DEVICE ZONING IN A NETWORK GATEWAY DEVICE

§103 §DP

DETAILED ACTION The non-final office action is responsive to the RCE request filed on 12/10/2025. Claims 1-10, 24-33 are pending; claims 1-10, 24-33 are rejected. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/10/2025 has been entered. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 24, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2016/0037386 A1 to Pitchaiah et al. (hereinafter Pitchaiah) in view of U.S. Patent 7,774,498 B1 to Kraemer et al. (hereinafter Kraemer) and U.S. Patent Application Publication 2015/0222656 A1 to Haugsnes (hereinafter Haugsnes). As to claim 1, Pitchaiah teaches a computer-implemented method performed at a network gateway device (Techniques are described for controlling the data rate of individual or groups of client devices in a network such as a Wireless Local Area Network (WLAN), Pitchaiah, Abstract), comprising: generating multiple device zones in a local area network of the network gateway (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone) measuring a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4), and wherein the multiple device zones are generated based on customized attributes determined network management service at least based on the network bandwidth usage (The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068]). Pitchaiah does not explicitly disclose wherein the local area network is remotely managed by an external network management service Haugsnes discloses a network is remotely managed by an external network management service (Managed services have also arisen where the enterprise can contract a third party company to provide network management services, where the third party company remotely interfaces with the enterprise's security equipment or has personnel stationed on the enterprise's site to manage that security equipment, Haugsnes, [0003]. Note the rejection relies on “the third party company remotely interfaces with the enterprise's security equipment”). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to outsource IT security management as taught by Haugsnes to modify the method of Pitchaiah in order to enable network security providers to share experience or data regarding risks (including sources of questionable or offensive data, viruses, programs and sources of directed attacks). Furthermore, Pitchaiah-Haugsnes does not explicitly disclose assigning a first computing device to a first-device zone based upon on one or more parameters of the first computing device. Kraemer discloses assigning a first computing device to a first-device zone based upon one or more parameters of the first computing device (NAC ensures that every endpoint complies with network security policies before being granted network access. NAC program participants are typically leading security vendors in antivirus software and desktop management. NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: Kraemer discloses two areas or zones - a quarantined area to allow “noncompliant endpoints to be denied access, placed in a quarantined area” and a non-quarantined area “to ensure that only trusted users and devices adhering to corporate security policy can connect to an organization's network and send and receive data” in cited paragraphs. Compliance of endpoints (compliant or noncompliant endpoints) reads on one or more parameters of the first computing device and non-quarantined area reads on claimed a first-device zone). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to provide policies based on device profile as taught by Kraemer to modify the method of Pitchaiah-Haugsnes in order to ensure networks are designed to resist both external and internal attacks, and can recover quickly in the event an attack is launched. Pitchaiah-Kraemer-Haugsnes discloses wherein the one or more parameters of the first computing device includes a hardware-related parameter (type of device, location of device, priority of access, or type of access to the network (e.g., wired or wireless link), Pitchaiah, [0039]-[0046], [0065]-[0068]) and a software-related parameter (NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15); reassigning the first computing device to at least one device zone based a current measurement of the network bandwidth usage associated with the at least one device zone (the client device 110-n may transmit at least one packet to the AP 105-e at the default group data rate before the client device 110-n is assigned to a the first group, such as at 440. To enable communications with the client device 110-n before assigning it to a more permanent group of client devices, the AP 105-e may set the default group data rate lower than the maximum available bandwidth the network may allow. In particular, the AP 105-e may set the default group data rate low enough to allow multiple devices to join the network concurrently without causing any disruption in service to the other client devices 110-l, 110-m of the network. In other cases, the AP 105-e may set each group data rate to use all the available network bandwidth, such as to maximize communication performance and throughput for all the associated client devices 110-l, 110-m. The AP 105-e may, in this scenario, reorganize the grouping of at least one associated client device when a new client device 110-n joins the network, in order to avoid a significant drop in service for the associated client devices 110-l, 110-m, Pitchaiah, [0057]-[0064], Fig. 4-6. In view of Kraemer), wherein the at least one device zone has a specific set of network access privileges (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0057]-[0064], Fig. 4-6; In view of Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data is privilege), wherein the specific set of the network access privileges is determined based on a characteristic of the first computing device itself (Pitchaiah, [0057]-[0064], Fig. 4-6; also in Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data depends on whether the device is infected by malware or not as disclosed by Kraemer). As to claim 2, Pitchaiah-Kraemer-Haugsnes discloses the computer-implemented method of claim 1, further comprising: