DETAILED ACTION
This office action is in response to the amendments filed on 11/16/2022.
Claims 1, 3-9, 11-17, 19-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 regarding the 35 USC 102 and 103 rejections filed in Remarks on 11/16/2022 pg.7-9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant further argues in essence:
[a] “Rather, Eronen discloses a method for "delivering certificates in a communication system using Extensible Authentication Protocol (EAP)." Eronen, Abstract. While the "AAA server 332 comprises also an authentication entity 338, which performs the normal authentication related tasks and performs application protocol layer related tasks in communicating with AAA proxy 316 and HLR 334," Eronen fails to disclose that "one or more extensible authentication protocol messages are based on a Diameter message format enhanced with a Canary stamp modified to include additional Attribute Value Pairs associated with attestation information," and "verifying, by the first node, whether the second node is authentic and trustworthy based on the attestation information prior to the first node connecting to the second node using a Diameter protocol," as is recited in amended claim 1. Eronen, [0070]. Withdrawal of the rejection is respectfully requested. 
Accordingly, Eronen fails to disclose each and every recited feature of independent claim 1. Independent claims 9 and 17 recite similar features and are allowable for at least the same or similar reasons. The dependent claims which depend from independent claims 1, 8, and 15 are allowable at least by virtue of their dependency from a believed-allowable independent claim.” and further, Prakash does not remedy the deficiencies of Eronen.
In response to [a], Examiner relies upon a new reference to teach the Canary stamp, however still relies upon Eronen a portion of the new limitations.
Eronen discloses one or more extensible authentication protocol messages are based on a Diameter message format,(Eronen: para.0007 “With WLAN 110 is also associated an Authentication, Authorization and Accounting (AAA) proxy 116. AAA proxy communicates with gateway 114 using, for example, RADIUS (Remote Authentication Dial-In User Service) or DIAMETER (Diameter Base Protocol) protocols. RADIUS protocol is defined in the IETF document RFC 2865 and DIAMETER protocol in RFC 3588.” para.0073 “Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet.”)and 
verifying, by the first node, whether the second node is authentic and trustworthy based on the attestation information prior to the first node connecting to the second node using a Diameter protocol,( Eronen: para.0082, “At time t5 after the receiving of message 413 authentication entity 338 in AAA server 332 verifies the MAC value using MSK. Authentication entity 338 also compares the provided RES value to the XRES value in the current authentication vector, namely the authentication vector from which corresponding RAND value was earlier sent by AAA server 332. If the comparison proves successful, authentication entity 338 sends an EAP Success message to AAA proxy 316 as illustrated with arrow 414. “ the EAP response information is used to verify the second node using attestation information from the node, for example by using the authentication vector.  Upon verification in step 413-414 of Fig. 4, the security association step initiated in para.0072 step 401 is concluded, and connected.)
Eronen clearly teaches diameter protocol EAP messages, and determines authenticity and trustworthiness using information from the EAP response as seen above.  
Eronen is not relied upon for the remaining limitations, enhanced with a Canary stamp modified to include additional Attribute Value Pairs associated with attestation information.

[b] Dependent claims are allowable because they depend on allowable independent claims.
In response to [b], each independent claim remains rejection in final rejection, therefore this argument does not apply.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3, 7-9, 11, 15-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Eronen et al. (hereinafter Eronen, US 2006/0253703 A1) in view of Yau (US 10,277,576 B1).

