DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on 08/10/2020.

Examiner Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with George Yee on 09/01/2022.
The claims are amended as follows:

(Currently Amended) A method of authenticating a host between inter network devices of a network comprising:
routing a payload with an authentication extension through the network to [[the]] a second inter network device for authentication of the host at the second inter network device, wherein the host is blocked from communicating with [[the]] remaining network devices at the second inter network device while the host is [[free]] authenticated to communicate with the remaining network devices at [[the]] a first inter network device; and
in response to receiving an authentication acknowledgment from the second inter network device, blocking the host from communicating with the remaining network devices through the first inter network device, wherein the host is authenticated at the second inter network device prior to the blocking.

(Original) The method of claim 1, wherein authentication of the host at the second inter network device comprises:
the second inter network device:
intercepting one or more authentication packets from the host, the authentication packets directed to an authentication host by the host for authenticating the host to communicate with the remaining network devices at the second inter network device; and
in response to the intercepting the authentication packets, forwarding the authentication packets to the authentication host for authentication of the host at the second inter network device.

(Original) The method of claim 1, wherein the authentication extension is an ‘extended community’.

(Currently Amended) The method of claim 1, wherein the host is authenticated at the first inter network device while the host is blocked from [[from]] communicating with the remaining network devices at the second inter network device.

(Currently Amended) The method of claim 4, wherein [[the]] authentication of the host at the first inter network device and the authentication of the host at the second inter network device is performed in accordance with a network security protocol.
(Original) The method of claim 1, wherein the host is a physical device or a virtual machine.

(Original) The method of claim 1, wherein during authentication of the host at the second inter network device, the second inter network device performing provisional authentication to allow authentication packets originating from the host through the second inter network device.

(Currently Amended) A system for authenticating a host between inter network devices of a network comprising: 
a memory configured to store a program code; and
a processor that when executing the program code causes a first inter network device to:
route a payload through the network to [[the]] a second inter network device, wherein the host is blocked from communicating with [[the]] remaining network devices at the second inter network device while the host is [[free]] authenticated to communicate with the remaining network devices at [[the]] a first inter network device; and
in response to receiving an authentication acknowledgment from the second inter network device, blocking the host from communicating with the remaining network devices through the first inter network device, wherein the host is authenticated at the second inter network device prior to the blocking.

(Original) The system of claim 8, wherein the host is authenticated at the first inter network device while the host is blocked from communicating with the remaining network devices at the second inter network device.

(Currently Amended) The system of claim 9, wherein in response to the authentication of the host at the second inter network device, the processor when executing the program code further causes the first inter network device to remove [[the]] authentication of the host at the first inter network device and block communication between the host and the remaining network devices through the first inter network device.

(Original) The system of claim 9, wherein to remove the authentication of the host at the first inter network device, the first inter network device is configured to remove an association between the host and the first inter network device from a forwarding table. 

(Currently Amended) The system of claim 8, wherein in response to [[the]] authentication of the host at the second inter network device, the first inter network device is configured to add an association between the host and the second inter network device to a forwarding table.
 
(Currently Amended) The system of claim 8, wherein the first inter network device is configured to remove [[the]] a block at the second inter network device only after successful authentication of the host at the second inter network device to prevent network device packet loss.

(Original) The system of claim 13, wherein the first inter network device is configured to remove an association in a forwarding table between the host and the first inter network device in response to receiving the authentication acknowledgement from the second inter network device.

(Original) The system of claim 8, wherein the first and the second inter network devices communicate through border gateway protocol (BGP).

(Original) The system of claim 8, wherein the system employs a tunnel encapsulation type for encapsulation of packets of the route including the payload to the second inter network device of a secured media access control (MAC) address corresponding to the host.

(Currently Amended) The system of claim 8, wherein the authentication extension is an ‘extended community’.

(Original) The system of claim 8, wherein the host is a physical device or a virtual machine.

(Original) The system of claim 8, wherein an authentication process at the second inter network device includes interception of one or more authentication packets originating from the host at the second inter network device, the authentication packets directed to an authentication host by the host for authenticating the host to communicate with the remaining network devices through the second inter network device.


Reasons for Allowance
The following is an examiner's statement of reasons for allowance:
Claims 1-19 are allowed. 
By interpreting the claims in light of the Specification (fig. 22-24), the Examiner finds the claimed invention to be patentably distinct from the prior art of records. Specifically, the prior art of records, individually or in combination, fail to explicitly teach, suggest or render obvious the claimed invention as recited in each independent claim 1 or 8, reciting “in response to receiving an authentication acknowledgment from the second inter network device, blocking the host from communicating with the remaining network devices through the first inter network device, wherein the host is authenticated at the second inter network device prior to the blocking”. 

Pandey et al. (US 2021/0211404) discloses routing a payload with an authentication extension through the network to the second inter network device for authentication of the host at the second inter network device, wherein the host is blocked from communicating with the remaining network devices at the second inter network device while the host is free to communicate with the remaining network devices at the first inter network device (fig. 1, 3, [0051]-[0053], transferring authenticated DHCP entries between leaf nodes that a host moves to, allowing for communication of the host at new leaf node, the communication at the old leaf node is disabled by a lease expiration timeout.)
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is included in form PTO 892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner Hieu Hoang whose telephone number is 571-270-1253.  The examiner can normally be reached on Mon-Thu, 8a.m.-5p.m., EST Mon-Fri 9 AM -5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HIEU T HOANG/Primary Examiner, Art Unit 2452