DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-11 and 16-18 are pending in this application.
Claims 1-11 are currently amended as part of the preliminary amendment submitted on 12/28/2020.
Claims 12-15 are cancelled as part of the preliminary amendment.
Claims 12-15 are newly added.
IDS submitted on 01/12/2021 and 11/02/2022 are considered by the Examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 9 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 9 recites “the validation server previously implements” in line 2. It’s not clear what point of time “previously” is referring to. 
An appropriate correction is required.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3-4 and 11 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Miller et al. (US 2018/0041468 A1) (hereinafter, “Miller”).

As to claim 1, Miller discloses a method for verifying validity of an IP resource associated with a client domain, implemented in a server, called an access control server (Fig. 1, address auditor 136 corresponds to an access control server), said method comprising: 
receiving a list of at least one IP resource associated with said client domain, transmitted from a client node of said client domain to said access control server (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es).” -e.g. see, [0055]; herein, the new addresses (i.e. IP resource) is received by the address auditor 136 (i.e. access control server); a service is a web service 150 is client domain to the address auditor); 
selecting at least one IP resource to be validated from said list (“address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid, address auditor 136 may update the IP addresses for the service in database 137 and then notify address merger 138.” -e.g. see, [0055], lines 1-6; herein at least one of the addresses is selected to be validated); and 
verifying that said at least one selected IP resource is associated with said client domain (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es). Address auditor 136 may then audit the IP address(es) to confirm their existence. For example, address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid” -e.g. see, [0055]; herein, an IP address associated with a network endpoint of a service (i.e. client domain) is verified for existence and validity).

As to claim 3, Miller discloses the method according to claim 1, wherein said verification comprises: 
obtaining an item of information representative of an identity of said client domain (“… an address auditor can include an interface, such as a web service API, that can receive a message from a web service, which can include an identifier for the service (e.g., a name and location where the service operates) and the IP address range that is being added. The message can be parsed and the contents (e.g., the identifier and the IP addresses) can be stored in a data store. The address auditor can include a worker process that checks the data store for new messages and then processes them.” -e.g. see, [0126]; herein, a web service obtains an identifier for a service (i.e. client domain) associated with a list of IP addresses and sends to an address auditor (i.e. to an access control server); Web service is a client of address auditor service (i.e. client of access control server)); 
identifying at least one validation server associated with said at least one selected IP resource (“Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses.” -e.g. see, [0127]; herein, Network endpoint corresponds to a validation server; address auditor (i.e. an access control server) transmits to a network endpoint (e.g., a load balancer) for interrogating (i.e. identified and sent for validation to a network endpoint)).; and 
transmitting to said at least one validation server at least one request comprising said item of information representative of the identity of said client domain and said at least one selected IP resource (“Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses.” -e.g. see, [0127]; herein, address auditor transmits to a network endpoint for interrogating (i.e. for validating)).

As to claim 4, Miller discloses a method for declaring an IP resource associated with a client domain, implemented in a client node of said client domain (e.g. see, Fig. 1, [0055]; herein, the new addresses (i.e. IP resource) are received by the address auditor 136 (i.e. access control server); herein a service is equivalent to a  client node and a web service 150 which comprises services is equivalent to a client domain to the address auditor), said method comprising: 
obtaining a list of at least one IP resource associated with the client domain (“… an address auditor can include an interface, such as a web service API, that can receive a message from a web service, which can include an identifier for the service (e.g., a name and location where the service operates) and the IP address range that is being added. The message can be parsed and the contents (e.g., the identifier and the IP addresses) can be stored in a data store. The address auditor can include a worker process that checks the data store for new messages and then processes them.” -e.g. see, [0126]; herein, a web service obtains an identifier for a service (i.e. client domain) associated with a list of IP addresses and sends to an address auditor (i.e. to an access control server); Web service is a client of address auditor service (i.e. client of access control server)); and 
transmitting said list to an access control server configured to verify that said at least one IP resource is associated with said client domain (“… an address auditor can include an interface, such as a web service API, that can receive a message from a web service, which can include an identifier for the service (e.g., a name and location where the service operates) and the IP address range that is being added. The message can be parsed and the contents (e.g., the identifier and the IP addresses) can be stored in a data store. The address auditor can include a worker process that checks the data store for new messages and then processes them.” -e.g. see, [0126]; herein, the list is transmitted to an address auditor (i.e. to an access control server); Miller further discloses: “Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses.” -e.g. see, [0127]; herein, address auditor interrogates (i.e. verifies the IP address)).