Regarding Claim 1, Eronen discloses A method comprising: 
receiving, at a first node (Eronen: Fig. 4 AAA server 332), one or more extensible authentication protocol messages (Eronen: para.0081 “Security entity 304 sends the message as illustrated with arrow 411. The message is further sent by gateway 314 to AAA proxy 316 and by AAA proxy 316 to AAA server 332 as illustrated with arrows 412 and 413.” para.0073 “In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message, algorithms proposed by mobile node 300 for authentication and a traffic specification, which provides information on source and destination IP addresses for the security association. The message is illustrated with arrow 403. Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet. … AAA proxy 316 sends EAP Response/Identity message to AAA server 332 as illustrated with arrow 405. Authentication entity 338 in AAA server 332 receives the EAP Response/Identity message.” a plurality of EAP messages are sent from the MN 300 via Gateway 314 to the AAA server) from a second node (Eronen: Fig. 4 MN 300, it can be seen in Fig. 3 that device 300 contains 302 and 304.), 
the first node and the second node including network devices within a network (Eronen: Fig. 3, it can be seen that node 332 and node 300 are configured to communicate via both intranet 320 and WLAN 310.); 
and the one or more extensible authentication protocol messages are based on a Diameter message format (Eronen: para.0007 “With WLAN 110 is also associated an Authentication, Authorization and Accounting (AAA) proxy 116. AAA proxy communicates with gateway 114 using, for example, RADIUS (Remote Authentication Dial-In User Service) or DIAMETER (Diameter Base Protocol) protocols. RADIUS protocol is defined in the IETF document RFC 2865 and DIAMETER protocol in RFC 3588.” para.0073 “Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet.”)
obtaining, by the first node, the attestation information from the one or more extensible authentication protocol messages (Eronen: para.0080 “Security entity 304 computes its Master Session Key (MSK) using at least the RAND value. In one embodiment of the invention, security entity 304 computes IK and CK values using the secret K, and thereafter from IK and CK values the MSK. Security entity 304 verifies the MAC value in message 410 using the MSK. Correct MAC value proves that the at least one CA certificate originate from AAA server 332, which has obtained correct authentication vectors from HLR 334.” and para.0081 “Security entity 304 computes a RES value using the secret key K shared by it and HLR 334. Security entity 304 includes the RES value in an EAP Response message. The message is protected using the MAC value, which is generated using a secure hash algorithm with the MSK as the key.” para.0082 “At time t5 after the receiving of message 413 authentication entity 338 in AAA server 332 verifies the MAC value using MSK.” it can be seen in fig. 4, that the EAP response in step 411 contains the RES and MAC, both of which are attestation information, and it obtained by the AAA server and verified.); and 
verifying, by the first node, whether the second node is authentic and trustworthy based on the attestation information prior to the first node connecting to the second node using a diameter protocol (Eronen: para.0082 “Authentication entity 338 also compares the provided RES value to the XRES value in the current authentication vector, namely the authentication vector from which corresponding RAND value was earlier sent by AAA server 332. If the comparison proves successful, authentication entity 338 sends an EAP Success message to AAA proxy 316 as illustrated with arrow 414.” AAA server verifies the node 300 using the RES and MAC values, thereby determining the node is authentic, and in returns sends an EAP success message.  A node determined to be authentic is also trustworthy, and after which the connection is made, and the EAP success message is returned.  Upon verification in step 413-414 of Fig. 4, the security association step initiated in para.0072 step 401 is concluded, and connected.).
However Eronen does not explicitly disclose and the one or more extensible authentication protocol messages are based on a Diameter message format enhanced with a Canary stamp modified to include additional Attribute Value Pairs associated with attestation information.
Yau discloses a Diameter message format enhanced with a Canary stamp (Yau: col.8 line 11-12 “Digital signature—an encrypted hash result that is transmitted within a Diameter message.” A signature sent with the diameter message is a canary stamp. Examiner notes that in specification of this application para.0050 discloses “A canary stamp can indicate or otherwise include a signed measurement associated with a device for verifying trustworthiness of the device. In turn, such measurements can be referred to as canary stamps because each signed measurement is like a stamp proving its authenticity, and like a canary in a coal mine that indicates an early sign of trouble.” a Canary stamp is a name of some type of signature or value that is used to determine trustworthiness of a device.  Therefore, a signature as seen above is a Canary stamp. ) 
modified to include additional Attribute Value Pairs associated with attestation information (Yau: “Request message 14 has an encrypted signature 18 to protect integrity and ensure authenticity….When sending message 14, Diameter client 12 generates electronic encrypted signature 18 by performing the following steps. First, Diameter client 12 executes a hashing algorithm to find a hash result 20 of message 14, or of predefined message AVPs. …) In other embodiments, different AVPs may be used as inputs into the hash algorithm without deviating from the principles of the invention…. The Diameter client 12 generates signature 18 by encrypting the hash result 20 using a private key 22.” the diameter message includes a signature, the canary stamp, that is generated by using a hashing algorithm on a set of AVPs and encrypting the result.  it can be seen in col.3 line 65-col.4 line 6 that the signature is received with the message 14, and decrypted.  Col.8 line 1-4 “Attribute Value Pair (AVP)—a part of a Diameter message used to encapsulate routing, authentication, authorization, and accounting information.” the AVP in Yau is defined to be information to authentication and authorization thereby associated to attestation information).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Eronen with Yau in order to incorporate a Diameter message format enhanced with a Canary stamp modified to include additional Attribute Value Pairs associated with attestation information, and apply this technique to the extensible authentication protocol messages using diameter protocol of Eronen.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved security while using diameter protocol (Yau: col.1 lines 34-51).

