DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the amendment filed on 05/05/2025.
In the instant Amendment, claim 8 is cancelled, claims 1, 6, 9, 14, 17, and 20 have been amended; and claims 1, 14, and 20 are independent claims. Claims 1, 3-14, and 16-20 have been examined and are pending. This action is FINAL.
Response to Arguments
Applicant’s arguments, filed on 05/05/2025 have been fully considered but are not persuasive
Applicant argues: “The applied references do not disclose or suggest, "a memory storing the plurality of PPSKs in a data store of the memory that does not include medium access control (MAC) addresses of the plurality of client devices for which the plurality of PPSKs are provisioned," as recited in amended independent claim 1.”.
The Examiner disagrees with the Applicant. The Examiner respectfully submits that Stephenson does teach a database that stores DPSK in association with user identifiers instead of MAC of client devices, see Stephenson “para[0119-0113, “Note that DPSK server 610 may be a network server that provides authentication services. DPSK server 610 may authenticate a given one of end devices 620 using DPSK authentication. Moreover, DPSK server 610 may include a data structure or a database in which user identifiers and their DPSK passphrases are stored.” Also, The Examiner would like to point out that the recitation of “a memory storing the plurality of PPSKs in a data store of the memory that does not include medium access control (MAC) addresses of the plurality of client devices for which the plurality of PPSKs are provisioned” merely describes the content of the store data. This is non-functional descriptive material that does not impose any structure or operational imitation on the claimed network management system. The steps of performing key lookups, authentication the client device and managing network policies operate identically whether or not MAC address field exists in the data store. Accordantly, the limitation is not entitled to patentable weight under the printed matter doctrine as set forth in MPEP 211.05 and case such as Ngai and In re Gulack.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 6, 9, 14, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sheu et al. (U.S. Pub. No. 20130269008 A1; Hereinafter “Sheu”) in view of Shen et al. (U.S. Pub. No. 20100115278 A1; Hereinafter “Shen”), Stephenson et al. (U.S. Pub. No. 20210075618 A1; Hereinafter “Stephenson”) and Porter et al. (U.S. Pub. No. 20180232704 A1; Hereinafter “Porter”).
As per claims 1, 14, and 20, Sheu teaches a network management comprising (Sheu: para[17-18], fig. 1, “a network environment 100 in which a system for secured network access at a branded hotspot. Network environment 100 may include a user device 110 and a `hotspot` including access point 130”):
a front-end comprising a wireless local area network (LAN) controller (WLC) (Sheu: para[18-25], “The network environment 100 may further include web server 140, a hotspot controller 150,”) and a cache configured to hold a portion of key information of a plurality of private pre-shared keys (PPSKs) (Sheu: para[26-27], [37] “Hotspot controller 150 may also store information associating the particular key with the requesting user device 110…information regarding the guest identity, the user device 110 belonging to the guests (e.g., as identified by MAC address) and the amount of bandwidth allotted may also be stored in association with the unique pre-shared key… stores a plurality of pre-shared keys associated with a brand.”),
wherein each PPSK is provisioned for a particular client device or a particular group of client devices of a plurality of client devices associated with a wireless network provided by a plurality of access point (AP) devices at a site managed by the network management system (Sheu: para[25-26], “Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100…..the hotspot controlled by hotspot controller 150 may be associated with a particular brand (e.g., hotel or coffee shop chain). When a user device 110 that is new to a brand requests secure network access, the request may be redirected to web server 140, which may convey the request to hotspot controller 150. Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110”, para[36], “Hotspot controller 150 may randomly generate the unique pre-shared secret for each user device 110 using various algorithms and formulas”), wherein the network management system comprises a cloud-based system that is not located within the site (Sheu: para[27], fig. 1 “The database of pre-shared keys 160 is accessible via the cloud (e.g., Internet) and stores a plurality of pre-shared keys associated with a brand.”),
and wherein the WLC is configured to:
perform, in response to a key lookup request from an AP device of the plurality of AP devices for a client device requesting access to the wireless network via the AP device, a key lookup in the cache (Sheu: para[40-41], “A subsequent request for access to the secure communication network 120B is generated based on the unique pre-shared key…The package may include any applications, policies, or parameters required for connection to the secure communication network 120B…The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters….In step 250, it is determined whether the hotspot controller 150 has a corresponding pre-shared key. In instances where the user device 110 is a repeat user of the same hotspot, the associated hotspot controller 150 may already have a corresponding pre-shared key in memory and the method may skip ahead to step 265.”);
in response to a PPSK provisioned for the client device being found in the cache, distribute key information of the PPSK for the client device to at least the AP device (Sheu: para[44], “In step 265, secured network access is provided to the user device 110 in accordance with the parameters and policies indicated by the query response”).
