected for the same reason as set forth in claim 3.

Regarding claim 17; the claim is interpreted and rejected for the same reason as set forth in claim 4.

Regarding claim 21, Kuperman-Ravinutala discloses the computer-implemented method of Claim 8 wherein the position is a byte position in the unique encryption code and the corresponding set of values are the values at that byte position in the unique encryption code (Kuperman, column 12, 29-38:  The hash may be truncated in a variety of ways, for example, the first X many characters of the hash may be selected, the last X many characters selected, every other character, or character selection based on a truncating function to select X many characters or even a variable number of characters. In one example, a SHA256 hashing function outputs a 65-character hash based on the inputs, which may include the UID and timestamp. In turn, the first 20 characters may be selected to truncate the hash).

Claims 5-6, 13-14, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of Ravinutala, as applied to claim 1, in further view of Fishman et al. (US 2004/0139028 A1).
Regarding claim 5, Kuperman-Ravinutala discloses the computer-implemented method of Claim 1. Ravinutala discloses generating the second unique encryption code using at least the secret key, the secret text, and the encryption module having the encryption type ([0025]:  he authentication type field 304 of the authentication request 412 may include a predetermined value indicating what type of authentication is requested by the source network device (e.g. the network device 402). Exemplary types of authentication may include clear text, a cryptographic hash (e.g., MD5, secure hash algorithm (SHA)), a symmetric encryption (e.g., data encryption standard (DES), advanced encryption standard (AES)), or an asymmetric encryption. If the authentication type is clear text, in one non-limiting embodiment, the authentication field 306 may include a request for example, a request for password, a pre-configured security question, a request for an authentication key, etc. In another embodiment, if the authentication type is clear text and only the password (or authentication key) is requested, the authentication field 306 may be undefined (e.g., the content of this field need not to be examined by the recipient)).
However, Kuperman-Ravinutala does not discloses further comprising the steps of: responsive to receiving a reply message, identifying in the reply message a position and a corresponding set of values in a second unique encryption code; and determining whether the values at the same position in the second unique encryption code match the corresponding set of values in the reply message.
In an analogous art, Fishman discloses further comprising the steps of: responsive to receiving a reply message, identifying in the reply message a position and a corresponding set of values in a second unique encryption code ([0030]:  Upon receiving the acknowledgement and key values, the client 10 reads the CD card 11 or other physical storage media and retrieves the data specified by the server 30. The data is retrieved beginning at the key offset, shown by the arrow in information block 402, pointing to the first character of the third row, "O". In a preferred embodiment, a string is selected by reading from the CD card 11 until "key length" (of at least 512) bytes have been accumulated. This is depicted as the 16-character string 403, "OP90127823840UOU". The string is shifted a "key shift" number of bytes); and determining whether the values at the same position in the second unique encryption code match the corresponding set of values in the reply message ([0032]:  this first key or token is sent 110 by a client-side application to authentication server 30 for matching in step 310. Upon a match of the first key, as represented as a match of keys 408 and 408', the process is repeated in reverse with the authentication server 30 creating a second one-use token or key 409' by applying the SHA-1 algorithm to the lower half 406' of the randomly selected and shifted information from the CD card image in data base 31 concatenated with the user's password 407'. (This process is optional; while enhancing the strength of the authentication, a single one-use token, such as represented in FIG. 1 by token 13, may be used.) The authentication server 30 sends 311 the second one-use 160-bit key back to the client 10 for matching 111. The client will have generated an identical key (represented by 409) and will attempt a match. If both sets of keys match, the user is authenticated).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala to comprise “further comprising the steps of: responsive to receiving a reply message, identifying in the reply message a position and a corresponding set of values in a second unique encryption code; and determining whether the values at the same position in the second unique encryption code match the corresponding set of values in the reply message” taught by Fishman.
One of ordinary skilled in the art would have been motivated because it would have enabled to authenticate the user to allow access to secure facilities (Fishman, [0011]).  

Regarding claim 6, Kuperman-Ravinutala-Fishman discloses the computer-implemented method of Claim 5 further comprising the steps of: responsive to determining that the values at the same position in the second unique encryption code match the corresponding set of values in the reply message, adding a MAC address of a remote device that generated the reply message to a networking table as a verified device (Ravinutala, [0027]: the network device 402 may determine that the authentication response 416 is satisfactory only when the authentication value matches what is expected, regardless of whether it is clear text, hash or encryption. Once the authentication response 416 is successfully checked, the network device 404 may be authenticated as a peer VTEP and the route indicated in the route update packet 408 may be accepted. In the embodiment that the peer table is used, the status of the network device 404 may be updated to authentication success in the peer table.  [0044]: If the security check passes, the peer status may be updated to authentication success at 916 and the peer VTEP may be installed as a trusted peer VTEP and its route (e.g., IP address, MAC/MAC-IP, etc.).  The same rationale applies as in claim 5.
Regarding claims 13 and 18; the claim is interpreted and rejected for the same reason as set forth in claim 5.

