DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant’s election without traverse of Group II in the reply filed on 01/20/2026 is acknowledged.
Claims 9-14 and 27-32 are pending on this application. Claims 9, 21, and 27 are in independent forms. Claims 1-8 and 15-20 has been cancelled.
Priority
No foreign priority is claimed.
Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 08/25/2025 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings filed on 10/06/2023 are accepted by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 9-10, 12-13, 21-22, 24-25, 27-28, and 30-31 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Medvinsky et al. US Patent Application Publication No. 2023/0198968 (hereinafter Medvinsky) in view of Fan et al. US Patent Application Publication No. 2017/0155641 (hereinafter Fan).
Regarding claim 9, Medvinsky discloses one or more non-transitory computer-readable media comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
“receiving, from an access management device, a credentials request for user credentials to connect to a wireless network” (see Medvinsky par. 0046, The user device 306 sends a request for credentials to the secure online service 304, as shown in block 508. Since the user device 306 has not yet been provisioned with DPP credentials (e.g., a signed configuration object), the user device 306 may use a mobile operator network instead of Wi-Fi to obtain the credentials from the secure online service 304, or establish a temporary Wi-Fi connection using a legacy password-based authentication method);
responsive to the credentials request:
“generating a first set of user credentials for connecting to the wireless network” (see Medvinsky par. 0045, In block 502, the key generation facility 302 generates or imports a plurality of sets of credentials. Each set of credentials includes, for example, a public/private key pair (e.g. K.sub.Pr and associated K.sub.Pu) and optional attributes that identify end devices 306. Such optional attributes include the media access control (MAC) address of the user devices 306 or the Wi-Fi channels used by the associated user devices 306);
“transmitting, to the access management device, the first set of user credentials” (see Medvinsky par. 0041, In block 402, a request for credentials is transmitted from the user device 306 to the secure online service 304);
Medvinsky does not explicitly discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device; authenticating the first client device based on the first set of user credentials; and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device.
However, in analogues art, Fan discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device (see Fan par. 0050, the client device functions to send and receive data through the authenticator network device. In the example of operation, the network authentication system 108 functions to authenticate the client device 104 for a network. Further in the example of operation, the authenticator network device 106 transmits authentication data between the network authentication system 108 and the client device 104. In the example of operation, the authenticator network device 106 generates and sends a user credential query message to the device service management system. Additionally, in the example of operation, the device service management system 110 sends user credentials, including a user key, a user ID, and a nonce, to the authenticator network device 106); authenticating the first client device based on the first set of user credentials (see Fan par. 0042, the authenticator network device 106 functions to generate and send a user credential query message to the device service management system 110. Depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after the client device 104 is authorized for a network by the network authentication system 108); and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device (see Fan Par. 0042, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after a new service is provisioned to client devices coupled to a network. Still further depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system after receiving a service request from a client device. A user credential query message sent by the authenticator network device 106 can include a MAC address of the client device 104).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fan in to the system of Medvinsky in order to include a service request received from the client device at the authenticator network device. Further, in at least one of the various implementations, user credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device (see Fan par. 0006).
Regarding claims 10, 22, and 28, Medvinsky in view of Fan discloses the one or more non-transitory computer-readable media of claim 9, the method of claim 21, the system of claim 27,
Medvinsky further discloses wherein generating the first set of user credentials further comprises: assigning a network identifier to be used in association with the first set of user credentials, and wherein transmitting the user credentials further comprises: transmitting the network identifier to be used in association with the first set of user credentials (see Medvinsky par. 0047, The QR code data may optionally include additional information such as the MAC address and/or channel information of the user device 306. Such information may be obtained, for example, by the user device 306 optionally transmitting the MAC address and Wi-Fi channel information in block 508, or by including the MAC address and/or Wi-Fi channels in the credentials that are generated or imported in block 502. In such cases, the QR code is generated from the public key K.sub.Pu and the optional additional information).
Regarding claims 12, 24, and 30, Medvinsky in view of Fan discloses the one or more non-transitory computer-readable media of claim 9, the method of Claim 21, the system of Claim 27,
Fan further discloses wherein the first set of user credentials are valid for authenticating a plurality of client devices, and wherein the operations further comprise: receiving, from a second client device, the first set of user credentials (see Fan par. 0050, the client device functions to send and receive data through the authenticator network device. In the example of operation, the network authentication system 108 functions to authenticate the client device 104 for a network. Further in the example of operation, the authenticator network device 106 transmits authentication data between the network authentication system 108 and the client device 104. In the example of operation, the authenticator network device 106 generates and sends a user credential query message to the device service management system. Additionally, in the example of operation, the device service management system 110 sends user credentials, including a user key, a user ID, and a nonce, to the authenticator network device 106); authenticating the second client device based on the first set of user credentials (see Fan par. 0042, the authenticator network device 106 functions to generate and send a user credential query message to the device service management system 110. Depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after the client device 104 is authorized for a network by the network authentication system 108); and subsequent to authenticating the second client device, serving a second set of requests from the second client device (see Fan Par. 0042, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after a new service is provisioned to client devices coupled to a network. Still further depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system after receiving a service request from a client device. A user credential query message sent by the authenticator network device 106 can include a MAC address of the client device 104).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fan in to the system of Medvinsky in order to include a service request received from the client device at the authenticator network device. Further, in at least one of the various implementations, user credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device (see Fan par. 0006).
