DETAILED ACTION
This Non Final Office Action is in response to Request for Continued Examination filed on 09/12/2022. Claims 1, 6-8, 11, 13-14, 16 and 18-19 have been amended. Claims 1-20 remain pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 10/22/2020 are accepted.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/12/2022 has been entered.

	
	
Response to Arguments 
With respect to independent claims 1, 11 and 16, the applicant’s arguments, see Applicant Remarks, Pages 8-10, regarding the newly added limitations “a shared secret established, prior to the receiving of the connection request,”, filed on 07/25/2022, with respect to the rejection(s) of claims 1, 11 and 16 under 35 U.S.C 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made further in view of the newly found prior art: Zou (US 20150007272 A1). Please see detailed rejection below.
With respect to independent claim 6, applicant stated in pages 10-11 “… claim 6 has been amended to recite: "further comprising generating a symmetric encryption key for the communication between the first physical port of the first entity and the second physical port of the second entity based at least in part on the 20 shared secret."…Applicant respectfully submits that Ho teaches an asymmetric encryption scheme, whereby different keys are used for encryption and decryption”.
Examiner respectfully disagrees. Examiner asserts that Ho does not disclose asymmetric encryption scheme, Ho discloses that both communicating devices compute the same master key as a session key for secure communication as illustrated in Figure 3(9) and Figure 4(9) indicating that the same master key is a symmetric key since both communicating devices are computing and using the same key as a session key for secure communication between the two devices.


Claim Objections
Claims 11 and 16 are objected to because of the following informalities:
Claims 11 and 16 recite “implement the following steps:”, “perform the following steps:”, respectively, emphasis in italic. Examiner recommend replacing the above excerpt with  “implement .
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 6-8, 11, 13-14, 16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ho (US 20100042839 A1), hereinafter Ho in view of Niset et. al. (US 9954859 B2), hereinafter Niset, Reddy et. al. (US 7756027 B1), hereinafter Reddy, and Zou (US 20150007272 A1), hereinafter Zou.