in response to the PPSK provisioned for the client device not being found in the cache, send the key lookup request to a back-end of the network management system (Sheu: para[41-42], “, the hotspot controller 150 at this new hotspot may not have a corresponding pre-shared key, and the method proceeds to step 255. In step 255, a query is generated and sent to a database of pre-shared keys 160.”); and
the back-end comprising: a memory storing the plurality of PPSKs (Sheu: para[27], “The database of pre-shared keys 160 is accessible via the cloud (e.g., Internet) and stores a plurality of pre-shared keys associated with a brand. In some instances, the database 160 may store keys for a plurality of brands. The pre-shared keys and related information (e.g., associated parameter(s) for secured network access) may provided by a plurality of branded hotspots); and
(Sheu: para[40-43], “In step 260, the pre-shared key information is retrieved from the database 160. Using the information in the query, the database 160 may identify that the user device 110 has been provided with a pre-shared key at a hotspot associated with the same brand as the hotspot (i.e., hotspot controller 150) that sent the query...”),
in response to identifying the PPSK provisioned for the client device in the memory, authenticate the client device to access the wireless network via the AP device (Sheu: para[40-43], “The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters.”),
send the key information of the PPSK for the client device to the WLC for distribution to at least the AP device (Sheu: para[43-44], “As such, information regarding a corresponding pre-shared key (including related policies and parameters) may be sent to the hotspot controller 150 in response to the query. In step 265, secured network access is provided to the user device 110 in accordance with the parameters and policies indicated by the query response sent from the database 160”).
Sheu does not explicitly teach based on at least a passphrase provided by the client device and included in the key lookup request; back-end comprising: one or more processors coupled to the memory and configured to; manage one or more of tracking the client device, policy application to the client device, or handling of network traffic from the client device while connected to the wireless network using the PPSK as an identifier of the client device.
However, in the related art, Shen teaches manage one or more of tracking the client device, policy application to the client device, or handling of network traffic from the client device while connected to the wireless network using the PPSK as an identifier of the client device Shen: para[0057], “The process may start at any suitable point and may be part of a continuous monitoring of a state of a programming interface such as, for example, Remove Key API 214 shown in FIG. 2 and/or a timing component within Control Logic 216 that triggers a periodic check of whether any PSK's has exceeded their TTL's.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update Sheu with the tracking process as discussed in Shen it will enhanced security by identifying unauthorized devices, streamlined device management with policy application, and the ability to take proactive measures against potential threats (Shen: para[45]).
Sheu in view of Shen does not explicitly teach back-end comprising: one or more processors coupled to the memory and configured to; storing the plurality of PPSKs in a data store of the memory that does not include medium access control (MAC) addresses of the plurality of client devices for which the plurality of PPSKs are provisioned; and based on at least a passphrase provided by the client device and included in the key lookup request.
However, in the related art, Stephenson teaches a memory storing the plurality of PPSKs in a data store of the memory that does not include medium access control (MAC) addresses of the plurality of client devices for which the plurality of PPSKs are provisioned (Stephenson: para[0119-0113, “Note that DPSK server 610 may be a network server that provides authentication services. DPSK server 610 may authenticate a given one of end devices 620 using DPSK authentication. Moreover, DPSK server 610 may include a data structure or a database in which user identifiers and their DPSK passphrases are stored.”); and
based on at least a passphrase provided by the client device and included in the key lookup request (Stephenson: para[71-72], [157] “access point 116-1 may provide an access request to computer 112 (such as a RADIUS access request), and computer 112 may provide the access request to AAA server 130 (such as a RADIUS access request). In some embodiments, the access request includes passphrase parameters associated with the user.”, “a WLAN controller (such as computer 112 in FIG. 1)”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with passphrase as discussed in Stephenson it is more resistant to hacking and will improve user experience and performance of the system(Stephenson: para[81]).