As to claim 11, Miller discloses an access control server comprising: at least one programmable computing machine or one dedicated computing machine configured to verify validity of an IP resource associated with a client domain (Fig. 1, address auditor 136 corresponds to an access control server), implementing: 
receiving a list of at least one IP resource associated with said client domain, transmitted from a client node of said client domain to said access control server (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es).” -e.g. see, [0055]; herein, the new addresses (i.e. IP resource) is received by the address auditor 136 (i.e. access control server); a service is a web service 150 is client domain to the address auditor); 
selecting at least one IP resource to be validated from said list (“address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid, address auditor 136 may update the IP addresses for the service in database 137 and then notify address merger 138.” -e.g. see, [0055], lines 1-6; herein at least one of the addresses is selected so at to be validated); and 
verifying that said at least one selected IP resource is associated with said client domain (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es). Address auditor 136 may then audit the IP address(es) to confirm their existence. For example, address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid” -e.g. see, [0055]; herein, an IP address associated with a network endpoint of a service (i.e. client domain) is verified for existence and validity).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Miller as applied to claims above, and further in view of Li et al. (US 2018/0054438 A1) (hereinafter, “Li”).

As to claim 2, Miller discloses the method according to claim 1, wherein said verifying comprises: 
transmitting at least one request to at least one selected IP resource, to be received or intercepted … of said client domain associated with said at least one selected IP resource, said request comprising a control message (“Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses. The service may, for example, place the IP addresses in the load balancer to begin allowing routing to the service. In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.” -e.g. see, [0127]; herein, a network endpoint (e.g. a load balancer) receives a request from an address auditor as a control message; see also, [0126]; which describes a message (i.e. a control message)); 
receiving a response including an item of information characteristic of said control message, transmitted by said client node to said access control server, said … request to said client node (“In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.-. e.g. see, [0127]; herein, the network endpoint returns includes characteristic regarding validity of the IP address to the address auditor); and 
validating said at least one IP resource selected by correlating said request and said response (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es). Address auditor 136 may then audit the IP address(es) to confirm their existence. For example, address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid” -e.g. see, [0055]; herein, an IP address associated with a network endpoint of a service (i.e. client domain) is verified for existence and validity).
Miller may not explicitly disclose request to be received or intercepted by at least one relay node of said client domain; said relay node having previously relayed said request to said client node.
However, in an analogous art, Li discloses request to be received or intercepted by at least one relay node of said client domain (Li: “The edge router 135 is illustrative or a receiving edge router through which data may be passed to a proxy service 140 responsible for ensuring received data is properly authenticated prior to allowing received data to be passed to one or more destination storage repositories 145a-n. The proxy service 140 is described in further detail below with reference to FIGS. 2B and 3." -e.g. see, [0022], Fig. 1, edge router 135; herein, “edge router 135” is equivalent to “relay node” which intercepts data passed from a client node (Fig. 1, item 110a) of a client domain (Fig. 1, item 105) to an access control server (Fig. 1, Proxy service 140); Furthermore, edge router 120 of Fig. 1 can also be interpreted as relay node-e.g. see, Li:  [0020]); said relay node having previously relayed said request to said client node (Li: [0022]; edge router 135 is equivalent to relay node; Moreover, Li teaches: “At operation 315, when a data upload/download/read request is received at the proxy service 140, an IP address for the computing device/system 110a-n from which the request is received is compared against a list of IP addresses 265 maintained by or accessed by the proxy service 140 for determining whether the IP address associated with the requesting device matches an IP address that previously has been authenticated successfully by the proxy service 140 from which valid upload/download/read requests may be received.” -e.g. see, Li: [0043]; herein, edge router 120 or 135 (i.e. relay node) passed request that previously has been authenticated successfully by the proxy service 140 which is equivalent to “previously relayed request”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was to modify the invention of Miller with the teaching of Li in order to provide a mechanism to authenticate data uploads and data downloads/read requests from sources/requesters not previously designated as trustworthy sources/requesters as suggested by Li (Spec., [0002]).