Regarding claim 1 (Currently Amended), Ho teaches a method (Ho [0015] “FIG. 3 illustrates two network devices engaging in mutual authentication through an embodiment of the bitwise password hash verification protocol”), comprising: 
[receiving, by a first entity associated with a communication between a first physical port of the first entity and a second physical port of a second entity, a connection request to establish a communication with the second entity;] 
generating, by the first entity, a first [pseudo]-random value (Ho Figure 3 illustrates Device B 320, i.e. first entity, have its own nonce Nb in step (1b), where nonce is a random number as disclosed in [0024], [0039] “The non-initiating device (device B 320) has its own random number”); 
10providing, by the first entity, the first [pseudo]-random value to the second entity (Ho Figure 3 illustrates Device B 320, i.e. first entity, have its own nonce Nb in step (1b), sent to initiating device A 310, i.e. second entity, in step (4b) [0039] “device B 320 sends to device A 310 its address, its random number”); 
obtaining, by the first entity, a second [pseudo]-random value from the second entity (Ho Figure 3 illustrates sending Nonce Na, i.e. second random value, from Device A 310, second entity, to Device B 320, i.e. first entity, where nonce is a random number as disclosed in [0024], [0038] “First, the initiating device ("device A") 310 generates a random number and sends that random number, its address and public key for a Diffie-Hellman key exchange to a non-initiating device ("device B") 320.”); 
obtaining, by the first entity, a shared secret established, [prior to receiving of the connection request], for communications with the second entity (Ho Figure 3 (3b) [0039] “…device B derives a shared secret, referred to as Diffie-Hellman key ("DHKey") here, based on device A's message, device B's message, and device B's own private key.”); 
15generating, by the first entity, a first hash value based at least in part on the shared secret, the first [pseudo]-random value and the second [pseudo]-random value (Ho Figure 3 (3b) [0039] “Device B 320 then uses the DHKey to key two hashes. The first hash operates on a concatenation of device A's address, device B's address, device A's random number, device B's random number, and their secret password. The second hash also operates on a concatenation of the same parameters, except with those parameters concatenated in a different order than for the first hash. When these two hash functions are completed, device B 320 sends to device A 310 its address, its random number, its public key, and a verification bit such as the least significant bit of one of its hashes.”, where Ho illustrates in (3b) that hash Va2 and hash Vb2 is generated based on DHKey, Na and Nb, concatenated with different order, where Va2 corresponding to the first hash); 
obtaining, by the first entity, a second hash value from the second entity based at least in part on the shared secret, [pseudo]-random value and the second [pseudo]-random value (Ho illustrates in Figure 3 (5a) the initiating device A 310, i.e. second entity, generates two hashes Va1 and Vb1, based on DHKey, Na and Nb, concatenated with different order, [0040] “Upon receiving device B's message, device A 310 performs a counterpart process, deriving the DHKey and computing the hashes keyed by the DHKey on the addresses, random numbers, and password concatenated in the same order as the hashes computed by device B 320.”,  [0040-0042] and Figure 3 (9b) discloses that Device B, i.e. first entity, obtains hash Va1 from Device A, i.e. second entity, on a bit by bit bases and compare the obtained bits of Va1 to the bits of the hash Va2 generated by Device B 320, where Va1 corresponding to the second hash); and 
20authenticating, by the first entity, the communication in response to the first entity validating the first hash value using the second hash value (Ho [0042] “This process of exchanging verification bits from the two hashes continues until either one of the devices fails a check or all checks succeed, at which point the two devices are considered to have successfully authenticated each other. Subsequently, the two devices each compute their shared master key based on their DHKey and their random numbers used in the earlier mutual verifications of the protocol run. Preferably, a standardized one-way cryptographic hash function based on the DHKey will be used in the computation of the shared master key. The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.”)[[,]]; 
wherein the method is performed by at least one processing device of the first entity, said at least one processing device comprising a processor coupled to a memory (Ho discloses in [0026-0030] the devices illustrated in Figure 3, e.g. Device B corresponding to the first entity, comprises processor and memory and transceiver as illustrated in Figure 1).
Ho does not explicitly disclose the below limitation.
Niset discloses receiving, by a first entity associated with a communication between [a first physical port of] the first entity and [a second physical port of] a second entity, a connection request to establish a communication with the second entity (Niset Col. 7 line 43-45 “The agent 30 (i.e. second entity) makes a request for at least one random number to the HRNG device 10 (i.e. first entity).”, where the request is to establish communication pertaining to generating random numbers).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho to incorporate the teaching of Niset to utilize the above feature, with the motivation of detecting possible replay attacks, as recognized by (Niset Col. 7 line 43-45).
Ho in view of Niset do not disclose the below limitations.
Reddy discloses communication between first physical port of the first entity and second physical port of the second entity (Reddy illustrates in Figure 1 switches/entities communicating through their respective physical ports, Col. 4 line 35-40 “Switches 4 execute a protocol for automatically discovering one another as well as the topology by which the network switches are physically connected. That is, the L2 switches utilize the auto-discovery protocol to discover the physical ports that are used to interconnect the switches and the particular ports provide connectivity to other switches that support stacking”)
Reddy further discloses using pseudo-random numbers (Reddy discloses generating pseudo-random numbers for authentication of the neighboring devices, Col. 14 line 17-51 “authentication module 42 may receive an LLDP data unit from a neighboring device that claims to be a switch that is capable of participating as part of a virtual switch (100). When authentication module 42 receives such an LLDP data unit, authentication module 42 may generate a pseudo-random number (102). Authentication module 42 may then send this pseudo-random number to the neighboring switch (104)…When 
authentication module 42 receives this response from the neighboring device, authentication module 42 may determine whether the response includes a correctly encrypted version of the pseudo-random number generated by 
authentication module 42 (108).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset to incorporate the teaching of Reddy to utilize the above feature, with the motivation of physically interconnecting switches utilizing auto-discovery protocol, as recognized by (Reddy Col. 1 line 45-60), and further it would be obvious to try from a finite type of random number generators, i.e. true or pseudo random generators.
Ho in view of Niset and Reddy do not disclose the below limitation.
Zou discloses obtaining, by the first entity, a shared secret established, prior to receiving of the connection request (Zou discloses in claim 16 “wherein the request is authenticated by a pre-shared key that the control controller provided to the network device and the peer device before the request being transmitted.”, [0021] “The controller will also securely push the pre-shared key to the two devices so that a VPN connection can be established between these two network devices.”, see [0053-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset and Reddy to incorporate the teaching of Zou to utilize the above feature, with the motivation of authenticating requests, as recognized by (Zou Claim 16).

