Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notice of Allowance
This communication is in response to the amendment filed on 03/31/2022. After thorough search, prosecution history, double patenting review, applicant’s remarks and in view of prior arts of the record, claims 1-20 are allowed.

Information Disclosure Statement
The information disclosure statement (IDS)s  submitted on 04/01/2022 comply with the provisions of 37 CFR 1.97. Accordingly, the examiner considers the information disclosure statements.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
With SPE Umar Cheema’s approval, authorization for this examiner’s amendment was given in a telephone interview with Hector Agdeppa (Reg. No. 58,238) on 06/29/2022.

The application has been amended as follows:
1.	(Currently Amended) A method of network device provisioning without Internet access, the method comprising: 
entering a pre-shared key (PSK) in a dynamic host configuration protocol (DHCP) message; 
obtaining the PSK from a set of DHCP message options by an onboarding network device requesting to join a private network; 
presenting the PSK, by the onboarding network device, to a network management system (NMS) of the private network; 
joining the private network pursuant to validating the PSK by the NMS upon validation of the onboarding network device based upon generated hash values corresponding to unique IDs of network devices authorized to join the private network, and
updating an inventory list of the NMS to include the onboarding network device in the inventory list upon the presented PSK matching an NMS -trusted PSK pursuant to a comparison of the presented PSK against a trusted PSK list including the NMS-trusted PSK.
2.	(Currently Amended) The method of claim 1, further comprising comparing, by the NMS, a unique ID of the onboarding network device to a hash file of unique IDs of each network device in the private network to validate the unique ID of the onboarding network device. 
3.	(Original) The method of claim 2, wherein the unique IDs of the network devices are media access control (MAC) addresses.
4.	(Original) The method of claim 2, wherein the hash file contains the hash values corresponding to the unique IDs of each of the network devices in the private network 
5.	(Original) The method of claim 1, wherein the PSK is entered into a vendor-specific field of the DHCP message options. 
6.	(Original) The method of claim 1, wherein the onboarding network device is an Aruba Networks corporation network device.  
7.	(Original) The method of claim 1, wherein NMS parameters are added to vendor-specific options of the DHCP message. 
8.	(Currently Amended) A non-transitory computer-readable medium (CRM) having computer instructions for network device provisioning without Internet access encoded thereon that when executed on a processor cause the processor to:
compare a pre-shared key (PSK) presented by network devices attempting to join a private computer network against a trusted PSK list, the PSK being presented in a dynamic host configuration protocol (DHCP) message, the PSK having been entered in the DHCP message, and having been retrieved from a set of DHCP message options by an onboarding network device requesting to join the private computer network; 
generate hash values corresponding to unique IDs of network devices authorized to join the private computer network;
provide the hash values to a network management system (NMS) of the private computer network; 
compare a unique ID of the onboarding network device against the hash values; and
validate the onboarding network device to join the private computer network. 
9.	(Previously Presented) The non-transitory CRM of claim 8, wherein the PSK is stored on a DHCP server. 
10.	(Previously Presented) The non-transitory CRM of claim 9, wherein the PSK is retrieved from the DHCP server by the onboarding network device attempting to join the private network.
11.	(Original) The non-transitory CRM of claim 8, wherein the unique IDs of the network devices authorized to join the private network are media access control (MAC) addresses.   
12.	(Original) The non-transitory CRM of claim 8, wherein the hash values are generated by a manufacturer of network devices and transmitted to the NMS to be stored on a non-transitory data medium.  
13.	(Original) The non-transitory CRM of claim 8, wherein validating the onboarding network device using the hash values constitutes a first stage of validating the onboarding network device. 
14.	(Original) The non-transitory CRM of claim 10, wherein the validation of the onboarding network device based on the PSK constitutes a second stage of validation of the onboarding network device. 
15.	(Currently Amended) A computer-implemented system for provisioning an onboarding network device without using Internet, the system, including a processor and memory coupled with the processor, comprising: 
a private computer network;  
a dynamic host configuration protocol (DHCP) server having a pre-shared key (PSK) stored thereon, the DHCP server being coupled with the private computer network; and
a network management system (NMS) coupled with the private computer network, the NMS comparing the PSK stored on the DHCP server with a PSK, having been entered in a DHCP message, and obtained by the onboarding network device from a set of DHCP message options requesting to join the private computer network, and presented to the NMS in a DHCP connection request message, and comparing a unique ID of the onboarding network device to generated hash values corresponding to unique IDs of network devices authorized to join the private computer network to validate the onboarding network device. 
16.	(Original) The computer-implemented system of claim 15, further comprising a non-transitory computer-readable medium having a hash file encoded thereon accessible to the NMS. 
17.	(Currently Amended) The computer-implemented system of claim 16, wherein the hash file includes the generated hash values of unique IDs of authorized network devices of the private computer network
18.	(Currently Amended) The computer-implemented system of claim 17, wherein the onboarding network device includes information about where to find the PSK in [[a]]the DHCP message. 
19.	(Original) The computer-implemented system of claim 18, wherein the PSK is stored in a vendor-specific option 43 of the DHCP message.  
20.	(Original) The computer-implemented system of claim 19, wherein a parameter of the NMS is stored in the vendor-specific option 43 of the DHCP message, in addition to the PSK.