extracting the one or more parameters of the first computing device, wherein the one or more parameters include a software related parameter or a hardware related parameter of the first computing device (type of device, location of device, priority of access, or type of access to the network (e.g., wired or wireless link), Pitchaiah, [0039]-[0046], [0065]-[0068]; also in Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15). As to claim 24, Pitchaiah teaches a non-transitory computer-readable storage medium storing computer-readable instructions (memory 1025 may store computer-readable, computer-executable software 1030 containing instructions that, when executed, cause the processor 1020 to perform various functions described herein, Pitchaiah, [0103]), comprising: instructions for generating multiple device zones in a local area network of a network gateway device (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone) instructions for measuring a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4)), and wherein the multiple device zones are generated based on customized attributes determined network management service at least based on the network bandwidth usage (The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068]). Pitchaiah does not explicitly disclose wherein the local area network is remotely managed by an external network management service Haugsnes discloses a network is remotely managed by an external network management service (Managed services have also arisen where the enterprise can contract a third party company to provide network management services, where the third party company remotely interfaces with the enterprise's security equipment or has personnel stationed on the enterprise's site to manage that security equipment, Haugsnes, [0003]. Note the rejection relies on “the third party company remotely interfaces with the enterprise's security equipment”). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to outsource IT security management as taught by Haugsnes to modify the non-transitory computer-readable storage medium of Pitchaiah in order to enable network security providers to share experience or data regarding risks (including sources of questionable or offensive data, viruses, programs and sources of directed attacks). Furthermore, Pitchaiah-Haugsnes does not explicitly disclose instructions for assigning a first computing device to a first-device zone based upon one or more parameters of the first computing device. Kraemer discloses assigning a first computing device to a first-device zone based upon one or more parameters of the first computing device (NAC ensures that every endpoint complies with network security policies before being granted network access. NAC program participants are typically leading security vendors in antivirus software and desktop management. NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: Kraemer discloses two areas or zones - a quarantined area to allow “noncompliant endpoints to be denied access, placed in a quarantined area” and a non-quarantined area “to ensure that only trusted users and devices adhering to corporate security policy can connect to an organization's network and send and receive data” in cited paragraphs. Compliance of endpoints (compliant or noncompliant endpoints) reads on one or more parameters of the first computing device and non-quarantined area reads on claimed a first-device zone). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to provide policies based on device profile as taught by Kraemer to modify the non-transitory computer-readable storage medium of Pitchaiah-Haugsnes in order to ensure networks are designed to resist both external and internal attacks, and can recover quickly in the event an attack is launched. Pitchaiah-Kraemer-Haugsnes discloses wherein the one or more parameters of the first computing device includes a hardware-related parameter (type of device, location of device, priority of access, or type of access to the network (e.g., wired or wireless link), Pitchaiah, [0039]-[0046], [0065]-[0068]) and a software-related parameter (NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15); instructions for reassigning the first computing device to at least one of the device zone based on a current measurement of the network bandwidth usage associated with the at least one device zone (the client device 110-n may transmit at least one packet to the AP 105-e at the default group data rate before the client device 110-n is assigned to a the first group, such as at 440. To enable communications with the client device 110-n before assigning it to a more permanent group of client devices, the AP 105-e may set the default group data rate lower than the maximum available bandwidth the network may allow. In particular, the AP 105-e may set the default group data rate low enough to allow multiple devices to join the network concurrently without causing any disruption in service to the other client devices 110-l, 110-m of the network. In other cases, the AP 105-e may set each group data rate to use all the available network bandwidth, such as to maximize communication performance and throughput for all the associated client devices 110-l, 110-m. The AP 105-e may, in this scenario, reorganize the grouping of at least one associated client device when a new client device 110-n joins the network, in order to avoid a significant drop in service for the associated client devices 110-l, 110-m, Pitchaiah, [0057]-[0064], Fig. 4-6. In view of Kraemer), wherein the at least one device zone has a specific set of network access privileges (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0057]-[0064], Fig. 4-6; In view of Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data is privilege), wherein the specific set of the network access privileges is determined based on a characteristic of the first computing device itself (Pitchaiah, [0057]-[0064], Fig. 4-6; also in Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data depends on whether the device is infected by malware or not as disclosed by Kraemer). As to claim 32, Pitchaiah teaches a system for managing device zones, comprising: a memory configured