DETAILED ACTION
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This Non-Final Office Action is in response to the amendment filed 06/15/2022. 	Claims 1-2, 4-9, 11-15 and 17-21 are pending.
Response to Arguments

2.	Applicant's arguments filed 06/15/2022 have been fully considered but they are moot in consideration of the newly cited reference below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



3.	Claims 1-2, 8-9, 15 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2009/0086977 A1 to Berggren, (hereinafter, “Berggren”) in view of US Pub No. US 2012/0265984 A1 to Ramanujan, (hereinafter, “Ramanujan”).

As per claims 1, 8 and 15, Berggren teaches an apparatus of a Border Gateway Protocol (BGP) network (Berggren, para. [0100] “Software 740 includes programs to be executed on computing device 700 that perform various communications and verification functions…Dynamic Host Configuration Protocol ("DHCP") and Point to Point Protocol ("PPP") may be used for providing network connectivity to user 140. Moreover, depending upon the configuration of central office 164, software 740 may include Routing Information Protocol ("RIP"), Border Gateway Protocol ("BGP")…so that user 140 would have access to Domain Name Services ("DNS").”), a method and one or more computer-readable non-transitory storage media embodying software that is operable, respectively, the apparatus comprising: 
one or more processors (Berggren, para. [0096] “FIG. 6A, network authority 162 is a hardware system (e.g. a computer) at central office 164 and acts as an intermediate agent between certificate authority network 180 and user 140.”); 
a crypo-processor; and one or more computer-readable non-transitory storage media coupled to the one or more processors (Berggren, [0040] “a sender requests 84 for certificate 50 from validation authority 72 is based on identifier 52. Validation authority 72 will then determine whether certificate 50 is present in a certificate storage 90 (non-transitory storage media) as well as whether certificate 50 is still valid.” And para. [0048] “Certificate authority ("CA") system 160 includes a certificate authority 120 (crypto-processor), a certificate authority firewall 170, a secure shell ("SSH") 172, one or more databases 174, a local validation authority 176, a possible backup system 178, and a certificate authority network 180.” And para. [0053] “Secure shell 172 an exemplary interface used by network authority 162 for initiating communications with CA system 160…Secure shell 172 includes client and server connections authenticated by a digital certificate.”) and comprising instructions operable when executed by the one or more processors to cause the one or more processors to perform operations comprising: 
accessing an attestation token for the apparatus (Berggren, para. [0037] “A trust relationship 100 is also provided as part of exemplary certificate 50 (attestation token) so that parties wishing to use certificate 50 may determine the validity, at least based on the information contained therein. A party may verify that each and every trust relationship 100 is intact. That is to say, before using certificate 50, a check of certificate authority relationship 57, and other trust relationships 58 is possible. When a potential user checks a certificate revocation list 76 and the status of each and every listing in trust relationship 100, they should then have faith and trust that certificate 50 is valid.”), wherein: 
the attestation token is generated by the crypto-processor (Berggren, para. [0043] “FIG. 4 shows a trust relationship 100 between a certificate authority 120, a registration authority 130, and a user 140. Certificate authority 120 initially generates certificate 50 (attestation token) and private key 36 upon the request of a user 140.”); and 
the attestation token indicates whether or not the apparatus is in a known safe state (Berggren, para. [0034] “Certificate 50 includes public key 30, an identifier 52, a validity period 54, and a certificate revocation list location 56. Identifier 52 is typically a name of a person, entity, organization, or physical machine.” And para. [0105] “access network connection 166 identifies user 140 and user machine 198 because access network connection 166 is secure and is mapped to a particular user 140.” And para. [0121] “certificate authority 120 may scan user machine 198 to determine if a minimum level of security exists. By scanning user machine 198, certificate authority 120 may determine whether or not a firewall is in place at user machine 198 as well as, for example, virus scanning software. If no protection is in place (known safe state), the delivery of new private key 36 may not be warranted because the system receiving new private key 36 is not secure. In general, the party requesting and receiving a newly issued certificate (e.g. user 140) must appropriately safeguard new private key 36.” And para. [0123] “If all information matches the expected values stored in database(s) 174, certificate authority 120 delivers new certificate 50 and new private key 36 through the VPN connection established by network authority 162.”); 
encoding the attestation token (Berggren, para. [0068] “Validation authority system 168 includes validation authority 72, an external firewall 190, an internal firewall 192, and a Demilitarized Zone Network 194 ("DMZ network"). Validation authority 72 is similar to local validation authority 176 of CA system 160, although validation authority 72 does not have the ability to publish stored records. In operation, validation authority 72 takes requests from users of network 74 for certificates 50 including public key 30. In an example, a user of network 74 may ask for the public certificate of known user 140 so that a message may be encoded to user 140. Moreover, users of network 74 may request a determination as to the validity of certificate 50.”); and 