As to claim 5, Miller discloses the method according to claim 4, comprising:
 receiving at least one request originating from said access control server, … said client domain associated with at least one IP resource selected from said list by said access control server, said request comprising a control message (“Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses. The service may, for example, place the IP addresses in the load balancer to begin allowing routing to the service. In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.” -e.g. see, [0127]; herein, a network endpoint (e.g. a load balancer) receives a request from an address auditor as a control message; see also, [0126]; which describes a message (i.e. a control message)); and 
transmitting to said access control server a response including an item of information characteristic of said control message (“In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.-. e.g. see, [0127]; herein, the network endpoint returns includes characteristic regarding validity of the IP address to the address auditor).
Miller may not explicitly disclose receiving request via at least one replay node of said client domain.
However, in an analogous art, Li discloses receiving request via at least one replay node of said client domain (Li: “The edge router 135 is illustrative or a receiving edge router through which data may be passed to a proxy service 140 responsible for ensuring received data is properly authenticated prior to allowing received data to be passed to one or more destination storage repositories 145a-n. The proxy service 140 is described in further detail below with reference to FIGS. 2B and 3." -e.g. see, [0022], Fig. 1, edge router 135; herein, “edge router 135” is equivalent to “relay node” which intercepts data passed from a client node (Fig. 1, item 110a) of a client domain (Fig. 1, item 105) to an access control server (Fig. 1, Proxy service 140); Furthermore, edge router 120 of Fig. 1 can also be interpreted as relay node-e.g. see, Li:  [0020], see also, Li: [0045]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was to modify the invention of Miller with the teaching of Li in order to provide a mechanism to authenticate data uploads and data downloads/read requests from sources/requesters not previously designated as trustworthy sources/requesters as suggested by Li (Spec., [0002]).

Claims 6, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Miller as applied to claims above, and further in view of Lea (US 2016/0028554 A1) (hereinafter, “Lea”).

As to claim 6, Miller discloses the method according to claim 4, comprising: 
receiving an item of information representative of the identity of said client domain (“… an address auditor can include an interface, such as a web service API, that can receive a message from a web service, which can include an identifier for the service (e.g., a name and location where the service operates) and the IP address range that is being added. The message can be parsed and the contents (e.g., the identifier and the IP addresses) can be stored in a data store. The address auditor can include a worker process that checks the data store for new messages and then processes them.” -e.g. see, [0126]; herein, a web service obtains an identifier for a service (i.e. client domain) associated with a list of IP addresses and sends to an address auditor (i.e. to an access control server); Web service is a client of address auditor service (i.e. client of access control server)), … and 
transmitting to said access control server said item of information representative of the identity of said client domain (“In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.-. e.g. see, [0127]; herein, the network endpoint returns includes characteristic regarding validity of the IP address to the address auditor).
Miller may not explicitly disclose an item of information generated by a validation server associated with at least one IP resource selected from said list by said access control server. 
However, in an analogous art, Lea discloses an item of information generated by a validation server associated with at least one IP resource selected from said list by said access control server (Lea: “In an aspect, in response to reception of the registration request message, the registration component 220 looks up the MN 102.sub.1 (e.g., via its identifier) in the subscriber database 222 to determine whether the MN 102.sub.1 is registered and authorized to employ the services of network 100. In response to determination that the MN 102.sub.1 is registered and authorized, the registration component 220 associates the assigned IP address with the MN 102.sub.1 (e.g., in the subscriber database 222), and returns a registration request acknowledgement (ACK) message back to the aAR 104.sub.1. This registration request acknowledgement message includes the following three key pieces of information: (1) a session key (referred to herein as Kc), (2) an authentication challenge (referred to as RAND as it contains a random variable), and (3) the correct response to the authentication challenge, (referred to as RES).” -e.g. see, Lea: [0046]; see also, Fig. 2; herein, registration server 110 of Fig. 2 corresponds to validation server, access router 104 of Fig. 2 corresponds to access control server and mobile node 102 of Fig. 2 corresponds to client node; network 100 is referred to a client domain; Moreover, a registration component 220 of registration server 110 (i.e. validation server) returns (i.e. generates) a registration request acknowledgement (ACK) message (i.e. an item of information representative of the identity of said client domain) back to the aAR 104 (i.e. transmitted to the access control server); see also, Lea: Fig. 4, [0039], [0045], [0049]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller as taught by Lea in order to make sure only authorized mobile nodes are provided with services of the network (Lea: [0046]).

