DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The following is a Non-Final Office Action in response to applicant’s filing on November 11, 2024. Claims 1-31 are pending, of which claims 1, 20 and 31 are in independent form.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 3 and 21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 3 recites “wherein the beacon comprises a capability bit indicating the support for that the WAP supports the in-band secure access protocol …” the specification does not provide sufficient support for the limitation “a capability bit”. (i.e., the determining that the WAP supports the in-band secure access protocol further includes detecting a broadcast of a beacon by the WAP, wherein the beacon comprises a capability bit indicating the support for the in-band secure access protocol, see paragraph [0128]). The specification does not describe structural placement of the “capability bit” within an IEEE 802.11 beacon frame nor the format of the capability bit. Further, the disclosure does not define as to haw a capability bit indicates that the WAP supports the in-band secure access protocol.
Further, claim 21 recites “wherein the broadcasting comprises broadcasting a beacon comprising a capability bit indicating that the WAP supports the in-band secure access protocol…” the specification does not provide sufficient support for the limitation “a capability bit”. (i.e., the determining that the WAP supports the in-band secure access protocol further includes detecting a broadcast of a beacon by the WAP, wherein the beacon comprises a capability bit indicating the support for the in-band secure access protocol, see paragraph [0128]). The specification does not describe structural placement of the “capability bit” within an IEEE 802.11 beacon frame nor the format of the capability bit. Further, the disclosure does not define as to haw a capability bit indicates that the WAP supports the in-band secure access protocol.
The level of detail required to satisfy the written description requirement varies depending on the nature and scope of the claims and on the complexity and predictability of the relevant technology. Ariad, 598 F.3d at 1351, 94 USPQ2d at 1172; Capon v. Eshhar, 418 F.3d 1349, 1357-58, 76 USPQ2d 1078, 1083-84 (Fed. Cir. 2005). Computer-implemented inventions are often disclosed and claimed in terms of their functionality. For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 682. 114 USPQ2d 1349, 1356 (citing Ariad Pharm., Inc. V. Eli Lilly & Co, 598 F.3d 1336, 1351, 94 USPQ2d 1161, 1172 (Fed. Cir. 2010) in the context of determining possession of a claimed means of accessing disparate databases).
The same reasons apply to independent claims 13 and 18, and dependent claims 2-12, 14-17, and 19-20 by virtue of dependency to their independent claims.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 3 and 21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 3 is rejected as being indefinite. The claim recites “wherein the beacon comprises a capability bit indicating the support for that the WAP supports the in-band secure access protocol …”, but the claim does not define as to haw a capability bit indicates that the WAP supports the in-band secure access protocol. Further, it is unclear structural placement of the “capability bit” within an IEEE 802.11 beacon frame nor the format of the capability bit. Absent such structural boundaries, a person of ordinary skill in the art cannot determine, with reasonable certainty, what constitutes the claimed “capability bit”, rendering the scope of the claim unclear.
Claim 21 is rejected as being indefinite. The claim recites “wherein the beacon comprises a capability bit indicating the support for that the WAP supports the in-band secure access protocol …”, but the claim does not define as to haw a capability bit indicates that the WAP supports the in-band secure access protocol. Further, it is unclear structural placement of the “capability bit” within an IEEE 802.11 beacon frame nor the format of the capability bit. Absent such structural boundaries, a person of ordinary skill in the art cannot determine, with reasonable certainty, what constitutes the claimed “capability bit”, rendering the scope of the claim unclear.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-16, 19-28, and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Pularikkal et al. (US 2017/0230905 A1), hereinafter Pularikkal in view of Garcia et al. (US 2017/0359326 A1), hereinafter Garcia.
