DETAILED ACTION
This office action is in response to the application filed on 02/05/2020.
Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Such claim limitation(s) is/are: “the first node and the second node including network devices configured to communicate in a network” in claims 1, 9, and 17.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 2, 3, 7-11, 15-18, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Eronen et al. (hereinafter Eronen, US 2006/0253703 A1).

Regarding Claim 1, Eronen discloses A method comprising: 
receiving, at a first node (Eronen: Fig. 4 AAA server 332), one or more extensible authentication protocol messages (Eronen: para.0081 “Security entity 304 sends the message as illustrated with arrow 411. The message is further sent by gateway 314 to AAA proxy 316 and by AAA proxy 316 to AAA server 332 as illustrated with arrows 412 and 413.” para.0073 “In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message, algorithms proposed by mobile node 300 for authentication and a traffic specification, which provides information on source and destination IP addresses for the security association. The message is illustrated with arrow 403. Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet. … AAA proxy 316 sends EAP Response/Identity message to AAA server 332 as illustrated with arrow 405. Authentication entity 338 in AAA server 332 receives the EAP Response/Identity message.” a plurality of EAP messages are sent from the MN 300 via Gateway 314 to the AAA server) from a second node (Eronen: Fig. 4 MN 300, it can be seen in Fig. 3 that device 300 contains 302 and 304.), 
the first node and the second node including network devices configured to communicate in a network (Eronen: Fig. 3, it can be seen that node 332 and node 300 are configured to communicate via both intranet 320 and WLAN 310.); 
obtaining, by the first node, attestation information from the one or more extensible authentication protocol messages (Eronen: para.0080 “Security entity 304 computes its Master Session Key (MSK) using at least the RAND value. In one embodiment of the invention, security entity 304 computes IK and CK values using the secret K, and thereafter from IK and CK values the MSK. Security entity 304 verifies the MAC value in message 410 using the MSK. Correct MAC value proves that the at least one CA certificate originate from AAA server 332, which has obtained correct authentication vectors from HLR 334.” and para.0081 “Security entity 304 computes a RES value using the secret key K shared by it and HLR 334. Security entity 304 includes the RES value in an EAP Response message. The message is protected using the MAC value, which is generated using a secure hash algorithm with the MSK as the key.” para.0082 “At time t5 after the receiving of message 413 authentication entity 338 in AAA server 332 verifies the MAC value using MSK.” it can be seen in fig. 4, that the EAP response in step 411 contains the RES and MAC, both of which are attestation information, and it obtained by the AAA server and verified.); and 
determining, by the first node, whether the second node is authentic and trustworthy based on the attestation information (Eronen: para.0082 “Authentication entity 338 also compares the provided RES value to the XRES value in the current authentication vector, namely the authentication vector from which corresponding RAND value was earlier sent by AAA server 332. If the comparison proves successful, authentication entity 338 sends an EAP Success message to AAA proxy 316 as illustrated with arrow 414.” AAA server verifies the node 300 using the RES and MAC values, thereby determining the node is authentic, and in returns sends an EAP success message.  A node determined to be authentic is also trustworthy.).

Regarding Claim 2 Eronen discloses claim 1 as set forth above.
Eronen further discloses wherein the one or more extensible authentication protocol messages are based on a Diameter protocol (Eronen: para.0007 “With WLAN 110 is also associated an Authentication, Authorization and Accounting (AAA) proxy 116. AAA proxy communicates with gateway 114 using, for example, RADIUS (Remote Authentication Dial-In User Service) or DIAMETER (Diameter Base Protocol) protocols. RADIUS protocol is defined in the IETF document RFC 2865 and DIAMETER protocol in RFC 3588.” para.0073 “Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet.”).

Regarding Claim 3, Eronen discloses claim 2 as set forth above.
Eronen further discloses wherein the first node (Eronen: Fig. 4 AAA server 332)  is a Diameter server and the second node (Eronen: Fig. 4 MN 300, it can be seen in Fig. 3 that device 300 contains 302 and 304.) is a Diameter client (Eronen: para.0007 “With WLAN 110 is also associated an Authentication, Authorization and Accounting (AAA) proxy 116. AAA proxy communicates with gateway 114 using, for example, RADIUS (Remote Authentication Dial-In User Service) or DIAMETER (Diameter Base Protocol) protocols. RADIUS protocol is defined in the IETF document RFC 2865 and DIAMETER protocol in RFC 3588.” para.0073 “Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet.” the server and client devices communicate using DIAMETER protocol, and are therefore a diameter server and a diameter client respectively.), 
or the first node is the Diameter client and the second node is the Diameter server.