Sheu in view of Shen and Stephenson does not explicitly teach back-end comprising: one or more processors coupled to the memory and configured to.
However, in the related art, Porter teaches back-end comprising: one or more processors coupled to the memory and configured to (Porter: fig. 1, para[24], “the database 104 can run one or more applications which are accessed over the network 102. For example, the database 104 can include processors or other logic devices capable of executing software or carrying out other computer algorithms. The database 104 can allow a resident to access the hardware of the database 104 for remote computing or for information retrieval.”);
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the database of Porter, it will improve the system by providing scalability and faster processing data manipulation (Porter: para[007]).
As per claims 6, 17, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1. Shen teaches wherein the key information of the PPSK includes at least a key name and a key value (Shen: para[0049], “in addition to providing a value for each PSK, provisioning a PSK may include specifying duration of the key or other characteristics of the key. Such information may be provided through the same API as the key itself or in any other suitable way. As discussed above, client devices may have different requirements with respect to a PSK. Thus, embodiments of the invention provide use of PSK's of different lifetime and complexity. In one embodiment, a PSK may be a 256 bit number or a passphrase from 8 to 63 bytes long.”), and
wherein to manage tracking the client device while connected to the wireless network, the one or more processors are configured to one or more of: track user activity based on the key name of the PPSK for the client device rather than a (MAC) address of the client device (Shen: para[0057], “the process may start at any suitable point and may be part of a continuous monitoring of a state of a programming interface such as, for example, Remove Key API 214 shown in FIG. 2 and/or a timing component within Control Logic 216 that triggers a periodic check of whether any PSK's has exceeded their TTL's. At decision block 402, the process determines whether a user input instructing the AP (e.g., AP 102) to remove a selected PSK is received. The AP or a device (e.g., computing device 204) that configures the AP may have a user interface, which may be used to receive the user input.”);
provide the key name of the PPSK for the client device for one or more client session logs; or track the client device using the key value of the PPSK for the client device (Shen: para[0053], “The process may then end. As part of allowing the connection, the AP may respond to the request in the same way that an AP as known in the prior art responds to a request, though the response of the AP may be based on a PSK selected after matching information in the request from the client device and additional processing may include generating session keys, group keys or other information based on the identified PSK. Allowing the connection may also include creating a data structure in Connections Store 222, as discussed above”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to update the modified teaching of Sheu with the tracking of user activity based on key name of PSK of Shen it will protect information while ensuring availability and compliance with data privacy and security regulations (Shen: para[45]).
As per claim 9, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1. Sheu teaches wherein the data store in which the memory stores the plurality of PPSKs is hosted in a micro-services cloud infrastructure with no scaling limits (Sheu: para[27], fig. 1 “The database of pre-shared keys 160 is accessible via the cloud (e.g., Internet) and stores a plurality of pre-shared keys associated with a brand. In some instances, the database 160 may store keys for a plurality of brands. The pre-shared keys and related information (e.g., associated parameter(s) for secured network access) may provided by a plurality of branded hotspots.”).
Claims 3-4, 12, are rejected under 35 U.S.C. 103 as being unpatentable over Sheu et al. (U.S. Pub. No. 20130269008 A1; Hereinafter “Sheu”) in view of Shen et al. (U.S. Pub. No. 20100115278 A1; Hereinafter “Shen”), Stephenson et al. (U.S. Pub. No. 20210075618 A1; Hereinafter “Stephenson”), Porter et al. (U.S. Pub. No. 20180232704 A1; Hereinafter “Porter”), and Neipris et al. (U.S. Pub. 20210099876 A1; Hereinafter “Neipris”).