As to claims 10, Miller disclosed the method according to claim 1, Miller may not explicitly disclose the method according to claim 1, wherein a validity period is associated with said list of at least one IP resource associated with the client domain.
However, in an analogous art, Lea discloses wherein a validity period is associated with said list of at least one IP resource associated with the client domain (“Network 100 uses dynamic anchoring where a MN acquires IP addresses dynamically from nearby ARs. Furthermore, a MN in Network 100 keep the same acquired IP address even when it moves into a new cell. The AR from which a MN has acquired its IP address is referred to herein as the MN's anchor AR (aAR). Each time an AR assigns an IP address to a MN, the AR also defines a lifetime for use of the IP address by the MN.” -e.g. see, Lea: [0039]; herein, a lifetime (i.e. validity period) is associated with an IP address (i.e. at least one IP resource) associated with a Network 100 (i.e. client domain); herein each MN (mobile node) corresponds to client node in a Network 100 (i.e. in a client domain); see also, Lea: [0045], [0049]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller as taught by Lea in order to ensures that the mobile node will not travel too far away from its anchor access router (Lea: [0039]). 

As to claim 16, it is rejected using the similar rationale as for the rejection of claim 10. 

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Miller and further in view of Hsu et al. (US 2019/0327222 A1) (hereinafter, “Hsu”).

As to claim 8, Miller discloses a method for verifying validity of an IP resource associate with a client domain, … associated with at least one IP resource selected by an access control server from a list of at least one IP resource associated with the client domain, previously transmitted from a client node of said client domain to said access control server (“…an address auditor can include an interface, such as a web service API, that can receive a message from a web service, which can include an identifier for the service (e.g., a name and location where the service operates) and the IP address range that is being added. The message can be parsed and the contents (e.g., the identifier and the IP addresses) can be stored in a data store. The address auditor can include a worker process that checks the data store for new messages and then processes them.” -e.g. see, [0126]; herein, address auditor is equivalent to access control server which receives IP address associated with service from web services (i.e. from client domain); see also, [0127]), said method comprising: 
receiving at least one request comprising an item of information representative of an identity of a client domain and of said at least one selected IP resource (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es).” -e.g. see, [0055]; herein, the new addresses (i.e. IP resource) is received by the address auditor 136 (i.e. access control server); a service is a web service 150 is client domain to the address auditor; see also, [0126]; herein, “an identifier for the service” is equivalent to “an item of information representative of an identity of a client domain”); 
identifying said client domain based on said item of information representative of the identity of the client domain (“address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid, address auditor 136 may update the IP addresses for the service in database 137 and then notify address merger 138.” -e.g. see, [0055], lines 1-6; herein at least one of the addresses is selected to be validated); and 
verifying the association of said at least one selected IP resource with the client domain, taking into account the identity of the client domain (“If a service desires to place one or more new IP addresses into use, it may place the IP addresses on an associated network endpoint (e.g., a load balancer) to indicate that they are in service and notify address auditor 136 of the new address(es). Address auditor 136 may then audit the IP address(es) to confirm their existence. For example, address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid” -e.g. see, [0055]; herein, an IP address associated with a network endpoint of a service (i.e. client domain) is verified for existence and validity).
Miller may not explicitly disclose verifying validity of a client implemented in a validation server.
However, in an analogous art, Hsu discloses verifying validity of a client implemented in a validation server (“Then client 602 (or the authentication module of the client 602) sends the first digest to the server 604a for authentication. Upon receiving the first digest from the client 602, the authentication module (not shown) of the server 604a or the dedicated authentication server 605 retrieves authentication information of the user 601, pre-saved or from a third party, and generates a second digest with the authentication information and the challenge string the client used to generate the first digest. The challenge string may be retrieved by the authentication module (not shown) in the server 604a or may be retrieved by the server 604a and sent to the dedicated authentication server 605 if the dedicated authentication server 605 is in place. The dedicated authentication server 605 (or an authentication module within the server 604a) then authenticates the user 601 by comparing the first digest with the second digest.” -e.g. see, Hsu: [0066]; herein, client authentication is implemented in a dedicated authentication server (i.e., implemented in a validation server)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller with the additional features as taught by Hsu in order to provide a mechanism to expose man-in-middle attacks as suggested by Hsu ([0017]). 