Regarding claim 2 (Original), Ho in view of Niset and Reddy and Zou teaches the method of claim 1, wherein the first entity comprises a target and wherein the second entity comprises an initiator (Ho illustrates in Figure 3, Device B 320 “Non-initiating device B” corresponding to first entity, i.e. target, and the “Initiating device A” corresponding to the second entity, i.e. initiator).  

Regarding claim 3 (Original), Ho in view of Niset and Reddy and Zou teaches the method of claim 1, wherein the validating the first hash value using the second hash value comprises determining if the first hash value matches the 30second hash value (Ho discloses verifying that the bits of the generated hash Va2 and the obtained hash Va1 matching as disclosed in [0040] “…compares the verification bit sent by device B 320 to the corresponding verification bit from its own computed hash for that address, random number, and password order. If the bits match…”, disclosed in [0040-0042], and further illustrated in Figure 3 (8b) and Figure 5 (552).

Regarding claim 6 (Currently Amended), H Ho in view of Niset and Reddy and Zou teaches the method of claim 1, further comprising generating [[an]] a symmetric encryption key for the communication between [the first physical port of] the first entity and [the second physical port of] the second entity based at least in part on the shared secret (Ho [0042] “This process of exchanging verification bits from the two hashes continues until either one of the devices fails a check or all checks succeed, at which point the two devices are considered to have successfully authenticated each other. Subsequently, the two devices each compute their shared master key based on their DHKey and their random numbers used in the earlier mutual verifications of the protocol run. Preferably, a standardized one-way cryptographic hash function based on the DHKey will be used in the computation of the shared master key. The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.”, where both communicating devices compute the same master key as a session key for secure communication as illustrated in Figure 3(9) indicating that the same master key is a symmetric key).
Ho does not disclose physical ports. Reddy discloses physical ports. Rationale and motivation in claim 1 apply.  

Claims 13 (Currently Amended) and 18 (Currently Amended) are directed to an apparatus and a non-transitory processor-readable storage medium, respectively, associated with the method claimed in claim 6. Claims 13 and 18 are similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 

Regarding claim 7 (Currently Amended), Ho in view of Niset and Reddy and Zou teaches the method of claim 6, wherein the communication between [the first physical port of] the first entity and [the second physical port of] the second entity employs a secure authenticated communication channel using the symmetric encryption key (Ho [0042] “The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.” .”, where both communicating devices compute the same master key as a session key for secure communication as illustrated in Figure 3(9) indicating that the same master key is a symmetric key). 
Ho does not disclose physical ports. Reddy discloses physical ports. Rationale and motivation in claim 1 apply.  
  
Regarding claim 8 (Currently Amended), Ho in view of Niset and Reddy and Zou teaches the method of claim 7, wherein each message on the secure authenticated communication channel is encrypted using the symmetric encryption key (Ho [0042] “The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.” .”, where both communicating devices compute the same master key as a session key for secure communication as illustrated in Figure 3(9) indicating that the same master key is a symmetric key).

