DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments 
In response to 35 USC 112 rejection, 35 USC 112 rejection is maintained. According to the claim, the first device generates the key, and it is unclear how “the second” device use the information to generate the key. The wherein clause does not further clarify the generation step. The claim does not contain a generation step for the second device, the second device is inactive in the generation of the key. The claim is therefore rendered indefinite. Please see more information below.

Applicant's arguments filed, 07/29/2022, to independent claims 1 and 9, applicant argues that Chimakurthy, Moyer and lambert fails to teach “generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier”. However, there is no indication as to why the reference do not explicitly teach the claim limitation.
Under further review and consideration. It would appear that Moyer teaches “generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier”. Moyer discloses “wherein the generating the secret key is based on the first identity and the second identity being verified [0009]. the shared secret may be generated using elliptic-curve cryptography. This shared secret may be used as an input into a key derivation function ("KDF"), such as HKDF, to derive a symmetric secret key [75]. A secret_key is generated inside Enclave A 160 using KB and ka [0076]”. This shows the inputs (Ka and kb) into the hash function in order to generate a symmetric secret key.
Claim 2-9 and 10-14 falls together accordingly since they do not cure the deficiencies of the independent claims.

Applicant's arguments filed, 07/29/2022, to independent claims 1, 9, and 15. Applicant argues that Chimakurthy, Moyer and lambert fails to teach “wherein the first device and the peer device independently self-generate the symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier”. However, there is no indication as to why the reference do not explicitly teach the claim limitation.
Under further review and consideration. It would appear that Lambert teaches “wherein the first device and the peer device independently self-generate the symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier”. Lambert discloses “second user device generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60]”. Lambert discloses first and second device generates symmetric key based on the first id, second and key generation algorithm. That the first and second independently self-generates.

Applicant's arguments filed, 07/29/20221, to independent claims 15, applicant argues that Chimakurthy, Moyer and lambert fails to teach “generate a symmetric key using a cryptographic hash function based on determining that the second digital certificate is signed by the certificate authority that issued the first digital certificate to the first device”. However, there is no indication as to why the reference do not explicitly teach the claim limitation.
Under further review and consideration. It would appear that Yoon teaches “generate a symmetric key using a cryptographic hash function based on determining that the second digital certificate is signed by the certificate authority that issued the first digital certificate to the first device”. Yoon discloses “PAKE based on public key certificate, where two or more parties participating in encrypted communications [0005]. A session key sk by hashing a string including the common hash value e, the terminal-side random number x, the first secret key element X, the second secret key element Y, and the hash value I of the ID using a second random hash function h.sub.2; generating, at the terminal, a first verification value by hashing a second string including the first secret key element X, the second secret key element Y, the hash value I of the ID, the session key sk and the password using a third random hash function h.sub.3 [0016]”. This shows generating a secret key by three inputs being two identities (identities associated with the device) and random number.
Claims 16-20 falls together accordingly since they do not cure the deficiencies of the independent claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 9, and 15, claims 1 and 9 recites “wherein the first device and the peer device independently self-generate the symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier”. It is unclear how the peer self-generate the symmetric key, when there is no step indicating that the peer device generates the symmetric key. The wherein clause does not further clarify the generating step. The claim does not contain a generation step for the peer device, the peer device is inactive in the generation of the key. The claim is therefore rendered indefinite. 
Claims 2-8 and 10-14 fall together accordingly since they do not cure the deficiencies of the independent claims.