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Miller and Li and further in view of Lea.

As to claim 7, Miller discloses a method for processing at least one IP resource validation request associated with a client domain, …  of said client domain associated with at least one IP resource selected by an access control server from a list of at least one IP resource associated with the client domain, previously transmitted from a client node of said client domain to said access control server (e.g. see, [0127], see also, [0055], [0126]), said method comprising: 
receiving or intercepting said at least one request originating from said access control server, said request comprising a control message (“Once notice of new IP addresses for a service has been received, process 600 calls for confirming the new IP addresses for the web service (operation 608). Confirming the new IP addresses for a service may, for example, be accomplished by interrogating a network endpoint (e.g., a load balancer) for the service regarding the new IP addresses. The service may, for example, place the IP addresses in the load balancer to begin allowing routing to the service. In one embodiment, the worker process may interrogate a network endpoint regarding the new IP address. If the endpoint returns a failure, the worker process may mark an address as not valid. If the network endpoint returns something other than a failure (e.g., a connection establishment), the worker process may mark the IP address as being valid.” -e.g. see, [0127]; herein, a network endpoint (e.g. a load balancer) receives a request from an address auditor (i.e. from an access control server) as a control message; see also, [0126]; which describes a message (i.e. a control message)); 
Miller may not explicitly disclose processing a request implemented in a relay node; transmitting said at least one request to said client node.
However, in an analogous art, Li discloses processing a request implemented in a relay node (Li: “The edge router 135 is illustrative or a receiving edge router through which data may be passed to a proxy service 140 responsible for ensuring received data is properly authenticated prior to allowing received data to be passed to one or more destination storage repositories 145a-n. The proxy service 140 is described in further detail below with reference to FIGS. 2B and 3." -e.g. see, [0022], Fig. 1, edge router 135; herein, “edge router 135” is equivalent to “relay node” which intercepts data passed from a client node (Fig. 1, item 110a) of a client domain (Fig. 1, item 105) to an access control server (Fig. 1, Proxy service 140); Furthermore, edge router 120 of Fig. 1 can also be interpreted as relay node-e.g. see, Li:  [0020], see also, Li: [0045]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was to modify the invention of Miller with the teaching of Li in order to provide a mechanism to authenticate data uploads and data downloads/read requests from sources/requesters not previously designated as trustworthy sources/requesters as suggested by Li (Spec., [0002]).
Neither Miller nor Li explicitly disclose transmitting said at least one request to said client node.
However, in an analogous art, Lea discloses transmitting said at least one request to said client node (Lea: “Continuing with diagram 400, at 410, AR 104.sub.1 sends the RS 110 a registration request message. The registration request message can include the MN 102.sub.1 identifier and the IP address of the AR 104.sub.1 and its lifetime. At 412, the RS 110 sends a registration acknowledgement (ACK) message back to the AR 104.sub.1 including the RAND, RES, and Kc. At 414, the AR 104.sub.1 first retrieve the location information of the assigned IP address and then sends the authentication challenge message RAND to the MN 102.sub.1.” -e.g. see, Lea: [0054], Fig. 4; herein, authentication challenge message is equivalent to a request being transmitted to a MN (mobile node); mobile node is equivalent to a client node).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller and Li as taught by Lea in order to ensures that the mobile node will not travel too far away from its anchor access router (Lea: [0039]). 