Regarding claim 514. (Original), Ho in view of Niset and Reddy and Zou teaches the apparatus of claim 13, wherein the communication between [the first physical port of] the first entity and [the second physical port of]  the second entity employs a secure authenticated communication channel using the encryption key and wherein each message on the secure authenticated communication channel is encrypted using the encryption key (Ho [0042] “The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.”). 
Ho does not disclose physical ports. Reddy discloses physical ports. Rationale and motivation in claim 1 apply.

Claim 19 (Currently Amended) is directed to a non-transitory processor-readable storage medium associated with the method claimed in claim 14. Claim 19 is similar in scope to claim 14, and is therefore rejected with the same rationale and motivation as claim 14. 

Regarding claim 11 (Currently Amended), Ho teaches an apparatus (Ho [0015] “FIG. 3 illustrates two network devices engaging in mutual authentication through an embodiment of the bitwise password hash verification protocol”) comprising: 
at least one processing device of a first entity associated with a communication between [a first physical port of] the first entity and [a second physical port of] a second 5entity (Ho Figure 3 illustrates communication between Device B 320, i.e. first entity and Device A 310, i.e. second entity, where the devices comprises processors as illustrated in Figure 1 and [0026-0030]), 
wherein the at least one processing device comprises a processor coupled to a memory (Ho [0029] “The processor 120 further manipulates data to support a protocol run. The processor 120 typically has a local machine readable medium, such as random access memory (RAM), which allows the temporary storage of signal data for later conversion and transmission”); 
the at least one processing device of the first entity being configured to implement the following steps: 
[receiving, by a first entity associated with a communication between a first 10physical port of the first entity and a second physical port of a second entity, a connection request to establish a communication with the second entity]; 
generating a first [pseudo]-random value (Ho Figure 3 illustrates Device B 320, i.e. first entity, have its own nonce Nb in step (1b), where nonce is a random number as disclosed in [0024], [0039] “The non-initiating device (device B 320) has its own random number”); 
providing the first [pseudo]-random value to the second entity (Ho Figure 3 illustrates Device B 320, i.e. first entity, have its own nonce Nb in step (1b), sent to initiating device A 310, i.e. second entity, in step (4b) [0039] “device B 320 sends to device A 310 its address, its random number”); 
obtaining a second [pseudo]-random value from the second entity (Ho Figure 3 illustrates sending Nonce Na, i.e. second random value, from Device A 310, second entity, to Device B 320, i.e. first entity, where nonce is a random number as disclosed in [0024], [0038] “First, the initiating device ("device A") 310 generates a random number and sends that random number, its address and public key for a Diffie-Hellman key exchange to a non-initiating device ("device B") 320.”); 
15obtaining, by the first entity, a shared secret established, prior to the receiving of the connection request, for communications with the second entity (Ho Figure 3 (3b) [0039] “…device B derives a shared secret, referred to as Diffie-Hellman key ("DHKey") here, based on device A's message, device B's message, and device B's own private key.”); 
generating , by the first entity, a first hash value based at least in part on the shared secret, [pseudo]-random value and the second [pseudo]-random value (Ho Figure 3 (3b) [0039] “Device B 320 then uses the DHKey to key two hashes. The first hash operates on a concatenation of device A's address, device B's address, device A's random number, device B's random number, and their secret password. The second hash also operates on a concatenation of the same parameters, except with those parameters concatenated in a different order than for the first hash. When these two hash functions are completed, device B 320 sends to device A 310 its address, its random number, its public key, and a verification bit such as the least significant bit of one of its hashes.”, where Ho illustrates in (3b) that hash Va2 and hash Vb2 is generated based on DHKey, Na and Nb, concatenated with different order); 