Claim 1 recites the limitation "a key generation algorithm" in line 14. Unclear whether the key generation algorithm is the same key generation algorithm as stated before or a different key generation algorithm. There is insufficient antecedent basis for this limitation in the claim.
Claims 2-8 fall together accordingly since they do not cure the deficiencies of the independent claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy) in view of Moyer et al. (US 20200110886, hereinafter Moyer), and in further view of Lambert (US 10681038).
Re. claim 1, Chimakurthy discloses a method, comprising: 
performing, by a first device, a certificate exchange with a peer device connected to the first device over an Ethernet link (Transmission engine may provide a MAC address and a device identifier of first MACsec capable device 104 to second MACsec capable device 106. In an example, the device identifier of first MACsec capable device 104 may include a digital certificate [0029]), wherein performing the certificate exchange includes: transmitting, to the peer device, a first digital certificate that contains a first unique identifier associated with the first device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]), and receiving, from the peer device, a second digital certificate that contains a second unique identifier associated with the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract, 10]); obtaining, by the first device, the second unique identifier from the second digital certificate received from the peer device based on validating that the second digital certificate is signed by a certificate authority that signed the first digital certificate (In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]).
Chimakurthy discloses identifier and communication, Chimakurthy does not explicitly teach but Moyer teaches generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier (Moyer teaches wherein the generating the secret key is based on the first identity and the second identity being verified [9]. A secret-key is generated inside Enclave A (Interpreted as first device) 160 using KB and KA [76] (Enclave B is interpreted as second device)); using, by the first device, the symmetric key to establish a secure communication session with the peer device over the Ethernet link (the secure communication channel is established between the first enclave (Interpreted as first device) and the second enclave(Interpreted as second device) using the secret key [0007]. the first and second enclaves may generate a shared secret sending and receiving data through the secure communication channel [0027]. The network 150 and intervening nodes described herein can be interconnected using various protocols and systems, such that the network can be part of the Internet, World Wide Web, specific intranets, wide area networks, or local networks. The network can utilize standard communications protocols, such as Ethernet, WiFi and HTTP, protocols that are proprietary to one or more companies, and various combinations of the foregoing [0036]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include generating, by the first device, a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier; using, by the first device, the symmetric key to establish a secure communication session with the peer device over the Ethernet link as disclosed by Moyer. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before sending and retrieving information in a secure way (Moyer [0062]).
Although the combination of Chimakurthy-Moyer discloses first unique identifier, second unique identifier and hash to generate symmetric key, the combination of Chimakurthy-Moyer do not explicitly teach but Lambert teaches wherein the first device and the peer device independently self-generate the symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier (Lambert teaches second user device generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include w wherein the first device and the peer device independently self-generate the symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Re. claim 2, the combination of Chimakurthy-Moyer-Lambert teaches the method of claim 1, wherein the secure communication session is established according to a Media Access Control security (MACsec) protocol (Chimakurthy teaches MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices (for example, 104 and 106). A MACsec capable device (for example, 104 and 106) may support 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the MACsec device and a host device [0014]).

Re. claim 3, the combination of Chimakurthy-Moyer-Lambert teach the method of claim 1, the combination of Chimakurthy-Moyer-Lambert do not explicitly teach but Lambert teaches wherein: the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier and the second unique identifier, and the symmetric key is an output of the cryptographic hash function (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier and the second unique identifier, and the symmetric key is an output of the cryptographic hash function as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Re. claim 4, the combination of Chimakurthy-Moyer-Lambert teach the method of claim 3, the combination of Chimakurthy-Moyer do not explicitly disclose but Lambert discloses wherein the inputs to the cryptographic hash function further include a cryptographic salt that the first device and the peer device independently generate according to a particular scheme (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers (Interpreted as cryptographic salt) Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include wherein the inputs to the cryptographic hash function further include a cryptographic salt that the first device and the peer device independently generate according to a particular scheme as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Claims 15 and 17 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886 hereinafter Moyer), Yoon et al. (US 20140122888, hereinafter Yoon), and in further view of Lambert (US 10681038).