Reasons for Allowance
Claims 1, 8 and 15 are allowable, since closest arts, Wachter et al. (hereinafter referred to as Wachter) (U. S. Pub. No. 2016/0337190 A1), Schatzmann et al. (hereinafter referred to as Schatzmann) (U. S. Pub. No. 2015/0373001 A1), and Wilson et al. (hereinafter referred to as Wilson) (U. S. Pub. No. 2010/0293269 A1) fail to teach a method of network device of, a non-transitory computer-readable medium having instructions executed to cause the processor to implement operations of, or a computer implemented system for, provisioning an onboarding network device without using internet comprising, entering a pre-shared key (PSK) in a dynamic host configuration protocol (DHCP) message, obtaining the PSK from a set of DHCP message options by an onboarding network device requesting to join a private network, generating hash values corresponding to unique IDs of network devices authorized to join the private network, comparing PSK presented by network device attempting to join a private network against a trusted PSK list, the PSK presented in DHCP message, and validating the device to join the network,.
The novelty of claimed invention is based on the provisioning an onboarding network device without using internet comprising, entering a pre-shared key (PSK) in a dynamic host configuration protocol (DHCP) message, obtaining the PSK from a set of DHCP message options by an onboarding network device requesting to join a private network, generating hash values corresponding to unique IDs of network devices authorized to join the private network, comparing PSK presented by network device attempting to join a private network against a trusted PSK list, the PSK presented in DHCP message, and validating the device to join the network.
Wachter, Schatzmann and Wilson simply teach system and method for negotiating group membership for join the wireless network, method and system for onboarding network equipment, provisioning a resource object, and selecting network resources that correspond to the resource object based on the parameters.
Further, by continual thorough searching, some other relevant prior arts have been found and they do not teach the claims above. Gazier et al. (U. S. Pub. No. 2008/0155659 A1)  teaches methods and systems for distributed authentication.  Gooding et al. (U. S. Pub. No. 2012/0266209 A1) teaches common cyber security services. Yadav et al.  (U. S. Pub. No. 2016/0080502 A1) teaches methods and systems for controller based secure session key exchange over unsecured network paths.
Dependent claims 2-7, 9-14 and 16-20 depend on now allowed independent claims 1, 8 and 15, and are therefore allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Drawings
The drawings were received on March 11, 2019. These drawings are acceptable.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN FAN whose telephone number is 571-272-3345. The examiner can normally be reached on Monday-Friday, ET 9am-7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






John Fan
/J. F. /
Examiner, Art Unit 2456
06/30/2022


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2456