obtaining, by the first entity, a second hash value from the second entity based at least in part on the shared secret, the first [pseudo]-random value and the second [pseudo]-random value (Ho illustrates in Figure 3 (5a) the initiating device A 310, i.e. second entity, generates two hashes Va1 and Vb1, based on DHKey, Na and Nb, concatenated with different order, [0040] “Upon receiving device B's message, device A 310 performs a counterpart process, deriving the DHKey and computing the hashes keyed by the DHKey on the addresses, random numbers, and password concatenated in the same order as the hashes computed by device B 320.”,  [0040-0042] and Figure 3 (9b) discloses that Device B, i.e. first entity, obtains hash Va1 from Device A, i.e. second entity, on a bit by bit bases and compare the obtained bits of Va1 to the bits of the hash Va2 generated by Device B 320); 20and 
authenticating the communication in response to the first entity validating the first hash value using the second hash value (Ho [0042] “This process of exchanging verification bits from the two hashes continues until either one of the devices fails a check or all checks succeed, at which point the two devices are considered to have successfully authenticated each other. Subsequently, the two devices each compute their shared master key based on their DHKey and their random numbers used in the earlier mutual verifications of the protocol run. Preferably, a standardized one-way cryptographic hash function based on the DHKey will be used in the computation of the shared master key. The master key is then used directly or indirectly to secure data communications between the two devices. When used to secure data communication directly, the master key is used as the key to secure, i.e., to encrypt and authenticate, the data communications.”).  
Ho does not explicitly disclose the below limitation.
Niset discloses receiving, by a first entity associated with a communication between a first 10physical port of the first entity and a second physical port of a second entity, a connection request to establish a communication with the second entity (Niset Col. 7 line 43-45 “The agent 30 (i.e. second entity) makes a request for at least one random number to the HRNG device 10 (i.e. first entity).”, where the request is to establish communication pertaining to generating random numbers).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho to incorporate the teaching of Niset to utilize the above feature, with the motivation of detecting possible replay attacks, as recognized by (Niset Col. 7 line 43-45).
Ho in view of Niset do not disclose the below limitations.
Reddy discloses communication between first physical port of the first entity and second physical port of the second entity (Reddy illustrates in Figure 1 switches/entities communicating through their respective physical ports, Col. 4 line 35-40 “Switches 4 execute a protocol for automatically discovering one another as well as the topology by which the network switches are physically connected. That is, the L2 switches utilize the auto-discovery protocol to discover the physical ports that are used to interconnect the switches and the particular ports provide connectivity to other switches that support stacking”)
Reddy further discloses using pseudo-random numbers (Reddy discloses generating pseudo-random numbers for authentication of the neighboring devices, Col. 14 line 17-51 “authentication module 42 may receive an LLDP data unit from a neighboring device that claims to be a switch that is capable of participating as part of a virtual switch (100). When authentication module 42 receives such an LLDP data unit, authentication module 42 may generate a pseudo-random number (102). Authentication module 42 may then send this pseudo-random number to the neighboring switch (104)…When 
authentication module 42 receives this response from the neighboring device, authentication module 42 may determine whether the response includes a correctly encrypted version of the pseudo-random number generated by 
authentication module 42 (108).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset to incorporate the teaching of Reddy to utilize the above feature, with the motivation of physically interconnecting switches utilizing auto-discovery protocol, as recognized by (Reddy Col. 1 line 45-60), and further it would be obvious to try from a finite type of random number generators, i.e. true or pseudo random generators.
Ho in view of Niset and Reddy do not disclose the below limitation.
Zou discloses obtaining, by the first entity, a shared secret established, prior to receiving of the connection request (Zou discloses in claim 16 “wherein the request is authenticated by a pre-shared key that the control controller provided to the network device and the peer device before the request being transmitted.”, [0021] “The controller will also securely push the pre-shared key to the two devices so that a VPN connection can be established between these two network devices.”, see [0053-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset and Reddy to incorporate the teaching of Zou to utilize the above feature, with the motivation of authenticating requests, as recognized by (Zou Claim 16).