Berggren teaches all the limitations of claims 1, 8 and 15 above, however fails to explicitly teach but Ramanujan teaches:

In a BGP signaling message (Ramanujan, para. [0073] discloses encoding the attributes of the user for use by the network admission control function. In para. [0091] a crypto –token is used to bind user identification and attributes and para. [0097] discloses a packet to carry the credentials of source node and contain the Internet-based encryption signature of the node in an authentication extension header. In para. [0121] discloses encryption of the crypto –token which includes a unique certificate indicative of an authenticity of source node and user number. Furthermore, para. [0110] discloses implementing network routing protocols such as BGP.) 
sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network (Ramanujan, para. [0078] “a flow admission control protocol controls is a network layer which provides the signaling protocol for admission to network 10. A two-packet handshake protocol builds upon the compact self-attesting credentials mechanism as described above to enable source node 12 to present its cryptographically -signed credentials to destination node 14. Destination node 14, upon verification and examination of the credentials, is configured to respond with a cryptographically -signed admit or reject packet 30 directed to source node 12. In a further embodiment, a trusted network interface at source node 12 generates and processes the signaling messages associated with the flow admission control protocol and filters out packet flow originating from an application on source node 12 that has not been accepted by destination node 14.” And para. [0120] “FIG. 10 is a flowchart for attributing a source of a packet 30 in network 10. A signature is generated (1000) for source node 12 using a private key. Packet 30 is generated (1002) with the signature and source address 52. Packet 30 is authenticated (1004) based on the signature and source address 52. Packet 30 is then transmitted (1006) based on the authentication.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ramanujan’s source attribution into Berggren’s network access, with a motivation for preventing malicious attacks using privacy preserving source node attribution (Ramanujan, para. [0008] and para. [0015]).

As per claims 2 and 9, the combination of Berggren and Ramanujan teaches the apparatus of Claim 1 and the method of claim 8, respectively, wherein the apparatus of the BGP network comprises a router (Ramanujan, para. [0081] “packet 30 may be further configured to carry a routing direction vector that would enable network routers to determine how to forward packet 30 in a manner that scales with the speed and size of the network.” And para. [0082] “This network entity may be either a network user, such as a user of a network-attached computer with the network interface, or an owner, such as the owner of the router containing the network interface.”).
As per claim 21, the combination of Berggren and Ramanujan teaches the apparatus of Claim 1, wherein the attestation token further indicates whether or not valid binary processes are running on the apparatus (Berggren, para. [0127] “FIG. 16 illustrates a flow diagram of validation process 2100 of user identifier 52 and delivery of new certificate 50 and new private key 36. Validation process 2100 begins at step 2110 where user 140 contacts network authority 162 at the web-site location provided by certificate authority 120 in step 2040 above (see FIG. 15).” And para. [0128] In step 2120, network authority 162 performs a self check (valid binary processes) and initiates communication with secure shell 172. Network authority 162 then sends secure shell 172 the validation information. Secure shell 172 verifies the validation information and also checks that network authority 162 has the appropriate network location. Upon successful authentication of network authority 162, secure shell 172 begins a VPN between certificate authority 120 and network authority 162. Network authority 162 now routes traffic from user 140 to certificate authority network 180 by way of the established VPN connection…once user 140 and certificate authority network 180 are connected, user 140 initiates secure communication with certificate authority network 180 (e.g., a SSL connection) such that network authority 162 is not able to snoop on any network traffic between user 140 and certificate authority network 180.”).

4.	Claims 4-7, 11-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Berggren in view of Ramanujan, as disclosed above, in further view of US Pub. No. US 2017/0353430 A1 to Holtmanns, (hereinafter, “Holtmanns”).

As per claims 4, 11 and 17, the combination of Berggren and Ramanujan teach the apparatus of Claim 1, the method of claim 8 and the one or more computer-readable non-transitory storage media of Claim 15, respectively, however fail to explicitly teach but Holtmanns teaches: wherein the BGP signaling message comprises a BGP keepalive message (Holtmans, para. [0118] “BGP systems exchange keep alive messages to determine whether a link or host has failed or is no longer available. Keep alive messages are exchanged often enough so that the hold timer does not expire.” And para. [0119] “these messages are hashed (integrity protected) and signed and optionally include a timestamp to avoid replay attacks, i.e. somebody breaks the peer and sends keep alive messages so that other nodes will still trust this peer.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Holtmanns’s trusted routing between communication network systems into Berggren’s network access and Ramanujan’s privacy preserving source attribution, with a motivation for trusted routing between communication network systems, e.g. boarder gateway protocols (BGPs) (Holtmanns, para. [0001]).