As per claim 3, Sheu in view of Shen and Stephenson teaches the claim 1. Shen teaches wherein the WLC is configured to: record the key information of the PPSK for the client device in the cache (Shen: para[0058], “As can be seen in FIG. 11, WLC 220 may maintain information about devices (e.g., STAs), policies, PSK, and zone/APs.” such as: client MACA Address, PSK index, PSK, SSID, Authorized Zones in the WLC table in fig. 11 );
detect one or more neighboring AP devices to which the client device could roam from the AP device (Shen: para[0043], “a map of which APs can be heard from each unit is built over time, using STAs probe requests and 802.11k beacon reports. As tenants connect different STAs over time from different locations of the unit, the signal to each detecting AP is recorded. As this training continues, in the pre-shared key management logic 150, each unit is associated to neighboring units and their APs, along with signal bleeding likelihood. Then, when a new tenant connects a new STA (with its associated initial channel scan), this solution uses the signal level on each detecting AP to determine the unit likelihood, and tries the PSK set associated to the unit in priority (even if the authentication/association requests are sent to another neighboring A”).
Sheu in view of Shen, Stephenson and Porter does not explicitly teach send the key information held in the cache to the one or more neighboring AP devices.
However, in the related art, Neipris teaches send the key information held in the cache to the one or more neighboring AP devices ( Neipris: para[0056], “At block 480, when a match between the stored and calculated MIC is identified, the PMK that resulted in the match is transmitted to the AP. The AP may receive the PMK at block 485. Using the PMK, the AP can establish an encrypted communication session with the wireless device and grant network (e.g., Internet) access to the wireless device at block 490.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the distribution of key information of Neipris, it will strengthen the security, visibility and access management of a proprietary network (Neipris para[46]).
As per claim 4, Sheu in view of Shen, Stephenson and Porter teaches the claim 1.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein to authenticate the client device, the one or more processors are configured to determine whether the PPSK is valid for the client device based on at least one of whether a current date is past an expiration date for the PPSK or whether a number of concurrent active devices using the PPSK is below a usage limit for the PPSK.
However, in the related art, Neipris teaches wherein to authenticate the client device, the one or more processors are configured to determine whether the PPSK is valid for the client device based on at least one of whether a current date is past an expiration date for the PPSK or whether a number of concurrent active devices using the PPSK is below a usage limit for the PPSK (Neipris: para[0028], “For the PSK, a particular wireless network access profile can be retrieved from profile database 114. Whether access to the wireless network is granted by AP 140 is contingent on the information present in the particular wireless network access profile mapped to the PSK. For instance, the wireless network access profile may include: a permissible time range for access; a permissible date range for access; whitelisted and/or blacklisted MAC addresses; an amount of bandwidth; a total amount of uplink and/or downlink data permissible within a given time period (e.g., one month); permissible or impermissible uses (e.g., no video streaming); whether further authentication is needed, a level of access, which networks are permitted to be accessed, et”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the distribution of key information of Neipris, it will strengthen the security, visibility and access management of a proprietary network (Neipris para[46]).
As per claim 12, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein the one or more processors are further configured to: generate data representative of a user interface of a PPSK self-provisioning portal for display on an end-user computing device, the PPSK self-provisioning portal associated with a particular type of onboarding workflow, wherein the data representative of the user interface includes at least one fillable field to receive contact information of a user of the client device; provision, based on the contact information of the user received from the end-user computing device via the user interface, the PPSK for the client device in accordance with the particular type of onboarding workflow of the PPSK self-provisioning portal; and output the passphrase of the PPSK to at least one of the end user computing device or the client device.