Claim 16 (Currently Amended) is directed to an apparatus and a non-transitory processor-readable storage medium associated with the apparatus claimed in claim 11. Claim 16 is similar in scope to claim 1, and is therefore rejected with the same rationale and motivation as claim 11. 
  
Claims  4, 12 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Ho (US 20100042839 A1), hereinafter Ho in view of Niset et. al. (US 9954859 B2), hereinafter Niset, Reddy et. al. (US 7756027 B1), hereinafter Reddy, Zou (US 20150007272 A1), hereinafter Zou, and Bestler et. al. (US 20180018229 A1), hereinafter Bestler.

Regarding claim 4 (Original), Ho in view of Niset and Reddy and Zou teaches the method of claim 1, further comprising generating a third hash value based at least in part on the shared secret and providing the third hash value to the second entity (Ho Figure 3 (3b) [0039] “Device B 320 then uses the DHKey to key two hashes. The first hash operates on a concatenation of device A's address, device B's address, device A's random number, device B's random number, and their secret password. The second hash also operates on a concatenation of the same parameters, except with those parameters concatenated in a different order than for the first hash. When these two hash functions are completed, device B 320 sends to device A 310 its address, its random number, its public key, and a verification bit such as the least significant bit of one of its hashes.”, where Ho illustrates in (3b) that hash Va2 and hash Vb2 is generated based on DHKey, Na and Nb, concatenated with different order, where Va2 corresponding to the first hash, where Vb2 corresponds to the third hash), wherein the second entity generates a fourth hash value based at least in part on the shared secret (Ho illustrates in Figure 3 (5a) the initiating device A 310, i.e. second entity, generates two hashes Va1 and Vb1, based on DHKey, Na and Nb, concatenated with different order, [0040] “Upon receiving device B's message, device A 310 performs a counterpart process, deriving the DHKey and computing the hashes keyed by the DHKey on the addresses, random numbers, and password concatenated in the same order as the hashes computed by device B 320.”,  [0040-0042] and Figure 3 (9b) discloses that Device B, i.e. first entity, obtains hash Va1 from Device A, i.e. second entity, on a bit by bit bases and compare the obtained bits of Va1 to the bits of the hash Va2 generated by Device B 320, where Vb1 corresponding to the fourth hash).
Ho discloses the first, second, third and fourth hash as described in claim 1, and further discloses verifying first and second hash matching and third and fourth hash matching, where Ho discloses that in the case of successful hash matching, an authentication between Device A and Device B is achieved, and a subsequent master key is created to establish secure communication between Device A and Device B as disclosed in Ho [0042], which can be construed as an acknowledgement. However, Ho in view of Niset, Reddy and Zou do not explicitly disclose the below limitation of providing an acknowledgement.
Bestler discloses provides an acknowledgement to the first entity in response 5to the fourth hash value matching the third hash value (Bestler [0150] “Each recipient validates the received chunk by calculating the cryptographic hash of the received payload. If this does not match the Chunk ID, the payload is discarded and a negative Chunk Acknowledgement is sent to the Initiator reporting a transmission error. This is unchanged from the disclosure in the Incorporated References. [0163] Otherwise, the required local storage is created, before a Chunk Acknowledgement is sent. Storing the contents locally may involve storing the whole replica, combining the received data with an existing PPC, or creating a new parity protection permanent identifier referring to a PPC covering only the received chunk. [0164] If the Initiator does not receive sufficient positive Chunk Acknowledgements, it will either retry the transaction or return an error to the application layer.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset and Reddy and Zou to incorporate the teaching of Bestler to utilizes the above feature, with the motivation of confirming the transactions and avoiding returning an error, as recognized by (Bestler [0150]).
Claims 12 and 17 are directed to an apparatus and a non-transitory processor-readable storage medium, respectively, associated with the method claimed in claim 4. Claims 12 and 17 are similar in scope to claim 4, and are therefore rejected with the same rationale and motivation as claim 4. 