Re. claim 15, Chimakurthy discloses a non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a first device (Machine-readable storage medium, processor and memory. Memory executed by the processor[0043]), cause the one or more processors to: transmit a first digital certificate to a peer device connected to the first device over an Ethernet link, wherein the first digital certificate contains a first unique identifier identifying the first device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]); receive, from the peer device, a second digital certificate that contains a second unique identifier identifying the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract, 10]); determine whether the second digital certificate received from the peer device is signed by a certificate authority that issued the first digital certificate to the first device (Chimakurthy teaches In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]).
Chimakurthy discloses identifier and communication, Chimakurthy does not explicitly teach but Moyer teaches use the symmetric key to establish a secure communication session with the peer device over the Ethernet link (Moyer teaches wherein the secure communication channel is established between the first enclave and the second enclave using the secret key [0007]. the first and second enclaves may generate a shared secret sending and receiving data through the secure communication channel [0027]. The network 150 and intervening nodes described herein can be interconnected using various protocols and systems, such that the network can be part of the Internet, World Wide Web, specific intranets, wide area networks, or local networks. The network can utilize standard communications protocols, such as Ethernet, WiFi and HTTP, protocols that are proprietary to one or more companies, and various combinations of the foregoing [0036]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include use the symmetric key to establish a secure communication session with the peer device over the Ethernet link as disclosed by Moyer. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before sending and retrieving information in a secure way (Moyer [0062]).
Although the combination of Chimakurthy-Moyer do not explicitly teach but Yoon teaches generate a symmetric key using a cryptographic hash function based on determining that the second digital certificate is signed by the certificate authority that issued the first digital certificate to the first device (Yoon teaches PAKE based on public key certificate, where two or more parties participating in encrypted communications [0005]. a session key sk by hashing a string including the common hash value e, the terminal-side random number x, the first secret key element X, the second secret key element Y, and the hash value I of the ID using a second random hash function h.sub.2; generating, at the terminal, a first verification value by hashing a second string including the first secret key element X, the second secret key element Y, the hash value I of the ID, the session key sk and the password using a third random hash function h.sub.3 [0016] (shows generating a secret key by three inputs being two identities (identities associated with the device) and random number).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include generate a symmetric key using a cryptographic hash function based on determining that the second digital certificate is signed by the certificate authority that issued the first digital certificate to the first device as disclosed by Yoon. One of ordinary skill in the art would have been motivated for the purpose of authenticating the identities, which leads to improve security (Yoon [0032]).
Although Yoon discloses generating a symmetric key with three inputs being the identities associated with the devices and random number, the combination of Chimakurthy-Moyer-Yoon do not explicitly teach but Lambert teaches wherein the first device and the peer device independently self-generate the symmetric key using the cryptographic hash function based on the first unique identifier, the second unique identifier, and one or more random numbers (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Yoon to include wherein the first device and the peer device independently self-generate the symmetric key using the cryptographic hash function based on the first unique identifier, the second unique identifier, and one or more random numbers as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Re. claim 17, the combination of Chimakurthy-Moyer-Yoon-Lambert teaches the non-transitory computer-readable medium of claim 15, the combination of Chimakurthy-Moyer-Yoon do not explicitly teach but Lambert teaches wherein the one or more random numbers include a cryptographic salt (Lambert teaches the first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60]. Generates a hidden version of the password, Ra is random because it’s generated based on random integer Xa [Col 4 lines 22-34] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Yoon to include wherein the one or more random numbers include a cryptographic salt as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), and in further view of Rai et al. (US 20180316510, hereinafter Rai).

Re. claim 5, the combination of Chimakurthy-Moyer-Lambert teaches the method of claim 1, further comprising: the combination of Chimakurthy-Moyer do not explicitly teach but Rai teaches obtaining the first digital certificate from the certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority (Rai teaches SCEP can be used to request certificates from any SCEP-enabled certificate authority [0039]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert to include obtaining the first digital certificate from the certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority as disclosed by Rai. One of ordinary skill in the art would have been motivated for the purpose of allows users to request and issue large numbers of certificates with one request (Rai [0039]).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), and in further view of Garcia Morchon et al. (US 20190089546, hereinafter Garcia).