Regarding Claim 3, Eronen- Yau discloses claim 1 as set forth above.
Eronen further discloses wherein the first node (Eronen: Fig. 4 AAA server 332)  is a Diameter server and the second node (Eronen: Fig. 4 MN 300, it can be seen in Fig. 3 that device 300 contains 302 and 304.) is a Diameter client (Eronen: para.0007 “With WLAN 110 is also associated an Authentication, Authorization and Accounting (AAA) proxy 116. AAA proxy communicates with gateway 114 using, for example, RADIUS (Remote Authentication Dial-In User Service) or DIAMETER (Diameter Base Protocol) protocols. RADIUS protocol is defined in the IETF document RFC 2865 and DIAMETER protocol in RFC 3588.” para.0073 “Gateway 314 sends an EAP Response/Identity message comprising MS-Id to AAA proxy 316, which is encapsulated, for example, in a DIAMETER packet.” the server and client devices communicate using DIAMETER protocol, and are therefore a diameter server and a diameter client respectively.), 
or the first node is the Diameter client and the second node is the Diameter server.

Regarding Claim 7 Eronen-Yau discloses claim 1 as set forth above.
Eronen further discloses wherein the one or more extensible authentication protocol messages include one or more of a Trust Information Request (TIR) or a Trust Information Answer (TIA) (Examiner notes that in para.0123 of applicant spec, a TIR or a TIA is just a request or answer of attestation information, as canary stamp and fingerprint information is provided as examples and these are listed as attestation information in claim 8.  It can be seen in the EAP request and EAP answer in Fig. 4 in steps 410 and 411, it contains RAND, AUTN, CA cert, MAC, and the response contains RES and MAC values, all of which are trust information answers, and the EAP request itself is a request for this trust information.  Secondly, the EAP response 404 contains MS-id value in step 404 in Fig. 4, para.0073 ” In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message” the MS-id value identifies the sender, i.e MN 300, and it is used to authenticate the device, thereby a trust information answer.).

Regarding Claim 8, Eronen-Yau discloses claim 1 as set forth above
 Eronen further discloses wherein the attestation information comprises Proof of Integrity based on one or more of a Canary stamp or a hardware fingerprint comprising Proof of Freshness of the one or more extensible authentication protocol messages, a device identifier of the second node (Eronen: the EAP response 404 contains MS-id value in step 404 in Fig. 4, para.0073 ” In IKE authentication phase security entity 304 sends IKE_AUTH message comprising mobile node 300 identity MS-Id, a value that authenticates mobile node 300 and verifies that mobile node 300 was the sender of the earlier IKE_SA_INIT message” the MS-id value identifies the sender, i.e MN 300, and it is used to authenticate the device), or an attestation key.

Regarding Claims 9, 11, 15-16 they list all of the same steps as claims 1, 3, 7-8 but in A system comprising: one or more processors; and a non-transitory computer-readable storage medium containing instructions which, when executed on the one or more processors, cause the one or more processors to perform operations including (Eronen: para.0051-para.0052).  Therefore the supporting rationale for the rejection of claims 1, 3, 7-8 apply equally as well to claims 9, 11, 15-16.