Neipris teaches, wherein the one or more processors are further configured to: generate data representative of a user interface of a PPSK self-provisioning portal for display on an end-user computing device, the PPSK self-provisioning portal associated with a particular type of onboarding workflow, wherein the data representative of the user interface includes at least one fillable field to receive contact information of a user of the client device (Neipris: para[0032], “In some embodiments, additional security beyond the wireless device being used to supply a valid PSK may be desired by the administrator that operates registration system 120. As previously noted, additional information, such as a unique identifier of a user (e.g., email address, password) may be stored as part of a wireless network access profile in profile database 114. ..For instance, AP 140 may request an email address, loyalty identifier/number, or some other form of unique identifier from a user wireless device 150. A user may then supply the email address (or other form of unique identifier) that was provided during the registration process to registration system 120. Either AP 140 or cloud-based provisioning system 110 may verify whether the provided unique identifier matches the stored unique identifier within the wireless network access profile”);
provision, based on the contact information of the user received from the end-user computing device via the user interface, the PPSK for the client device in accordance with the particular type of onboarding workflow of the PPSK self-provisioning portal (Neipris: para[0032], “ Either AP 140 or cloud-based provisioning system 110 may verify whether the provided unique identifier matches the stored unique identifier within the wireless network access profile. If a match is present, network access may be provided.” See also para[0056] , “the PMK that resulted in the match is transmitted to the AP. The AP may receive the PMK at block 485. Using the PMK, the AP can establish an encrypted communication session with the wireless device and grant network (e.g., Internet) access to the wireless device at block 490”); and
output the passphrase of the PPSK to at least one of the end user computing device or the client device (Neipris: para[0035-0036],“the user connects a first user device to the Wi-Fi access point at the property using his current, unique Wi-Fi WPA2 PSK…In some implementations, each user/resident/subscriber is provided a Wi-Fi passphrase (Wi-Fi WPA2 key) that can be used to onboard devices, without requiring a MAC address.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the distribution of key information of Neipris, it will strengthen the security, visibility and access management of a proprietary network (Neipris para[46]).
Claims 5, 7, 10-11, 13, 16, 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sheu et al. (U.S. Pub. No. 20130269008 A1; Hereinafter “Sheu”) in view of Shen et al. (U.S. Pub. No. 20100115278 A1; Hereinafter “Shen”), Stephenson et al. (U.S. Pub. No. 20210075618 A1; Hereinafter “Stephenson”), Porter et al. (U.S. Pub. No. 20180232704 A1; Hereinafter “Porter”), and Olshansky et al. (U.S. Pub. 20200396604 A1; Hereinafter “Olshansky”).
As per claims 5, and 16, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein the key information of the PPSK includes at least a key name, a key value, and one or more labels indicative of role assignments of the PPSK, and
wherein to manage policy application to the client device while connected to the wireless network, the one or more processors are configured to: assign one or more policies to the PPSK using the one or more labels; and configure the one or more policies at each of the plurality of AP devices, wherein the one or more policies are applied by the AP device to the client device identified by the PPSK.
However, Olshansky teaches wherein the key information of the PPSK includes at least a key name, a key value, and one or more labels indicative of role assignments of the PPSK (Olshansky [0071-0074] “Message 2b is a RADIUS access-accept response from the Wi-Fi PSK manager to the authenticator. The access-accept response can contain any standard authorization attributes including Vendor-Specific Attributes and/or VLAN ID (which can be used to configure the access points to tag the packets associated with the device requesting access with the VLAN ID tag), bandwidth parameters, and the like” see also table 00001), and
wherein to manage policy application to the client device while connected to the wireless network, the one or more processors are configured to: assign one or more policies to the PPSK using the one or more labels (Olshansky: para[0071], “For example, an attribute carrying an 802.1q or 802.1ad ID can be included to create a personal area network for the resident. In this case, all devices sharing a Pre-Shared Key can communicate with one another but at the same time be isolated from devices belonging to other residents. Other attributes can specify bandwidth management, quality of service parameters, parental control policies and so forth.”); and
configure the one or more policies at each of the plurality of AP devices, wherein the one or more policies are applied by the AP device to the client device identified by the PPSK (Olshansky: para[0071], “So in additional to specifying the determined key to the authenticator, the Wi-Fi PSK manager can instruct the authenticator to put the supplicant on a particular VLAN (e.g., based on the Wi-Fi PSK manager's determination of a mapping between the key and the VLAN to be used for the supplicant).”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the key information’s of Olshansky, it will ensuring a secure connection and consistent signal for all users (Olshansky: para[23]).
As per claims 7 and 18, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein the key information of the PPSK includes at least a key name, a key value, and a virtual network identifier of the PPSK; wherein to manage handling of network traffic from the client device while connected to the wireless network, the one or more processors configured to: assign a virtual network to the PPSK using the virtual network identifier; and designate a traffic forwarding method for the PPSK, wherein the designated traffic forwarding method is used by the AP device based on the virtual network identifier to forward traffic received from the client device identified by PPSK.