Regarding Claim 7 Eronen discloses claim 2 as set forth above.
Eronen further discloses wherein the one or more extensible authentication protocol messages include one or more of a Trust Information Request (TIR) or a Trust Information Answer (TIA) (Examiner notes that in para.0123 of applicant spec, a TIR or a TIA is just a request or answer of attestation information, as canary stamp and fingerprint information is provided as examples and these are listed as attestation information in claim 8.  It can be seen in the EAP request and EAP answer in Fig. 4 in steps 410 and 411, it contains RAND, AUTN, CA cert, MAC, and the response contains RES and MAC values, all of which are trust information answers, and the EAP request itself is a request for this trust information.  Secondly, the EAP response 404 contains MS-id value in step 404 in Fig. 4, para.0073 ” In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message” the MS-id value identifies the sender, i.e MN 300, and it is used to authenticate the device, thereby a trust information answer.).

Regarding Claim 8, Eronen discloses wherein the attestation information comprises Proof of Integrity based on one or more of a Canary stamp or a hardware fingerprint comprising Proof of Freshness of the one or more extensible authentication protocol messages, a device identifier of the second node (Eronen: the EAP response 404 contains MS-id value in step 404 in Fig. 4, para.0073 ” In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message” the MS-id value identifies the sender, i.e MN 300, and it is used to authenticate the device), or an attestation key.

Regarding Claims 9-11, and 15-16 they list all of the same steps as claims 1-3 and 7-8 but in A system comprising: one or more processors; and a non-transitory computer-readable storage medium containing instructions which, when executed on the one or more processors, cause the one or more processors to perform operations including (Eronen: para.0051-para.0052).  Therefore the supporting rationale for the rejection of claims 1-3 and 7-8 apply equally as well to claims 9-11 and 15-16.

Regarding Claims 17-18, and 20 they list all of the same steps as claims 1, 2 and 7, but in a A non-transitory machine-readable storage medium, including instructions configured to cause a data processing apparatus to perform operations, the operations including (Eronen: para.0051-para.0052).  Therefore the supporting rationale for the rejection of claims 1, 2, and 7 apply equally as well to claims 17-18 and 20.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4-6 12-14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Eronen et al. (hereinafter Eronen, US 2006/0253703 A1) in view of Prakash et al. (hereinafter Prakash, US 2014/0304415 A1).
Regarding Claim 4, Eronen discloses claim 2 as set forth above.
However Eronen does not explicitly disclose wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA).
Prakash discloses wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address.” para.0273 “The handshake module 710 may then receive a CEA from server 106, which the handshake module 710 can modify and then forward to diameter client 702.” the diameter messages consist of a CER or a CEA).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen with Prakash in order to incorporate wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) which is a type of Diameter messaging as seen in para.0262 and para.0273of Prakash into Eronen that communicates using Diameter protocol.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claim 5, Eronen-Prakash discloses claim 4  as set forth above.
However Eronen does not explicitly disclose wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs.
Prakash discloses wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address. In another example, an AVP can include a Session-ID. In some embodiments, one or more diameter messages received by the intermediary device can include an AVP. In some embodiments, each message includes an AVP.” The CER/CEA messages include Attribute value pairs, such as session ID or ip addresses that identify the sender.  Identify information can be used as attestation information.).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen with Prakash in order to incorporate wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claim 6 Eronen-Prakash discloses claim 4 as set forth above.
However Eronen does not explicitly disclose wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA, the combination of the one or more fields comprising a tuple.
Prakash discloses wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address. In another example, an AVP can include a Session-ID. In some embodiments, one or more diameter messages received by the intermediary device can include an AVP. In some embodiments, each message includes an AVP.” The CER/CEA messages include Attribute value pairs, such as session ID or ip addresses that identify the sender.  Identify information can be used as attestation information.),
the combination of the one or more fields comprising a tuple (Prakash: para.0326 “An AVP may represent data as a tuple &lt;attribute name, value&gt;, where each element is an attribute-value pair. In some embodiments, the AVP may include other types of data structures such as &lt;type-length-value&gt; triples. For example, the message may include an attribute Origin-Host and a corresponding value. The intermediary device may match this attribute and value with a persistent server connection. If the intermediary device, such as via a load balancer, identifies a matching persistent connection, the intermediary device may forward the received diameter message to the corresponding matching server (758).” AVP information can be structured as a tuple.).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen with Prakash in order to incorporate wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA, the combination of the one or more fields comprising a tuple.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claims 12-14 and 19, they do not teach nor further define over the limitations of claims 4-6, therefore the supporting rationale for claims 4-6 apply equally as well to that of claims 12-14.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Sharaga et al. US 2016/0182499 A1 see fig. 4a-4b and para.0053 that shows using attestation information to generate a trusted connection.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EUI H KIM whose telephone number is (571)272-8133. The examiner can normally be reached 7:30-5 M-R, M-F alternating.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 5712725863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EUI H KIM/               Examiner, Art Unit 2453                                                                                                                                                                                         

/KAMAL B DIVECHA/             Supervisory Patent Examiner, Art Unit 2453