Regarding Claims 17 and 20 they list all of the same steps as claims 1 and 7, but in a A non-transitory machine-readable storage medium, including instructions configured to cause a data processing apparatus to perform operations, the operations including (Eronen: para.0051-para.0052).  Therefore the supporting rationale for the rejection of claims 1 and 7 apply equally as well to claims 17 and 20.

Claim(s) 4-6, 12-14, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Eronen et al. (hereinafter Eronen, US 2006/0253703 A1) in view of Yau (US 10,277,576 B1) in view of Prakash et al. (hereinafter Prakash, US 2014/0304415 A1).

Regarding Claim 4, Eronen- Yau discloses claim 1 as set forth above.
However Eronen- Yau does not explicitly disclose wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA).
Prakash discloses wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address.” para.0273 “The handshake module 710 may then receive a CEA from server 106, which the handshake module 710 can modify and then forward to diameter client 702.” the diameter messages consist of a CER or a CEA).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen- Yau with Prakash in order to incorporate wherein the one or more extensible authentication protocol messages include one or more of a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) which is a type of Diameter messaging as seen in para.0262 and para.0273of Prakash into Eronen that communicates using Diameter protocol.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claim 5, Eronen-Yau-Prakash discloses claim 4  as set forth above.
However Eronen- Yau does not explicitly disclose wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs.
Prakash discloses wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address. In another example, an AVP can include a Session-ID. In some embodiments, one or more diameter messages received by the intermediary device can include an AVP. In some embodiments, each message includes an AVP.” The CER/CEA messages include Attribute value pairs, such as session ID or ip addresses that identify the sender.  Identify information can be used as attestation information.).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen-Yau with Prakash in order to incorporate wherein the attestation information is obtained from one or more fields of the CER or the CEA, the one or more fields comprising one or more Attribute Value Pairs.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claim 6 Eronen-Yau-Prakash discloses claim 4 as set forth above.
However Eronen-Yau does not explicitly disclose wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA, the combination of the one or more fields comprising a tuple.
Prakash discloses wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA (Prakash: para.0262 “Diameter messages may include or be composed of command codes that can include a set of attribute value pairs ("AVPs"). For example, a command code for a Capabilities-Exchange-Request ("CER") can include AVPs Origin-Host and Host-IP-Address. In another example, an AVP can include a Session-ID. In some embodiments, one or more diameter messages received by the intermediary device can include an AVP. In some embodiments, each message includes an AVP.” The CER/CEA messages include Attribute value pairs, such as session ID or ip addresses that identify the sender.  Identify information can be used as attestation information.),
the combination of the one or more fields comprising a tuple (Prakash: para.0326 “An AVP may represent data as a tuple &lt;attribute name, value&gt;, where each element is an attribute-value pair. In some embodiments, the AVP may include other types of data structures such as &lt;type-length-value&gt; triples. For example, the message may include an attribute Origin-Host and a corresponding value. The intermediary device may match this attribute and value with a persistent server connection. If the intermediary device, such as via a load balancer, identifies a matching persistent connection, the intermediary device may forward the received diameter message to the corresponding matching server (758).” AVP information can be structured as a tuple.).
Therefore it would have been obvious to one of ordinary skill in the art to combine Eronen-Yau with Prakash in order to incorporate wherein the attestation information is obtained from a combination of one or more fields of the CER or the CEA, the combination of the one or more fields comprising a tuple.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of effective communication using diameter based communication such as CER and CEA when establishing connection between client and server (Prakash: para.0262 and para.0273).

Regarding Claims 12-14 and 19, they do not teach nor further define over the limitations of claims 4-6, therefore the rationale for the rejections to claims 4-6 apply equally as well to claims 12-14 and 19.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Sharaga et al. US 2016/0182499 A1 see fig. 4a-4b and para.0053 that shows using attestation information to generate a trusted connection.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EUI H KIM whose telephone number is (571)272-8133. The examiner can normally be reached 7:30-5 M-R, M-F alternating.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 5712725863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EUI H KIM/               Examiner, Art Unit 2453                                                                                                                                                                                         
/KAMAL B DIVECHA/             Supervisory Patent Examiner, Art Unit 2453