to store non-transitory computer readable instructions (memory 1025 may store computer-readable, computer-executable software 1030 containing instructions that, when executed, cause the processor 1020 to perform various functions described herein, Pitchaiah, [0102]-[0103]); and a processor communicatively coupled to the memory (a processor 1020, Pitchaiah, [0102]-[0103]), wherein the processor, when executing the non-transitory computer readable instructions, is configured to: generate multiple device zones in a local area network of a network gateway device (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone), measure a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4), and wherein the multiple device zones are generated based on customized attributes determined network management service at least based on the network bandwidth usage (The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0046], [0065]-[0068]). Pitchaiah does not explicitly disclose wherein the local area network is remotely managed by an external network management service Haugsnes discloses a network is remotely managed by an external network management service (Managed services have also arisen where the enterprise can contract a third party company to provide network management services, where the third party company remotely interfaces with the enterprise's security equipment or has personnel stationed on the enterprise's site to manage that security equipment, Haugsnes, [0003]. Note the rejection relies on “the third party company remotely interfaces with the enterprise's security equipment”). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to outsource IT security management as taught by Haugsnes to modify the system of Pitchaiah in order to enable network security providers to share experience or data regarding risks (including sources of questionable or offensive data, viruses, programs and sources of directed attacks). Furthermore, Pitchaiah-Haugsnes does not explicitly disclose to assign a first computing device to a first-device zone based upon one or more parameters of the first computing device. Kraemer discloses assigning a first computing device to a first-device zone based upon one or more parameters of the first computing device (NAC ensures that every endpoint complies with network security policies before being granted network access. NAC program participants are typically leading security vendors in antivirus software and desktop management. NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: Kraemer discloses two areas or zones - a quarantined area to allow “noncompliant endpoints to be denied access, placed in a quarantined area” and a non-quarantined area “to ensure that only trusted users and devices adhering to corporate security policy can connect to an organization's network and send and receive data” in cited paragraphs. Compliance of endpoints (compliant or noncompliant endpoints) reads on one or more parameters of the first computing device and non-quarantined area reads on claimed a first-device zone). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to provide policies based on device profile as taught by Kraemer to modify the system of Pitchaiah-Haugsnes in order to ensure networks are designed to resist both external and internal attacks, and can recover quickly in the event an attack is launched. Pitchaiah-Kraemer-Haugsnes discloses wherein the one or more parameters of the first computing device includes a hardware-related parameter (type of device, location of device, priority of access, or type of access to the network (e.g., wired or wireless link), Pitchaiah, [0039]-[0046], [0065]-[0068]) and a software-related parameter (NAC allows noncompliant endpoints to be denied access, placed in a quarantined area, or given restricted access to resources. The NAC approach allows network switching devices to implement a threat defense system according to the corporate security policy, Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15); reassign the first computing device to at least one device zone based on a current measurement of the network bandwidth usage associated with the at least one device zone (the client device 110-n may transmit at least one packet to the AP 105-e at the default group data rate before the client device 110-n is assigned to a the first group, such as at 440. To enable communications with the client device 110-n before assigning it to a more permanent group of client devices, the AP 105-e may set the default group data rate lower than the maximum available bandwidth the network may allow. In particular, the AP 105-e may set the default group data rate low enough to allow multiple devices to join the network concurrently without causing any disruption in service to the other client devices 110-l, 110-m of the network. In other cases, the AP 105-e may set each group data rate to use all the available network bandwidth, such as to maximize communication performance and throughput for all the associated client devices 110-l, 110-m. The AP 105-e may, in this scenario, reorganize the grouping of at least one associated client device when a new client device 110-n joins the network, in order to avoid a significant drop in service for the associated client devices 110-l, 110-m, Pitchaiah, [0057]-[0064], Fig. 4-6. In view of Kraemer), wherein the at least one device zone has a specific set of network access privileges (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0057]-[0064], Fig. 4-6; In view of Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data is privilege), wherein the specific set of the network access privileges is determined based on a characteristic of the first computing device itself (Pitchaiah, [0057]-[0064], Fig. 4-6; also in Kraemer, Col. 1, Line 66 to Col. 2, line 25, Col 6, Line 52 – Col. 7, Line 15. Note: accessing data depends on whether the device is infected by malware or not as disclosed by Kraemer). Claims 3-4, 6-10, and 25-31 are rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by Kraemer and Haugsnes as applied to claims 2, 24, and 32 above, and further in view of U.S. Patent Application Publication 2007/0011725 A1 to Sahay et