However, in the related art, Olshansky teaches wherein the key information of the PPSK includes at least a key name, a key value, and a virtual network identifier of the PPSK (Olshansky [0071-0074] “Message 2b is a RADIUS access-accept response from the Wi-Fi PSK manager to the authenticator. The access-accept response can contain any standard authorization attributes including Vendor-Specific Attributes and/or VLAN ID (which can be used to configure the access points to tag the packets associated with the device requesting access with the VLAN ID tag), bandwidth parameters, and the like” see also table 00001), and
wherein to manage handling of network traffic from the client device while connected to the wireless network, the one or more processors configured to: assign a virtual network to the PPSK using the virtual network identifier (Olshansky: para[0022],[0060-0061] “using the personal Wi-Fi WPA2 key, a unique private network is created for each user, and the devices that connect to the Wi-Fi network using the same key, regardless of the locations the individual devices connect from or the access points the individual devices connect to, are added to the private network (e.g., virtual personal area network [VPAN], or a virtual local area network [VLAN]). For example, a special tag (e.g., VLAN ID tag) is added to all packets associated with these devices. To do so, when the Wi-Fi controller authenticates a device using a PSK, the Wi-Fi controller may provide the VLAN ID associated with the PSK to the access point in order to direct the access point to tag all traffic generated by the device with the provided VLAN ID.”); and
designate a traffic forwarding method for the PPSK, wherein the designated traffic forwarding method is used by the AP device based on the virtual network identifier to forward traffic received from the client device identified by PPSK (Olshansky: para[0022],[0060-0061] “Using the VLAN ID tags, the access points and/or the switches in the network environment may allow devices that are part of the same private network (e.g., having the same VLAN ID tag) to directly communicate with each other and prevent devices that are part of different private networks (e.g., having different VLAN ID tags) from directly communicating with each other.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the key information’s of Olshansky, it will ensuring a secure connection and consistent signal for all users (Olshansky: para[23]).
As per claims 10 and 19, Sheu in view of Shen, Stephenson and Porter teaches the independent claim 1.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein to provision the PPSK for the client device, the one or more processors are configured to: generate data representative of a user interface for display on a computing device of a network administrator; configure, based on data received from the computing device via the user interface, the PPSK with a key name, a wireless network name, and the passphrase; associate, based on data received from the computing device via the user interface, contact information of a user of the client device with the PPSK.
However, in the related art, Olshansky teaches wherein to provision the PPSK for the client device, the one or more processors are configured to: generate data representative of a user interface for display on a computing device of a network administrator (Olshansky: para[0068-0072], fig. 13“ Message 2a is a RADIUS (Remote Authentication Dial-In User Service) access request from the authenticator to the Wi-Fi PSK manager. .. the RADIUS access request may contain other information which the Wi-Fi PSK manager knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the Wi-Fi PSK manager. In such cases, the Wi-Fi controller described herein may not need to store the keys for each user or resident, and may be able to submit a request to the Wi-Fi PSK manager to authenticate users.”);
configure, based on data received from the computing device via the user interface, the PPSK with a key name, a wireless network name, and the passphrase (Olshansky: para[0072-0088], Table 00001“For each PSK (e.g., called cPSK) configured for the location, the following parameters are determined (c stands for “candidate”):TABLE-US-00001 cPMK = PBKDF2(cPSK, SSID, SSID_LENGTH, 4096, 256) cPTK = PRF(cPMK, ″Pairwise key expansion″, Min(AA,SPA) || Max(AA,SPA) || Min(ANonce,SNonce) || Max(ANonce,SNonce)) cKCK = L(cPTK, 0, 128) cMIC = HMAC(SHAl, key=cKCK, data=EAPOL header (MIC cleared)) If Resident-MIC == cMIC // We found a match. Candidate PSK is Resdient′ s PSK. Thus, return it Resident-PSK = cPSK Return”); and
associate, based on data received from the computing device via the user interface, contact information of a user of the client device with the PPSK (Olshansky: para[0094], “The database may list all the units and associated VLAN IDs for the units. When a prospective resident signs the lease to a unit, the property manager may communicate that information (e.g., including the service start date and/or end date of that resident and the unit) to the cloud server, and the cloud server may generate a Wi-Fi key for the prospective resident.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the key information’s of Olshansky, it will ensuring a secure connection and consistent signal for all users (Olshansky: para[23]).