Regarding claims 13, 25, and 31, Medvinsky in view of Fan discloses the one or more non-transitory computer-readable media of claim 9, the method of Claim 21,
Medvinsky further discloses wherein the first set of user credentials are only valid for authenticating a single client device (see Medvinsky par. 0039, operations that can be used to provide credentials to a user device 306 for purposes of authorizing the user device 306. The process begins with the key generation facility 302 (preferably a secure offline system) generating a plurality credentials. Each credential comprises an asymmetric key pair, having a public key and associated private key. The key generation facility 302 then encrypts the private key of each symmetric key pair. In one embodiment, the private key is encrypted according to an inner key that is pre-provisioned to the user device 306. The inner key may be global (e.g. shared by all user devices 306), may be shared by multiple devices (e.g. all user devices 306 of a particular model), or may be unique to each user device).
Regarding claim 21, Medvinsky discloses a method comprising:
“receiving, from an access management device, a credentials request for user credentials to connect to a wireless network” (see Medvinsky par. 0046, The user device 306 sends a request for credentials to the secure online service 304, as shown in block 508. Since the user device 306 has not yet been provisioned with DPP credentials (e.g., a signed configuration object), the user device 306 may use a mobile operator network instead of Wi-Fi to obtain the credentials from the secure online service 304, or establish a temporary Wi-Fi connection using a legacy password-based authentication method);
responsive to the credentials request:
“generating a first set of user credentials for connecting to the wireless network” (see Medvinsky par. 0045, In block 502, the key generation facility 302 generates or imports a plurality of sets of credentials. Each set of credentials includes, for example, a public/private key pair (e.g. K.sub.Pr and associated K.sub.Pu) and optional attributes that identify end devices 306. Such optional attributes include the media access control (MAC) address of the user devices 306 or the Wi-Fi channels used by the associated user devices 306);
“transmitting, to the access management device, the first set of user credentials” (see Medvinsky par. 0041, In block 402, a request for credentials is transmitted from the user device 306 to the secure online service 304);
“wherein the method is performed by at least one device comprising a hardware processor” (see Medvinsky Fig. 7 Processor 704, par. 0060, The computer 702 comprises a processor 704 and a memory, such as random access memory (RAM) 706.);
Medvinsky does not explicitly discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device; authenticating the first client device based on the first set of user credentials; and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device.
However, in analogues art, Fan discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device (see Fan par. 0050, the client device functions to send and receive data through the authenticator network device. In the example of operation, the network authentication system 108 functions to authenticate the client device 104 for a network. Further in the example of operation, the authenticator network device 106 transmits authentication data between the network authentication system 108 and the client device 104. In the example of operation, the authenticator network device 106 generates and sends a user credential query message to the device service management system. Additionally, in the example of operation, the device service management system 110 sends user credentials, including a user key, a user ID, and a nonce, to the authenticator network device 106); authenticating the first client device based on the first set of user credentials (see Fan par. 0042, the authenticator network device 106 functions to generate and send a user credential query message to the device service management system 110. Depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after the client device 104 is authorized for a network by the network authentication system 108); and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device (see Fan Par. 0042, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after a new service is provisioned to client devices coupled to a network. Still further depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system after receiving a service request from a client device. A user credential query message sent by the authenticator network device 106 can include a MAC address of the client device 104).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fan in to the system of Medvinsky in order to include a service request received from the client device at the authenticator network device. Further, in at least one of the various implementations, user credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device (see Fan par. 0006).