al. (hereinafter Sahay). As to claim 3, Pitchaiah-Kraemer-Haugsnes substantially discloses a computer-implemented method as set forth in claim 2 above. Pitchaiah-Kraemer-Haugsnes does not explicitly disclose assigning the first computing device to a new device zone in an event the first computing device is not in a known-devices list, wherein the new device zone restricts the first computing device from accessing other resources in the local area network while providing limited access to the external network. Sahay discloses assigning a first computing device to a new device zone in an event the first computing device is not in a known-devices list, wherein the new device zone restricts the first computing device from accessing other resources in local area network while providing limited access to external network (Sahay, [0042]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-Kraemer-Haugsnes in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network. As to claim 4, Pitchaiah-Kraemer-Haugsnes-Sahay discloses the computer-implemented method of claim 3 further comprising: determining the type of the first computing device based on the one or more parameters (the information may include priority of access information, such as a type of the client device 110 (e.g., mobile device or phone, tablet, laptop, etc.), a level of priority associated with the client device 110, minimum data requirements of the client device 110, etc. The AP 105-a may gather or access this information and group the client devices 110 and manage traffic in the network 200, Pitchaiah, [0039]-[0046], [0065]-[0068]; Sahay, [0042], [0046]); and assigning the first computing device from the new device zone to one of the multiple device zones based on the type of the first computing device (Pitchaiah, [0039]-[0046], [0065]-[0068]; Sahay, [0042], [0046]), wherein the first device type includes a personal-computer (PC) type , and wherein the second type includes an Internet of Things (IoT) type (such as a type of the client device 110 (e.g., mobile device or phone, tablet, laptop, etc.), Pitchaiah, [0039]-[0046], [0065]-[0068], Note: laptop reads on claimed PC while others read on IoT; Sahay, [0042], [0046]). As to claim 6, Pitchaiah-Kraemer-Haugsnes-Sahay discloses the computer-implemented method of claim 3, wherein providing the limited access to the external network includes limiting an available network bandwidth to the first computing device (Pitchaiah, [0059]). As to claim 7, Pitchaiah-Kraemer-Haugsnes-Sahay discloses the computer-implemented method of claim 4, wherein assigning the first computing device to one of the device zones includes assigning the first computing device to a PC zone if the first computing device is of a personal computer type, wherein the PC zone allows the first computing device to access other computing devices in the PC zone, at least some other resources in the local area network, and the external network (Sahay, [0041]-[0043], [0031]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-Kraemer-Haugsnes-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network. As to claim 8, Pitchaiah-Kraemer-Haugsnes-Sahay discloses the computer-implemented method of claim 4, wherein assigning the first computing device to one of the device zones includes assigning the first computing device to a mobile device zone if the first computing device is of a mobile device type, wherein the mobile device zone allows the first computing device to access the external network while restricting the first computing device from accessing other resources in the local area network other than a portion of the data storage system (Sahay, [0046], [0041]-[0043], [0031]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-Kraemer-Haugsnes-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network. As to claim 9, Pitchaiah-Kraemer-Haugsnes substantially discloses a computer-implemented method as set forth in claim 2 above. Pitchaiah-Kraemer-Haugsnes does not explicitly disclose determining from the one or more parameters that the first computing device failed an integrity or a security check, and moving the first computing device to a timeout zone, wherein the timeout zone restricts the first computing device from accessing other resources in the local area network while permitting limited access to the external network. Sahay discloses determining from one or more parameters that a first computing device failed an integrity or a security check, and moving the first computing device to a timeout zone, wherein the timeout zone restricts the first computing device from accessing other resources in local area network while permitting limited access to external network (Sahay, [0041]-[0042]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-Kraemer-Haugsnes in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network. As to claim 10, Pitchaiah-Kraemer-Haugsnes-Sahay discloses the computer-implemented method of claim 9 further comprising: generating an alert to indicate a user associated with the network gateway device that the first computing device failed the integrity or security check (Sahay, [0041]-[0042]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-Kraemer-Haugsnes-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network. As to claims 25-31, the same reasoning applies mutatis mutandis to the corresponding non-transitory computer-readable storage medium claims 25-31. Accordingly, claims 25-31 are rejected over Pitchaiah in view of Kraemer, Haugsnes, and Sahay. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by Kraemer, Haugsnes, and Sahay as applied to claim 4 above, and further in view of U.S. Patent Application Publication 2016/0212099 A1 to Zou et al. (hereinafter Zou). As to claim 5, Pitchaiah-Kraemer-Haugsnes-Sahay substantially disclose a computer-implemented method as set forth in claim 4. Pitchaiah-Kraemer-Haugsnes-Sahay does not explicitly disclose generating, by the network gateway device, a notification recommending a specified zone to which the first computing device is to be assigned, and receiving an approval from a user associated with the network gateway device to assign the first computing device to the specified zone. Zou disclose generating a notification recommending a specified zone to which a first computing device is to be assigned, and receiving an approval from a user associated with a network gateway device to assign the first computing device to the specified zone (Zou, [0056]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to use device and user profiles to build traffic rules/filters as taught by Zou to modify the method of Pitchaiah-Kraemer-Haugsnes-Sahay in order to prevent attacks against IoT devices and to ensure that such devices are not compromised. Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by Kraemer and Haugsnes as applied to claim 32 above, and further in view of U.S. Patent 10,177,933 B2 to Burks et al. (hereinafter Burks). As to claim 33, Pitchaiah-Kraemer-Haugsnes substantially discloses a system as set forth in claim 32 above. Pitchaiah-Kraemer-Haugsnes does not explicitly disclose the network gateway device is a set-top box. Burks discloses a network gateway device is a set-top box (coordinator 1310 can be implemented in a desktop computer, a Wi-Fi or access-point unit, a dedicated accessory-control base station, a set-top box for a television or other appliance (which can implement base station functionality in addition to interacting with the television or other appliance), or any other electronic device as desired, Burks, Col. 29, Line 20-40). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to use set-top box as taught by Burks to modify the system of Pitchaiah-Kraemer-Haugsnes in order to provide same services with less devices. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-10 and 24-33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-33 of U.S. Patent No. 11,102,216 B2 (hereinafter P216). Although the claims at issue are not identical, they are not patentably distinct from each other. Examiner maintains the rejection as set forth in the non-final office action mailed on 06/06/2022 since Applicant does not explicitly point out any deficiency in the rejection. Claims 1-10 and 24-33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-33 of U.S. Patent No. 10,574,664 B2 (hereinafter P664). Although the claims at issue are not identical, they are not patentably distinct from each other. Examiner maintains the rejection as set forth in the non-final office action mailed on 06/06/2022 since Applicant does not explicitly point out any deficiency in the rejection. Response to Arguments Applicant's arguments filed 12/10/2025 have been fully considered but they are not persuasive. Regarding Applicant’s first argument “As discussed during the Interview, although Haugsnes appears to mention a third-party company remotely interfaces with security equipment, it nevertheless fails to disclose or suggest that third party actually interfaces with remote equipment. For example, it is unclear what tasks can be performed by Haugsnes' third-party company. It is also unclear whether its third-party company can determine any device zones based on any attributes at all. As discussed during the Interview, even though Pitchaiah appears to disclose grouping devices into first and second groups (ee, e.g., Figure 2 and paragraph [0041]), it nevertheless fails to suggest using a third party to perform any grouping tasks based on any network bandwidth usage. Without conceding that Kraemer provides the teaching for which it was cited, it nevertheless fails to cure the deficiencies of Pitchaiah and Haugsnes discussed above. Other cited references also fail to cure the deficiencies of Pitchaiah and Haugsnes. As a result, the combination of Pitchaiah, Kraemer, and Haugsnes (and other cited references) does not support a Section 103 rejection of independent claims 1, 24, and 32 and their dependent claims. Accordingly, the Section 103 rejection of these claims should be withdrawn.” on page 9-10, Examiner respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). As set forth in the rejection, Pitchaiah discusses, in [0028]-[0029], [0039]-[0046], [0065]-[0068], that “The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc” (emphasis added). So, Pitchaiah’s disclosure reads on claimed “generating multiple device zones in a local area network of the network gateway… and wherein the multiple device zones are generated based on customized attributes determined network management service at least based on the network bandwidth usage”. The difference between the claimed limitation and Pitchaiah’s disclosure is that Pitchaiah does not explicitly disclose wherein the local area network is remotely managed by an external network management service. Providing network management services by a third party is known practice in industry. For example, Haugsnes discloses a network is remotely managed by an external network management service (see [0003]. Note the rejection relies on “the third party company remotely interfaces with the enterprise's security equipment”). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to outsource IT security management as taught by Haugsnes to modify the method of Pitchaiah in order to enable network security providers to share experience or data regarding risks (including sources of questionable or offensive data, viruses, programs and sources of directed attacks). Regarding “Applicant respectfully submits that pending claims are not obvious in light of the claims of the foregoing patent application. Applicant accordingly does not concede to the merits of these rejections. Nonetheless, in the interest of expediting prosecution, Applicant is willing to consider submitting a terminal disclaimer regarding the foregoing patents when all other rejections are fully addressed” on page 10, Examiner respectfully disagrees. Examiner maintains the ODP rejections since Applicant does not file terminal disclaimer to overcome the rejections or specifically point out any deficiencies in the rejections. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522. The examiner can normally be reached Monday-Friday 8:30AM-4:30PM IFP. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached at (571)272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /RUOLEI ZONG/Primary Examiner, Art Unit 2449 1/18/2026