Re. claim 6, the combination of Chimakurthy-Moyer-Lambert teach the method of claim 1, further comprising: the combination of Chimakurthy-Moyer-Lambert do not explicitly teach but Garcia teaches generating a cryptographic key pair that includes a public key for encrypting data and a private key for decrypting data that is encrypted using the public key (Garcia teaches a key pair generation unit 141 arranged to generate a public key and a corresponding private key. The public key may be arranged for encryption according to an asymmetric-key cryptographic scheme. The corresponding private key is arranged for decryption according to the asymmetric-key cryptographic scheme [0035]); transmitting, to the certificate authority, a certificate signing request that includes the public key and the first unique identifier associated with the first device (Garcia teaches Message 240.2 may be a certificate request comprising the public key and information. The request may be accompanied by other credentials or proofs of identity if required by the certificate authority [0068]); and receiving the first digital certificate from the certificate authority based on the certificate signing request (Garcia teaches Message 240.2 may be a certificate request comprising the public key and information. If the public key has a dual use as signing key (e.g., combining RSA encryption and signing or ElGamal encryption and ECDSA signing) then the request may be signed by the private key corresponding to the public key. This signature is verified by the certificate authority [0068]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert to include generating a cryptographic key pair that includes a public key for encrypting data and a private key for decrypting data that is encrypted using the public key; transmitting, to the certificate authority, a certificate signing request that includes the public key and the first unique identifier associated with the first device; and receiving the first digital certificate from the certificate authority based on the certificate signing request as disclosed by Garcia. One of ordinary skill in the art would have been motivated for the purpose of using asymmetric scheme in order for encryption or signing (Garcia [0002]).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), and in further view of L. et al. (US 20130318570, hereinafter L).

Re. claim 7, the combination of Chimakurthy-Moyer-Lambert teach the method of claim 1, further comprising: the combination of Chimakurthy-Moyer-Lambert do not explicitly teach but L teaches obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate (L teaches a network device receives a domain-specific X.509 certificate from a neighbor device, the network device validates the certificate structure and format. The certificate validation uses the root certificate and/or certificate chain of the issuer of the received certificate [0064]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert to include obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate as disclosed by L. One of ordinary skill in the art would have been motivated for the purpose of validating certificates in the same domain (L [0062]).

Claim 8, 9, 10, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), and in further view of Small et al. (US 20140041022, hereinafter Small).

Re. claim 8, the combination of Chimakurthy-Moyer-Lambert teach the method of claim 1, further comprising: the combination of Chimakurthy-Moyer-Lambert do not explicitly teach but Small teaches receiving an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiating the symmetric key with the peer device based on the alert (Small teaches provide for explicit notification and sharing of information regarding detected attacks/failure conditions between endpoints in a communication session. the endpoints in a communication session can collectively determine a response to take following the detection of a failure condition/attack on the communication session. The response may comprise: re-negotiating a session key [0014]. The network may be metro Ethernet transport network [0018] Fig. 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert-Campagna to include receiving an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiating the symmetric key with the peer device based on the alert as disclosed by Small. One of ordinary skill in the art would have been motivated for the purpose of recognizing an attack and responding to the attack (Small [0012]).