Regarding claim 27, Medvinsky discloses a system comprising:
“one or more hardware processors” (Fig. 7, General purpose processor 704A, Special purpose processor 704B);
“one or more non-transitory computer-readable media” (Fig. 7, Memory 706)and
program instructions stored on the one or more non-transitory computer-readable media that, when executed by the one or more hardware processors, cause operations comprising: “receiving, from an access management device, a credentials request for user credentials to connect to a wireless network” (see Medvinsky par. 0046, The user device 306 sends a request for credentials to the secure online service 304, as shown in block 508. Since the user device 306 has not yet been provisioned with DPP credentials (e.g., a signed configuration object), the user device 306 may use a mobile operator network instead of Wi-Fi to obtain the credentials from the secure online service 304, or establish a temporary Wi-Fi connection using a legacy password-based authentication method);
responsive to the credentials request:
“generating a first set of user credentials for connecting to the wireless network” (see Medvinsky par. 0045, In block 502, the key generation facility 302 generates or imports a plurality of sets of credentials. Each set of credentials includes, for example, a public/private key pair (e.g. K.sub.Pr and associated K.sub.Pu) and optional attributes that identify end devices 306. Such optional attributes include the media access control (MAC) address of the user devices 306 or the Wi-Fi channels used by the associated user devices 306);
“transmitting, to the access management device, the first set of user credentials” (see Medvinsky par. 0041, In block 402, a request for credentials is transmitted from the user device 306 to the secure online service 304);
Medvinsky does not explicitly discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device; authenticating the first client device based on the first set of user credentials; and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device.
However, in analogues art, Fan discloses receiving, from a first client device, the first set of user credentials, wherein the first client device is different than the access management device (see Fan par. 0050, the client device functions to send and receive data through the authenticator network device. In the example of operation, the network authentication system 108 functions to authenticate the client device 104 for a network. Further in the example of operation, the authenticator network device 106 transmits authentication data between the network authentication system 108 and the client device 104. In the example of operation, the authenticator network device 106 generates and sends a user credential query message to the device service management system. Additionally, in the example of operation, the device service management system 110 sends user credentials, including a user key, a user ID, and a nonce, to the authenticator network device 106); authenticating the first client device based on the first set of user credentials (see Fan par. 0042, the authenticator network device 106 functions to generate and send a user credential query message to the device service management system 110. Depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after the client device 104 is authorized for a network by the network authentication system 108); and subsequent to authenticating the first client device based on the first set of user credentials, serving a first set of requests from the first client device (see Fan Par. 0042, the authenticator network device 106 generates and sends a user credential query message to the device service management system 110 after a new service is provisioned to client devices coupled to a network. Still further depending upon implementation-specific or other considerations, the authenticator network device 106 generates and sends a user credential query message to the device service management system after receiving a service request from a client device. A user credential query message sent by the authenticator network device 106 can include a MAC address of the client device 104).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Fan in to the system of Medvinsky in order to include a service request received from the client device at the authenticator network device. Further, in at least one of the various implementations, user credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device (see Fan par. 0006).
Claims 11, 23, and 29 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Medvinsky et al. US Patent Application Publication No. 2023/0198968 (hereinafter Medvinsky) in view of Fan et al. US Patent Application Publication No. 2017/0155641 (hereinafter Fan) in further view of Tse US Patent Application Publication No. 2016/0006768 (hereinafter Tse).
Regarding claims 11, 23, and 29, Medvinsky in view of Fan discloses the one or more non-transitory computer-readable media of claim 9, the method of claim 21, the system of claim 27,
Medvinsky in view of Fan does not explicitly disclose wherein the operations further comprise: receiving a target access configuration with the credentials request, wherein the first set of user credentials are configured in accordance with the target access configuration, and wherein a connection with the first client device is terminated after a period of time based on the target access configuration.
However, in analogues art, Tse discloses wherein the operations further comprise: receiving a target access configuration with the credentials request, wherein the first set of user credentials are configured in accordance with the target access configuration, and wherein a connection with the first client device is terminated after a period of time based on the target access configuration (see Tse par. 0031, the physical access credential 134 may be revoked at any time by the remote server 130. Revocation may occur for any number of reasons, including but not limited to, a change in device profile 123, a change in approved device identifiers 132, a change in approved user access credentials 133, expiration of a defined time period, and/or a request from the user of the client device 120).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Tse in to the system of Medvinsky and Fan in order to include a remote server may store a log of all granted and denied requests for physical access credentials, all granted physical access credentials, all expired and/or revoked physical access credentials, and/or all uses physical access credentials to obtain entry/access to a physical access point (see Tse par. 0013).
Allowable Subject Matter
Claims 14, 26, and 32 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Buer et al. (US 2006/0085844 A1): discloses Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.
Nair et al. (US 2023/0198981 A1): discloses Systems and methods for credential sharing are disclosed. In some embodiments, a system comprises at least one processor, and memory storing instructions executable by the at least one processor, the instructions when executed cause the system to obtain, from a first user device, a request to share credentials for an access control device with a second user device; generate a host Uniform Resource Locator (URL), the URL comprising a unique token for accessing the access control device; and send the URL to the first user device, wherein the URL is configured to be shared with the second user device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMUEL AMBAYE/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433