Claims 5 is rejected under 35 U.S.C. 103 as being unpatentable over Ho (US 20100042839 A1), hereinafter Ho in view of Niset et. al. (US 9954859 B2), hereinafter Niset, Reddy et. al. (US 7756027 B1), hereinafter Reddy, Zou (US 20150007272 A1), hereinafter Zou, Bestler et. al. (US 20180018229 A1), hereinafter Bestler, and Fok et. al. (US 20080215883 A1), hereinafter Fok.

Regarding claim 5 (Original), Ho in view of Niset and Reddy, Zou and Bestler teaches the method of claim 4, 
Ho discloses the first, second, third and fourth hash as described in claim 1, and further discloses verifying first and second hash matching and third and fourth hash matching, where Ho discloses that in the case of successful hash matching, an authentication between Device A and Device B is achieved, and a subsequent master key is created to establish secure communication between Device A and Device B as disclosed in Ho [0042], which can be construed as an acknowledgement. Otherwise, in the case of unsuccessful hash matching, the verification process is aborted, an authentication between Device A and Device B is not achieved, and a subsequent master key is not created to establish secure communication between Device A and Device B, which can be construed as an error. However, Ho in view of Niset, Reddy and Zou do not explicitly disclose the below limitation of generating an error.
Bestler discloses further comprising generating a connection error in response to hash values not matching (Bestler [0150] “Each recipient validates the received chunk by calculating the cryptographic hash of the received payload. If this does not match the Chunk ID, the payload is discarded and a negative Chunk Acknowledgement is sent to the Initiator reporting a transmission error. This is unchanged from the disclosure in the Incorporated References. [0163] Otherwise, the required local storage is created, before a Chunk Acknowledgement is sent. Storing the contents locally may involve storing the whole replica, combining the received data with an existing PPC, or creating a new parity protection permanent identifier referring to a PPC covering only the received chunk. [0164] If the Initiator does not receive sufficient positive Chunk Acknowledgements, it will either retry the transaction or return an error to the application layer.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset and Reddy to incorporate the teaching of  Bestler to utilizes the above feature, with the motivation of confirming the transactions and avoiding returning an error, as recognized by (Bestler [0150]).
Ho in view of Niset, Reddy, Zou and Bestler do not disclose the below limitations.
Fok discloses in response to hash values not matching…a subsequent connection request from the second entity to the first entity is blocked by the 10first entity ([0055] “The recipient application 104 can verify the sender of the data event by also incrementing the random number (and, e.g., hashing and truncating it as appropriate) and comparing the result to the random number included within the data event. Consequently, system 100 provides both for secure, round-trip communication as well as a mechanism to identify a round-trip. Alternatively, or in addition, if a random number comparison does not match, the received communication can be ignored. If a random number comparison does not match for a predetermined and/or configurable number of received communications (e.g., 3), subsequent requests/responses can be ignored until a handshake is re-initiated between the primary application 102 and recipient application 104, re-establishing a secure channel between the applications (102, 104).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset, Reddy, Zou and Bestler to incorporate the teaching of Fok to utilize the above feature, with the motivation of enhancing security by reinitiating a handshake in the case of multiple hash matching is detected, as recognized by (Fok [0055]).
  
Claims 9-10, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ho (US 20100042839 A1), hereinafter Ho in view of Niset et. al. (US 9954859 B2), hereinafter Niset, Reddy et. al. (US 7756027 B1), hereinafter Reddy, Zou (US 20150007272 A1), hereinafter Zou, and Van et. al. (US 10868679 B1), hereinafter Van.