Re. claim 9, Chimakurthy discloses a device, comprising: one or more memories; and one or more processors (Chimakurthy discloses processor and memory. Memory executed by the processor[0043]), communicatively coupled to the one or more memories, to: transmit, to a peer device connected to the device over an Ethernet link, a first digital certificate that contains a first unique identifier identifying the device (distribution of the digital certificate which is used to verify that a particular public key belongs to a certain entity (for example, first MACsec capable device 104 or second MACsec capable device 106) [0026]. Provide a MAC address and a device identifier of first MACsec capable device 104 [0029]); receive, from the peer device, a second digital certificate that contains a second unique identifier identifying the peer device (receive a MAC address and a device identifier of a second MACsec capable device [abstract]. In response to receiving the device identifier, authentication engine may authenticate second MACsec capable device 106 based on the device identifier of second MACsec capable device 106. In an example, the authentication may include, for example, validating the date on the device identifier, and determining whether the device identifier is signed by a trusted CA. The authentication may be performed by using a pre-installed certificate of the CA that issued the device identifier (for example, a digital certificate) of second MACsec capable device 106. If the device identifier is not valid, authentication engine may show an error and no MACsec session may be realized between first MACsec capable device 104 and second MACsec capable device 106 [0028]).
Chimakurthy discloses identifier and communication, Chimakurthy does not explicitly teach but Moyer teaches generate a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier (Moyer teaches wherein the generating the secret key is based on the first identity and the second identity being verified [9]. A secret_key is generated inside Enclave A 160 using KB and KA [76]); use the symmetric key to establish a secure communication session with the peer device over the Ethernet link (wherein the secure communication channel is established between the first enclave and the second enclave using the secret key [0007]. the first and second enclaves may generate a shared secret sending and receiving data through the secure communication channel [0027]. The network 150 and intervening nodes described herein can be interconnected using various protocols and systems, such that the network can be part of the Internet, World Wide Web, specific intranets, wide area networks, or local networks. The network can utilize standard communications protocols, such as Ethernet, WiFi and HTTP, protocols that are proprietary to one or more companies, and various combinations of the foregoing [0036]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chimakurthy to include generate a symmetric key using a key generation algorithm based on the first unique identifier and the second unique identifier; use the symmetric key to establish a secure communication session with the peer device over the Ethernet link as disclosed by Moyer. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before sending and retrieving information in a secure way (Moyer [0062]).
Although the combination of Chimakurthy-Moyer discloses first unique identifier, second unique identifier and hash to generate symmetric key, the combination of Chimakurthy-Moyer do not explicitly teach but Lambert teaches wherein the first device and thepeer device independently self-generate the symmetric key using a cryptographic hash function as the key generation algorithm based on the first unique identifier and the second unique identifier (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include wherein the first device and the second device use the first unique identifier, the second unique identifier, and the key generation algorithm to generate the symmetric key as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).
The combination of Chimakurthy-Moyer-Lambert do not explicitly teach but Small teaches receive an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the device and the peer device; and renegotiate the symmetric key with the peer device based on the alert (Small teaches provide for explicit notification and sharing of information regarding detected attacks/failure conditions between endpoints in a communication session. the endpoints in a communication session can collectively determine a response to take following the detection of a failure condition/attack on the communication session. The response may comprise: re-negotiating a session key [0014]. The network may be metro Ethernet transport network [0018] Fig. 3).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert to include receiving an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiating the symmetric key with the peer device based on the alert as disclosed by Small. One of ordinary skill in the art would have been motivated for the purpose of recognizing an attack and responding to the attack (Small [0012]).

Re. claim 10, the combination of Chimakurthy-Moyer-Lambert-Small teach the device of claim 9, the combination of Chimakurthy-Moyer-Lambert do not explicitly teach but Small teaches wherein the one or more electrical signal characteristics include one or more of a change or a fluctuation in impedance that satisfies a condition (Small teaches logging parameters/information pertaining to the transport layer session in a database (e.g., for future analysis, correlating with information on other suspected attacks against the current session or different sessions, etc.), upgrading to a more secure cipher suite, e.g., using a larger key size, beginning to encrypt communications using a session key, reducing an acknowledgement window size, re-negotiating a session key, changing session identifiers (e.g., RSID and/or SSID), agreeing to renegotiate session keys at a more frequent intervals, shortening the valid duration of a session key and re-anchoring/transferring a session to a different network, to a different interface or to a different device, among other things [0032]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert to include wherein the one or more electrical signal characteristics include one or more of a change or a fluctuation in impedance that satisfies a condition as disclosed by Small. One of ordinary skill in the art would have been motivated for the purpose of recognizing an attack and responding to the attack (Small [0012]).

Re. claim 11, the combination of Chimakurthy-Moyer-Lambert-Small teach the device of claim 9, wherein the secure communication session is established according to a Media Access Control security (MACsec) protocol (Chimakurthy discloses MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices (for example, 104 and 106). A MACsec capable device (for example, 104 and 106) may support 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the MACsec device and a host device [0014]).