As per claims 5, 12 and 18, the combination of Berggren, Ramanujan and Holtmanns teaches the apparatus of Claim 4, the method of claim 8 and the one or more computer-readable non-transitory storage media of Claim 15, respectively, wherein encoding the attestation token in the BGP signaling message comprises appending the attestation token to the BGP keepalive message after a type field of the BGP keepalive message (Holtmanns, para. [0045] “the update message and the keep alive message may be integrity protected and signed, or individual fields of the respective message and the integrity protected message may be signed.”  And para. [0077] “FIG. 3, in addition to a fixed-size BGP header, a BGP Open Message contains the following fields: [0078] BGP protocol Version (currently v4) [0079] Local AS number (logical system name) [0080] Hold time (proposed hold time value, needed for keep-alive purposes) [0081] BGP identifier (IP address of the logical BGP system) [0082] In this field also router Id statements can be added under the routing options. The IP address of the first interface found is the default address. [0083] Optional Parameter field length and parameter. [0084] According to the implementation example of the invention, the optional parameter field illustrated in FIG. 3 is used to provide AS security information. That is, the Open message is hashed and signed e.g. using CMS (cryptographic message syntax), and a certificate is attached to the optional parameter field.” And para. [0097] “For example, the whole AS_Path attribute is signed (or the hash thereof is signed) or that all attributes (or the hash thereof) is signed with the key belonging to the AS sending this information. The AS_Path may also contain information on the trustworthiness of each hop, i.e. a signature of that part of the table. Example: [0098] IP of AS_1 [0099] IP of AS_2 [0100] IP of AS_3 [0101] IP of AS_4 [0102] Signature on whole by AS_1; this is mandatory, but can also be done on message level. However, then the information is not reusable for forwarding. [0103] Signature of AS_3 on AS_3 and AS_4 with info which fields are signed.”).

As per claims 6, 13 and 19, the combination of Berggren and Ramanujan teach the apparatus of Claim 1, the method of claim 8 and the one or more computer-readable non-transitory storage media of Claim 15, respectively, however fail to explicitly teach but Holtmanns teaches: wherein the BGP signaling message comprises a BGP update message (Holtmanns, para. [0037] “the apparatus of the communication network system receives an update message from the other communication network system, which transfers information on reachability between communication network systems, the update message including first path information (e.g. in a path attribute ORIGIN) from the other communication network system”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Holtmanns’s trusted routing between communication network systems into Berggren’s network access and Ramanujan’s privacy preserving source attribution, with a motivation for trusted routing between communication network systems, e.g. boarder gateway protocols (BGPs) (Holtmanns, para. [0001]).
As per claims 7, 14 and 20, the combination of Berggren, Ramanujan and Holtmanns teaches the apparatus of Claim 6, the method of claim 13 and the one or more computer-readable non-transitory storage media of Claim 19, respectively, wherein encoding the attestation token in the BGP signaling message comprises appending the attestation token to the BGP update message in an attribute field of the BGP update message (Holtmanns, para. [0045] “the update message and the keep alive message may be integrity protected and signed, or individual fields of the respective message and the integrity protected message may be signed.”  And para. [0077] “FIG. 3, in addition to a fixed-size BGP header, a BGP Open Message contains the following fields: [0078] BGP protocol Version (currently v4) [0079] Local AS number (logical system name) [0080] Hold time (proposed hold time value, needed for keep-alive purposes) [0081] BGP identifier (IP address of the logical BGP system) [0082] In this field also router Id statements can be added under the routing options. The IP address of the first interface found is the default address. [0083] Optional Parameter field length and parameter. [0084] According to the implementation example of the invention, the optional parameter field illustrated in FIG. 3 is used to provide AS security information. That is, the Open message is hashed and signed e.g. using CMS (cryptographic message syntax), and a certificate is attached to the optional parameter field.” And para. [0097] “For example, the whole AS_Path attribute is signed (or the hash thereof is signed) or that all attributes (or the hash thereof) is signed with the key belonging to the AS sending this information. The AS_Path may also contain information on the trustworthiness of each hop, i.e. a signature of that part of the table. Example: [0098] IP of AS_1 [0099] IP of AS_2 [0100] IP of AS_3 [0101] IP of AS_4 [0102] Signature on whole by AS_1; this is mandatory, but can also be done on message level. However, then the information is not reusable for forwarding. [0103] Signature of AS_3 on AS_3 and AS_4 with info which fields are signed.”).
Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 9654503 B1 – Systems and methods for evaluating networks.
US 20140115325 A1 – Multi-tenant encrypted virtual networks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437           

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437