Regarding claim 9 (Original), Ho in view of Niset and Reddy and Zou teaches the method of claim 6, 
Ho in view of Niset do not disclose the below limitations.
Reddy discloses the communication between the first physical ports of the first entity and second physical ports of the second entity. Rationale and motivation in claim 1 applies. 
Ho in view of Niset, Reddy and Zou do not disclose the below limitations.
Van  discloses wherein each packet of the communication between the first entity and the second entity comprises a Message Authentication Code to detect corruption of data in a given packet (Van Figure 15A illustrates receiving a packet and determine validity of its MAC (1596-0 and 1596-8) and further discloses each communicated packet is associated with message authentication code (MAC), where the MAC, generated/derived from various fields, illustrated in Figure 10, is used for packet validation by the receiving node, Col. 10 line 34-39 “In FIG. 10, the MAC can be generated with a hash based authentication code (HMAC) algorithm 1080, such as HMAC-SHA2 or SHA3 as but two of many possible examples. The HMAC algorithm 1080 can utilize fields 1076-0 to 1076-6 and a session key 1078 to generate the MAC for field 1076-7. ”, Col. 14 line 32-41 “A method 1596 can determine if a MAC of the received packet is valid 1596-8. If the MAC is not determined to be invalid (e.g., the decoded values do not match), a method 1596-9 can follow a predetermined bad authentication response 1596-9, A bad authentication response can include any suitable response, including no response at all. If the MAC is determined to be valid (Y from 1596-8), a method 1596 can execute various operations depending on the access type 1596-10, In the embodiment shown, access types can include read, program and erase.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset, Reddy and Zou to incorporate the teaching of Van to utilize the above feature, with the motivation of determining validity of received packet, as recognized by (Van ”, Col. 14 line 32-41).
Claims 15 and 20 are directed to an apparatus and non-transitory processor-readable storage medium, respectively, associated with the method claimed in claim 9. Claims 15 and 20 are similar in scope to claim 9, and are therefore rejected with the same rationale and motivation as claim 9. 
  
Regarding claim 10 (Original), Ho in view of Niset, Reddy, Zou and Van teaches the method of claim 9, 
Ho in view of Niset discloses the aforementioned limitations, where first entity and second entity communication is based on performing the authentication steps disclosed above in claim 1, however, Ho n view of Niset does not disclose the below limitations.
Reddy discloses the communication between the first physical ports of the first entity and second physical ports of the second entity. Rationale and motivation in claim 1 applies. 
Ho in view of Niset, Reddy and Zou do not explicitly disclose the below limitations.
Van discloses wherein each packet of the communication between the first entity and the 30second entity further comprises a sequence number to derive the Message Authentication Code of a given packet for verification by a recipient of the given packet (Van Figure 15A illustrates receiving a packet and determine validity of its MAC (1596-0 and 1596-8) and further discloses each communicated packet is associated with message authentication code (MAC), where the MAC, generated/derived from various fields, illustrated in Figure 10, including counter 1076-3 corresponding to a sequence number, is used for packet validation by the receiving node, Col. 10 line 34-39 “In FIG. 10, the MAC can be generated with a hash based authentication code (HMAC) algorithm 1080, such as HMAC-SHA2 or SHA3 as but two of many possible examples. The HMAC algorithm 1080 can utilize fields 1076-0 to 1076-6 and a session key 1078 to generate the MAC for field 1076-7. ”, Col. 14 line 32-41 “A method 1596 can determine if a MAC of the received packet is valid 1596-8. If the MAC is not determined to be invalid (e.g., the decoded values do not match), a method 1596-9 can follow a predetermined bad authentication response 1596-9, A bad authentication response can include any suitable response, including no response at all. If the MAC is determined to be valid (Y from 1596-8), a method 1596 can execute various operations depending on the access type 1596-10, In the embodiment shown, access types can include read, program and erase.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Ho in view of Niset, Reddy and Zou to incorporate the teaching of Van to utilize the above feature, with the motivation of determining validity of received packet, as recognized by (Van ”, Col. 14 line 32-41).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Khanna (US 11283793 B2) discloses receiving, prior to the access request, the shared key in the encrypted redirect request from the client application.
Maslak (US 20180123959 A1) discloses Transport Layer Security (TLS) may utilize an additional exchange of information (such as encryption key exchange) prior to the transmission of a request.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497