Re. claim 12, the combination of Chimakurthy-Moyer-Lambert-Small teach the device of claim 9, the combination of Chimakurthy-Moyer do not explicitly teach but Lambert teaches wherein: the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier, the second unique identifier, and a cryptographic salt that the device and the peer device independently generate according to a particular scheme, and the symmetric key is an output of the cryptographic hash function (Lambert teaches second user device independently generates symmetric key SKba using the hash function based on identifier ida of the first user device, identifier idb of second user device, and one or more random numbers Ra, Rb [Col 5 lines 1-15]. The first user device independently generates symmetric key SKab using the hash function based on identifier ida of first user device, identifier idb of second user device, and one or more random numbers (interpreted as cryptographic salt) Ra, Rb [Col 5 lines 47-60] Fig. 2).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer to include wherein: the key generation algorithm is a cryptographic hash function, inputs to the cryptographic hash function include the first unique identifier, the second unique identifier, and a cryptographic salt that the device and the peer device independently generate according to a particular scheme, and the symmetric key is an output of the cryptographic hash function as disclosed by Lambert. One of ordinary skill in the art would have been motivated for the purpose of verifying identities before transmission of data, establishing a communication based on authentication (Lambert [Col 1 lines 34-42] [Col 5 lines 60-67).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), Small et al. (US 20140041022, hereinafter Small) and in further view of Rai et al. (US 20180316510, hereinafter Rai).

Re. claim 13, the combination of Chimakurthy-Moyer-Lambert-Small teaches the device of claim 9, wherein the one or more processors are further to: the combination of Chimakurthy-Moyer-Lambert-Small do not explicitly teach but Rai teaches obtain the first digital certificate from a certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority (Rai teaches SCEP can be used to request certificates from any SCEP-enabled certificate authority [0039]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert-Small to include obtaining the first digital certificate from the certificate authority by communicating with the certificate authority according to one or more of a Simple Certificate Enrollment Protocol (SCEP) or an application program interface provided by the certificate authority as disclosed by Rai. One of ordinary skill in the art would have been motivated for the purpose of allows users to request and issue large numbers of certificates with one request (Rai [0039]).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Lambert (US 10681038), Small et al. (US 2014004102,2 hereinafter Small) and in further view of Garcia Morchon et al. (US 20190089546, hereinafter Garcia).

Re. claim 14, the combination of Chimakurthy-Moyer-Lambert-Small teaches the device of claim 9, wherein the one or more processors are further to: the combination of Chimakurthy-Moyer-Lambert-Small do not explicitly teach but Garcia teaches transmit, to a certificate authority, a certificate signing request that includes the first unique identifier associated with the device and a public key associated with a cryptographic key pair generated by the device (Garcia teaches a key pair generation unit 141 arranged to generate a public key and a corresponding private key. The public key may be arranged for encryption according to an asymmetric-key cryptographic scheme. The corresponding private key is arranged for decryption according to the asymmetric-key cryptographic scheme [0035]. Message 240.2 may be a certificate request comprising the public key and information. The request may be accompanied by other credentials or proofs of identity if required by the certificate authority [0068]); and receive the first digital certificate from the certificate authority based on the certificate signing request (Garcia teaches Message 240.2 may be a certificate request comprising the public key and information. If the public key has a dual use as signing key (e.g., combining RSA encryption and signing or ElGamal encryption and ECDSA signing) then the request may be signed by the private key corresponding to the public key. This signature is verified by the certificate authority [0068]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Lambert-Small to include generating a cryptographic key pair that includes a public key for encrypting data and a private key for decrypting data that is encrypted using the public key; transmitting, to the certificate authority, a certificate signing request that includes the public key and the first unique identifier associated with the first device; and receiving the first digital certificate from the certificate authority based on the certificate signing request as disclosed by Garcia. One of ordinary skill in the art would have been motivated for the purpose of using asymmetric scheme in order for encryption or signing (Garcia [0002]).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886 hereinafter Moyer), Yoon et al. (US 20140122888, hereinafter Yoon), Lambert (US 10681038), and in further view of L. et al. (US 20130318570, hereinafter L).