As per claim 11, Sheu in view of Shen, Stephenson, Porter and Olshansky teaches the dependent claim 10. Olshansky teaches wherein the one or more processors are further configured to configure, based on data received from the computing device via the user interface, the PPSK with at least one of: a virtual network identifier and a traffic forwarding method comprising one of local forwarding or remote tunneling; one or more role assignments; a usage limit comprising one of unlimited devices or a set number of devices; or an expiration date and reminder information that indicates whether to notify a user of the client device before expiration of the PPSK (Olshansky: para[0016], “Registration system 120 may be used to transmit a message to the user indicative of the unique PSK, the SSID of the wireless network, a unique identifier associated with the user (e.g., email address, loyalty identifier, patient record number, reservation number, social security number, user-created password, etc.) and/or other details and/or rules that may be pertinent to the user, such as the times and dates during which the user is authorized to access the wireless networks, the bandwidth allocated to the user, access and/or creation of personal area networks (PANs), and access to virtual local area networks (VLANs), etc.” see also para [0019],[0028]).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the key information’s of Olshansky, it will ensuring a secure connection and consistent signal for all users (Olshansky: para[23]).
As per claim 13, Sheu in view of Shen, Stephenson and Porter teaches the dependent claim 12.
Sheu in view of Shen, Stephenson and Porter does not explicitly teach wherein to provision the PPSK for the client device, the one or more processors are configured to: in the case of a contractor onboarding workflow, provision the PPSK for the client device in response to identifying the contact information of the user in a user directory; and in the case of a guest onboarding workflow, provision the PPSK for the client device in response to receiving a guest access request from a lobby administrator for the contact information of the user; or in the case of a sponsored onboarding workflow, provision the PPSK for the client device in response to receiving approval from a sponsor for the contact information of the user.
However, in an analogous art, Olshansky teaches wherein to provision the PPSK for the client device, the one or more processors are configured to: in the case of a contractor onboarding workflow, provision the PPSK for the client device in response to identifying the contact information of the user in a user directory (Olshansky: para[0054-0056], “As previously detailed, in some embodiments, additional data may be collected from the wireless device before access is granted based on data stored in the profile having the matching PMK. For instance, a user may be required to provide an identifier (e.g., username, email address, loyalty number) that matches a stored identifier in the profile and/or the user may be required to accept a set of terms of service provided to the wireless device (or provided to a related wireless device).”);
in the case of a guest onboarding workflow, provision the PPSK for the client device in response to receiving a guest access request from a lobby administrator for the contact information of the user; or in the case of a sponsored onboarding workflow, provision the PPSK for the client device in response to receiving approval from a sponsor for the contact information of the user (Olshansky: para[0069-0072], “In such cases, the Wi-Fi controller described herein may not need to store the keys for each user or resident, and may be able to submit a request to the Wi-Fi PSK manager to authenticate users. The Wi-Fi PSK manager may be implemented in the cloud (e.g., using a pool of network-accessible computing resources provided by a cloud provider), on site (e.g., at the MDU property), or in an off-site location. In some implementations, the Wi-Fi PSK manager may have access to (or maintain) the information described herein as being accessed or maintained by the Wi-Fi controller (e.g., database of keys, VLAN IDs, user information, etc.). In some of such implementations, the Wi-Fi controller does not directly access or manage the information accessed/managed by the Wi-Fi PSK manager.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to have update the modified Sheu with the key information’s of Olshansky, it will ensuring a secure connection and consistent signal for all users (Olshansky: para[23]).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571)-270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/L.L.N./Examiner, Art Unit 2437
/ALEXANDER LAGOR/Supervisory Patent Examiner, Art Unit 2437