Regarding claim 14, Kuperman-Ravinutala-Fishman discloses the computer-implemented method of Claim 13 wherein the step of generating a second unique encryption code using at least the secret key, the secret text, and the encryption module having an encryption type comprises: combining additional data with the secret text as an input when generating the second unique encryption code (Ravinutala, [0028]:  the source IP address or other identifying information (e.g., MAC address) of an authentication packet originator may be used as part of the input for the hash function or encryption algorithms (e.g., a password or an authentication key may be concatenated with the source IP/MAC address and the concatenation being used for hash/encryption). The same rationale applies as in claim 8.

Regarding claim 19; the claim is interpreted and rejected for the same reason as set forth in claim 6.

Claims 2, 9, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of Ravinutala, as applied to claim 1, in further view of Jain et al. (US 2017/0033924 A1).
Regarding claim 2, Kuperman-Ravinutala discloses the computer-implemented method of Claim 1, wherein the sender is a VTEP device (Ravinutala, [0017]:  VTEP 102(1) encapsulates the Ethernet frame with a VxLAN encapsulation including VNI 10, and forwards the resulting encapsulated Ethernet packet as a VxLAN-encapsulated packet (VxLAN packet) to VTEP 100(2) over network 106).
However, Kuperman-Ravinutala does not discloses wherein the message is an Address Resolution Protocol message.
In an analogous art, Jain discloses wherein the message is an Address Resolution Protocol message ([0047], [0055]:  the process performs ARP in order to receive the necessary address resolution information from the controller. Such information in some embodiments includes the VNI, the MAC address, and/or the VTEP of next hop).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala to comprise “wherein the message is an Address Resolution Protocol message” taught by Jain.
One of ordinary skilled in the art would have been motivated because it would have enabled a host machine to obtain the key of a L4 connection from a controller of the datacenter when performing ARP operations for destination IP address (Jain, [0047]).  

Regarding claim 9, Kuperman-Ravinutala discloses the computer-implemented method of Claim 8 wherein the sending device and the receiving device are VTEP devices (Ravinutala, [0016]:  Network environment 100 includes VTEPs 102(1)-102(3) (also referred to as VTEP-1-VTEP-3, respectively) each connected to a communication network 106 through respective routers 104(1)-104(3)).  
However, Kuperman-Ravinutala does not disclose wherein the message is an Address Resolution Protocol message.
In an analogous art, Jain discloses wherein the message is an Address Resolution Protocol message ([0047], [0055]:  the process performs ARP in order to receive the necessary address resolution information from the controller. Such information in some embodiments includes the VNI, the MAC address, and/or the VTEP of next hop).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala to comprise “wherein the message is an Address Resolution Protocol message” taught by Jain.
One of ordinary skilled in the art would have been motivated because it would have enabled a host machine to obtain the key of a L4 connection from a controller of the datacenter when performing ARP operations for destination IP address (Jain, [0047]).  

Regarding claim 11, Kuperman-Ravinutala-Jain discloses the computer-implemented method of Claim 9 wherein the step of generating the unique encryption code using an encryption module having an encryption type and at least a secret key and a secret text comprises: Customer No. 8297623DC-118564.01 (20110-2386)PATENTcombining additional data with the secret text as an input when generating the unique encryption code, in which the additional data that is combined with the secret text is known according to a rule known to the sending device and the receiving device (Ravinutala, [0028]:  the source IP address or other identifying information (e.g., MAC address) of an authentication packet originator may be used as part of the input for the hash function or encryption algorithms (e.g., a password or an authentication key may be concatenated with the source IP/MAC address and the concatenation being used for hash/encryption.  [0033], [0044]:  Once the authentication packet 504 is successfully checked, the network device 404 may be authenticated as a peer VTEP and the route indicated in the route update packet 408 may be accepted.  The peer VTEP may be installed as a trusted peer VTEP and its route (e.g., IP address, MAC/MAC-IP, etc.) may be accepted (e.g. rule).  The same rationale applies as in claim 1.  