As to claim 17, the combination of Miller, Li and Lea disclose the method according to claim 7, wherein a validity period is associated with said list of at least one IP resource associated with the client domain (“Network 100 uses dynamic anchoring where a MN acquires IP addresses dynamically from nearby ARs. Furthermore, a MN in Network 100 keep the same acquired IP address even when it moves into a new cell. The AR from which a MN has acquired its IP address is referred to herein as the MN's anchor AR (aAR). Each time an AR assigns an IP address to a MN, the AR also defines a lifetime for use of the IP address by the MN.” -e.g. see, Lea: [0039]; herein, a lifetime (i.e. validity period) is associated with an IP address (i.e. at least one IP resource) associated with a Network 100 (i.e. client domain); herein each MN (mobile node) corresponds to client node in a Network 100 (i.e. in a client domain); see also, Lea: [0045], [0049]).


Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Miller and Hsu as applied to claims above, and further in view of Lea.

As to claim 9, Miller discloses the method according to claim 8, wherein the validation server previously implements: determining said item of information representative of the identity of said client domain (“address auditor 136 could interrogate the associated network endpoint to determine if the IP addresses are in use. Assuming that the IP addresses exist and are valid, address auditor 136 may update the IP addresses for the service in database 137 and then notify address merger 138.” -e.g. see, [0055], lines 1-6; herein at least one of the addresses associated with a service is selected to be validated).
Neither Miller nor Hsu explicitly disclose transmitting, to said client node, said item of information representative of the identity of the client domain.
However, in an analogous art, Lea discloses transmitting, to said client node, said item of information representative of the identity of the client domain (Lea: “Continuing with diagram 400, at 410, AR 104.sub.1 sends the RS 110 a registration request message. The registration request message can include the MN 102.sub.1 identifier and the IP address of the AR 104.sub.1 and its lifetime. At 412, the RS 110 sends a registration acknowledgement (ACK) message back to the AR 104.sub.1 including the RAND, RES, and Kc. At 414, the AR 104.sub.1 first retrieve the location information of the assigned IP address and then sends the authentication challenge message RAND to the MN 102.sub.1.” -e.g. see, Lea: [0054], Fig. 4; herein, authentication challenge message is equivalent to a request being transmitted to a MN (mobile node); mobile node is equivalent to a client node).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller and Hsu as taught by Lea in order to ensures that the mobile node will not travel too far away from its anchor access router (Lea: [0039]). 

As to claim 18, neither Miller nor Hsu explicitly disclose the method according to claim 8, wherein a validity period is associated with said list of at least one IP resource associated with the client domain.
However, in an analogous art, Lea discloses wherein a validity period is associated with said list of at least one IP resource associated with the client domain (“Network 100 uses dynamic anchoring where a MN acquires IP addresses dynamically from nearby ARs. Furthermore, a MN in Network 100 keep the same acquired IP address even when it moves into a new cell. The AR from which a MN has acquired its IP address is referred to herein as the MN's anchor AR (aAR). Each time an AR assigns an IP address to a MN, the AR also defines a lifetime for use of the IP address by the MN.” -e.g. see, Lea: [0039]; herein, a lifetime (i.e. validity period) is associated with an IP address (i.e. at least one IP resource) associated with a Network 100 (i.e. client domain); herein each MN (mobile node) corresponds to client node in a Network 100 (i.e. in a client domain); see also, Lea: [0045], [0049]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was to modify the teaching of Miller as taught by Lea in order to ensures that the mobile node will not travel too far away from its anchor access router (Lea: [0039]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.


US 2017/0149833 A1-Ngo et al. discloses a standalone network controller may actively send DNS queries to the DNS IP address residing on the access point  (if that device is configured as the DNS server or relay) or receive them from external sources (e.g., from the ISP) and transmit that information to the cloud intelligence engine  for validation of the returned IP address against a whitelist and/or blacklist of IP addresses stored in the cloud intelligence engine. And the standalone network controller may actively scan and probe IP addresses in the network and notify the cloud intelligence engine of any change in the network devices -e.g. see, [0105], Fig. 3 of Ngo.

	US 2016/0173526 A1-Kasman et al. discloses a reverse proxy traffic handler is configured to maintain a list of IP addresses of legitimate and authenticated (or verified) client users' devices (trusted list) such that data traffic originating from a client user's device with an IP address that can be found in these lists will be deemed safe. The list of IP addresses can be stored in the policy database and be loaded into the reverse proxy traffic handler during configuration, on system user's demand, before or during runtime -e.g. see, [0023], [0026], [0027] of Kasman.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495    

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495