Re. claim 18, the combination of Chimakurthy-Moyer-Yoon-Lambert teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: the combination of Chimakurthy-Moyer-Yoon-Lambert do not explicitly teach but L teaches obtain a root certificate associated with the certificate authority; and determine that the certificate authority signed the second digital certificate based on tracing a certificate chain of trust from the second digital certificate to the root certificate (L teaches a network device receives a domain-specific X.509 certificate from a neighbor device, the network device validates the certificate structure and format. The certificate validation uses the root certificate and/or certificate chain of the issuer of the received certificate [0064]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Yoon-Lambert to include obtaining a root certificate associated with the certificate authority; and validating that the second digital certificate is signed by the certificate authority based on tracing a certificate chain of trust from the second digital certificate to the root certificate as disclosed by L. One of ordinary skill in the art would have been motivated for the purpose of validating certificates in the same domain (L [0062]).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886, hereinafter Moyer), Yoon et al. (US 20140122888, hereinafter Yoon), Lambert (US 10681038), and in further view of Small et al. (US 20140041022, hereinafter Small) .

Re. claim 19, the combination of Chimakurthy-Moyer-Yoon-Lambert teach the non-transitory computer-readable medium of claim 15, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: the combination of Chimakurthy-Moyer-Yoon-Lambert do not explicitly teach but Small teaches receive an alert indicating potential unauthorized tampering with the Ethernet link based on one or more electrical signal characteristics associated with a physical wire connecting the first device and the peer device; and renegotiate the symmetric key with the peer device based on the alert (Small teaches logging parameters/information pertaining to the transport layer session in a database (e.g., for future analysis, correlating with information on other suspected attacks against the current session or different sessions, etc.), upgrading to a more secure cipher suite, e.g., using a larger key size, beginning to encrypt communications using a session key, reducing an acknowledgement window size, re-negotiating a session key, changing session identifiers (e.g., RSID and/or SSID), agreeing to renegotiate session keys at a more frequent intervals, shortening the valid duration of a session key and re-anchoring/transferring a session to a different network, to a different interface or to a different device, among other things [0032]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Yoon-Lambert to include wherein the one or more electrical signal characteristics include one or more of a change or a fluctuation in impedance that satisfies a condition as disclosed by Small. One of ordinary skill in the art would have been motivated for the purpose of recognizing an attack and responding to the attack (Small [0012]).

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chimakurthy et al. (US 20190158279, hereinafter Chimakurthy), Moyer et al. (US 20200110886 hereinafter Moyer), Yoon et al. (US 20140122888, hereinafter Yoon), Lambert (US 10681038), and in further view of Ma et al. (US 20160371907, hereinafter Ma).

Re. claim 20, the combination of Chimakurthy-Moyer-Yoon-Lambert teach the non-transitory computer-readable medium of claim 15, the combination of Chimakurthy-Moyer-Yoon-Lambert do not explicitly teach but Ma teaches wherein the first device has a button that causes the first device to perform a handshake to negotiate the symmetric key with the peer device when the button is pressed (Ma teaches Once this pairing button is pressed, the electronic lock will emit a pairing secret key, and within a time, for example within 10 seconds, connection is performed after the press of the pairing button in a cellphone to accept the pairing secret key.
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chimakurthy-Moyer-Yoon-Lambert to include wherein the first device has a button that causes the first device to perform a handshake to negotiate the symmetric key with the peer device when the button is pressed as disclosed by Ma. One of ordinary skill in the art would have been motivated for the purpose of signaling the device to initiate connection (Ma [0012]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Driever et al. (US 20200076582) two different devices communicating with a server to establish connection.
Bygrave et al. (US 20190052456) discloses the data is generated with a corresponding access control list, which specifies that a valid certificate must be presented N in order to grant a particular use of the data once stored. The use certificate must be validated before use of the stored data is granted. This enables the tenant to grant use of the stored data for a limited time period.
Duane et al. (US 7461250) discloses certificate exchange.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496