Claims 7, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of Ravinutala, as applied in claim 1, in further view of Ocepek et al. (US 2004/0054926 A1).
Regarding claim 7, Kuperman-Ravinutala discloses the computer-implemented method of Claim 1, further comprising the steps of: responsive to determining that the values at the same position in the second unique encryption code do not match the corresponding set of values in the reply message: not adding a MAC address of a remote device that generated the reply message to a networking table as a verified device (Ravinutala, [0041],[0044]: If the second network device is authenticated, it may be established as a trusted peer VTEP. If, however, the second network device fails the authentication, it may be treated as a rogue VTEP. If the security check fails, the peer status may be updated to authentication failed at 918 and the peer VTEP may be deleted from a peer table and its route (e.g., IP address, MAC/MAC-IP, etc.) may be rejected).
However, Kuperman-Ravinutala does not disclose adding the MAC address of the remote device to a blocked list or an untrusted device list; or both.
In an analogous art, Ocepek discloses adding the MAC address of the remote device to a blocked list or an untrusted device list; or both ([0059], [0079]:  each blocked client device 24-B.sub.1-l in blocked client list 152 is identified by IP address 168 and MAC address 170.  Upon receipt of the corresponding ARP reply via network interface driver 132, access blocking routine 122 determines whether the client device 24 at the queried IP address responds with the same MAC address as the blocked client MAC address 170 found in blocked client list 152).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala to comprise “adding the MAC address of the remote device to a blocked list or an untrusted device list; or both” taught by Ocepek.
One of ordinary skilled in the art would have been motivated because it would have enabled for controlling access by a client device to protected devices on a computer network (Ocepek, [0016]).  

Regarding claim 12, Kuperman-Ravinutala discloses the computer-implemented method of Claim 8, further comprising the steps of: responsive to determining that the values at the same position in the unique encryption code do not match the corresponding set of values in the message: not adding a MAC address of the sending device to a networking table as a verified device (Ravinutala, [0041], [0044]: If the second network device is authenticated, it may be established as a trusted peer VTEP. If, however, the second network device fails the authentication, it may be treated as a rogue VTEP. If the security check fails, the peer status may be updated to authentication failed at 918 and the peer VTEP may be deleted from a peer table and its route (e.g., IP address, MAC/MAC-IP, etc.) may be rejected).
However, Kuperman-Ravinutala does not disclose adding the MAC address of the sending device to a blocked list or an untrusted device list; or both.  
In an analogous art, Ocepek discloses adding the MAC address of the sending device to a blocked list or an untrusted device list; or both ([0059], [0079]:  each blocked client device 24-B.sub.1-l in blocked client list 152 is identified by IP address 168 and MAC address 170.  Upon receipt of the corresponding ARP reply via network interface driver 132, access blocking routine 122 determines whether the client device 24 at the queried IP address responds with the same MAC address as the blocked client MAC address 170 found in blocked client list 152).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala to comprise “adding the MAC address of the sending device to a blocked list or an untrusted device list; or both” taught by Ocepek.
One of ordinary skilled in the art would have been motivated because it would have enabled for controlling access by a client device to protected devices on a computer network (Ocepek, [0016]).  

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kuperman in view of Ravinutala in view of Fishman, as applied in claim 18, in further view of Ocepek et al. (US 2004/0054926 A1).
Regarding claim 20; Kuperman-Ravinutala-Fishman discloses the information handling system of Claim 18 wherein the non-transitory computer- readable medium or media further comprises one or more sets of instructions which, when executed by at least one of the one or more processors, causes steps to be performed comprising: responsive to determining that the values at the same position in the second unique encryption code do not match the corresponding set of values in the reply message: not adding a MAC address of a remote device that generated the reply message to a networking table as a verified device (Ravinutala, [0041],[0044]: If the second network device is authenticated, it may be established as a trusted peer VTEP. If, however, the second network device fails the authentication, it may be treated as a rogue VTEP. If the security check fails, the peer status may be updated to authentication failed at 918 and the peer VTEP may be deleted from a peer table and its route (e.g., IP address, MAC/MAC-IP, etc.) may be rejected).
However, Kuperman-Ravinutala-Fishman does not disclose adding the MAC address of the remote device to a blocked list or an untrusted device list; or
In an analogous art, Ocepek discloses adding the MAC address of the remote device to a blocked list or an untrusted device list; or ([0059], [0079]:  each blocked client device 24-B.sub.1-l in blocked client list 152 is identified by IP address 168 and MAC address 170.  Upon receipt of the corresponding ARP reply via network interface driver 132, access blocking routine 122 determines whether the client device 24 at the queried IP address responds with the same MAC address as the blocked client MAC address 170 found in blocked client list 152).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Kuperman-Ravinutala-Fishman to comprise “adding the MAC address of the remote device to a blocked list or an untrusted device list; or” taught by Ocepek.
One of ordinary skilled in the art would have been motivated because it would have enabled for controlling access by a client device to protected devices on a computer network (Ocepek, [0016]).  



Additional References
	The prior art made of record and not relied upon is considered pertinent to applicants disclosure.
Arakawa et al., US 2003/0021418 A1: Cryptogram Communication System. 
Gao et al., US 2019/0036736 A1: Packet Processing Method, Device, and Packet Processing System.
Larignon, US 11,070,975 B2: Method and Device for Transmitting Encrypted Data Method and Device for Extracting Data.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUAN C TURRIATE GASTULO whose telephone number is (571)272-6707. The examiner can normally be reached Monday - Friday 8 am-4 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian J Gillis can be reached on 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.C.T/Examiner, Art Unit 2446                                                                                                                                                                                                        
/GIL H. LEE/Primary Patent Examiner, Art Unit 2446