In regards to claim 1, Pularikkal discloses the computer-implemented method, comprising: determining, by a client computing device, that a wireless access point (WAP) supports an in-band secure access protocol to connect to a wireless network hosted by a server (Pularikkal, Para. 0027, the solutions provided by the systems and methods described herein can push a profile to a given UE in a secured manner such that a secured communication link (e.g., via secured SSID 122) can be established between the UE and a given Wi-Fi AP for exchanging GAS messaging), wherein the in-band secure access protocol comprises establishing an initial network connection to exchange subscription data to connect to the wireless network (Pularikkal, Para. 0040, beginning at 202, it is assumed that UE 102 is within the coverage area of Wi-Fi AP 112, does not have a Hotspot 2.0 profile installed and begins an 802.11 association procedure with the open SSID 120 of Wi-Fi AP 112. As prescribed by IEEE 802.11, association procedures carried out between a UE and Wi-Fi AP are used to establish an AP/UE mapping that enables UE invocation of system services);
exchanging the subscription data with the server over the initial network connection (Pularikkal, Para. 0043, an exchange is performed with SPR 140 to perform a lookup of the username and password (UN/PW) for the subscriber associated with UE 102 against the subscription ID of the subscriber. In various embodiments, a subscription ID for a subscriber can include an IMSI or the like, which can be any unique identifier used by a service provider to identify a subscriber to track billing information and/or other Operational Support System (OSS)/Business Support System (BSS) to support end-to end services for UE, which corresponds to exchange with SPR to look up UN/PW against subscription ID); and completing the in-band secure access protocol by downloading (Pularikkal, Para. 0054, the Advertisement Protocol ID for the GAS Initial Response can be configured with a VSIE set to indicate an ANQPR including the Hotspot 2.0 profile for the UE. At 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID), from the WAP and over the initial network connection, a subscription file, wherein the subscription file is based on the subscription data (Pularikkal, Para. 0054, the Advertisement Protocol element and Advertisement Protocol ID for the GAS Initial Response can be formatted as shown in TABLES 2-4; however, the Advertisement Protocol ID for the GAS Initial Response can be configured with a VSIE set to indicate an ANQPR including the Hotspot 2.0 profile for the UE. At 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID), and wherein the subscription file enables the client computing device to establish an encrypted and trusted network connection over the wireless network (Pularikkal, Para. 0079, during a provisioning (e.g., onboarding) phase between a given UE and a Wi-Fi AP of a Hotspot 2.0 network, an anonymous client Authentication and Key Management (AKM) procedure as discussed in Passpoint Release 2.0 can be leveraged to facilitate secure GAS messaging exchanges between the UE and the Wi-Fi AP in accordance with one potential embodiment).
Pularikkal does not explicitly disclose receiving, by the client computing device from the WAP, a temporary login credential and an authentication protocol for the server; utilizing the temporary login credential and the authentication protocol to establish the initial network connection with the WAP;
However, Garcia teaches receiving, by the client computing device from the WAP, a temporary login credential and an authentication protocol for the server (Garcia, Para. 0037, a WAP accepting issuing-entity credentials, e.g., only during specific times, such as during sporting events or concerts, is considered to have a state of partial visitability. In another example, a WAP on an aircraft, such as GOGO INFLIGHT, may provide at least one of network service, network connectivity, or network visitability only during specific portions of a flight, e.g., cruise flight or when the aircraft is at an altitude above 10,000 feet) and (Garcia, Para. 0038, a terminal receiving network service from a network access point providing a state of full visitability can use that network service, e.g., via a WIFI network, instead of a cellular network whenever the type of network transmission permit); utilizing the temporary login credential and the authentication protocol to establish the initial network connection with the WAP (Garcia, Para. 0038, a terminal receiving network service from a network access point providing a state of full visitability can use that network service, e.g., via a WIFI network, instead of a cellular network whenever the type of network transmission permit);
Pularikkal and Garcia are both considered to be analogous to the claim invention because they are in the same field of a secure initial access via a wireless access point by a client device to the server. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include receiving, by the client computing device from the WAP, a temporary login credential and an authentication protocol for the server (Garcia, Para. 0037); utilizing the temporary login credential and the authentication protocol to establish the initial network connection with the WAP (Garcia, Para. 0038). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 2, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, further comprising: subsequent to the downloading of the subscription file, disconnecting the initial network connection; and establishing, based on the subscription file, the encrypted and trusted network connection (Pularikkal, Para. 0054, at 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID. At 226, UE 102 associates to the secure SSID 122 of Wi-Fi AP 112 leveraging the UN/PW credentials from the Hotspot 2.0 profile) and (Pularikkal, Para. 0038, SPR 140 can contain subscriber/subscription related information such as, for example, username and password needed for subscription-based policies (e.g., Hotspot 2.0 access) and IP-connectivity access network (IP-CAN) bearer level PCC rules implemented by the policy server 134).
In regards to claim 3, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, wherein the determining that the WAP supports the in-band secure access protocol further comprises: detecting a broadcast of a beacon by the WAP (Garcia, Para. 0047, NAP 104 is a WAP having antenna 106 and providing wireless network service. For example, NAP 104 can host a local network 108, e.g., an Ethernet or WIFI local-area network (LAN)), wherein the beacon comprises a capability bit indicating the support for that the WAP supports the in-band secure access protocol (Garcia, Para. 0080, request module 302 can determine the first destination based on a beacon packet, e.g., transmitted by WAP 202. For example, request module 302 can receive an address of WAP 202, e.g., in a beacon packet, and determine the first destination to be the received address).
Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include wherein the determining that the WAP supports the in-band secure access protocol further comprises: detecting a broadcast of a beacon by the WAP (Garcia, Para. 0047), wherein the beacon comprises a capability bit indicating the support for that the WAP supports the in-band secure access protocol (Garcia, Para. 0080). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 4, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, further comprising: sending, to the WAP, a request for an access network query protocol (ANQP) element (Pularikkal, Para. 0047, UE 102 requests its Hotspot 2.0 profile via AP/WLC 112/114 using a GAS Initial Request frame having a VSIE set to indicate an ANQP query for the Hotspot 2.0 profile for the UE), and wherein the receiving of the temporary login credential and the authentication protocol comprises receiving the ANQP element in response to the request for the ANQP element (Pularikkal, Para. 0053, at 222, AP/WLC 112/114 responds with a GAS Initial Response frame having a VSIE set to indicate an ANQP query response (ANQPR) including the Hotspot 2.0 profile for the UE) and (Pularikkal, Para. 0065, the systems and methods disclosed herein can provide solutions to dynamically push Hotspot profiles and credentials over the 802.11u GAS framework using ANQP).
In regards to claim 5, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 4, wherein the ANQP element further comprises one of a public key certificate issued by a root certificate authority (Root CA certificate) configured to sign a server certificate, or a hash of a globally trusted Root CA certificate configured for web browsing (Pularikkal, Para. 0015, a Hotspot profile for a given Hotspot 2.0 network can include a username (UN) and a password (PW) for a subscriber, a Root certificate for the Hotspot 2.0 network and other parameters associated) and (Pularikkal, Para. 0026, the GAS transport framework can be used to transport Access Network Query Transport Protocol (ANQP) messages to facilitate messaging exchanges between a given UE (e.g., UE 102) and a given Wi-Fi AP (e.g., Wi-Fi AP 112) and a WLC (e.g., WLC 114) to push a HS 2.0 profile to the UE) and (Pularikkal, Para. 0027, alternatively, in another potential embodiment, a server certificate based authentication approach can be leveraged to build a secure tunnel that can facilitate secure GAS messaging exchanges between a UE and a Wi-Fi AP of a Hotspot 2.0 network.).
In regards to claim 6, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 4, wherein the determining that the WAP supports the in-band secure access protocol is based on the received ANQP element (Pularikkal, Para. 0026, systems and methods discussed for the various embodiments described herein can leverage VSIE, as described in IEEE 802.11u, using the GAS messaging transport framework to push a HS 2.0 profile to a UE that seeking to connect to a HS 2.0 network in order to onboard the UE to the network. In particular, the GAS transport framework can be used to transport Access Network Query Transport Protocol (ANQP) messages to facilitate messaging exchanges between a given UE (e.g., UE 102) and a given Wi-Fi AP (e.g., Wi-Fi AP 112) and a WLC (e.g., WLC 114) to push a HS 2.0 profile to the UE) and (Pularikkal, Para. 0053, at 222, AP/WLC 112/114 responds with a GAS Initial Response frame having a VSIE set to indicate an ANQP query response (ANQPR) including the Hotspot 2.0 profile for the UE).
In regards to claim 7, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 6, wherein the determining that the WAP supports the in-band secure access protocol is performed subsequent to determining that one or more authentication credentials stored at the client computing device do not match the received ANQP element (Pularikkal, Para. 0070, upon determining that the authentication has failed, the UE tries to re-associate to the Wi-Fi AP 112 using an anonymous client AKM based authentication at 524. The re-association is not shown in FIG. 5. At 526, UE 102 requests its Hotspot 2.0 profile via AP/WLC 112/114 using a GAS Initial Request having a VSIE set to indicate an ANQP query for the Hotspot 2.0 profile for the UE. The Request at 526 for the embodiment of FIG. 5 can follow the same formatting as described above for the request at 220 for the embodiment of FIG. 2. At 528, AP/WLC 112/114 responds with a GAS Initial Response frame having a VSIE set to indicate an ANQP query response including the new Hotspot 2.0 profile for the UE. The GAS Initial Response frame can follow the formatting as prescribed by 802.11u in which the VSIE can be included in an Advertisement Protocol element for the GAS Initial Response frame) and (Pularikkal, Para. 0073, at least one memory element 606 and/or storage 608 can be configured to store one or more SSID(s); one or more Basic Service Set Identifiers (BSSID(s)); one or more Extended Service Set Identifiers (ESSID(s)); one or more certificates; one or more usernames and/or passwords; one or more Hotspot 2.0 profile(s) for the subscriber associated with the UE (e.g., for different Hotspot networks)).
In regards to claim 8, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 4, wherein the utilizing of the temporary login credential and the authentication protocol for the server to establish the initial network connection further comprises: generating, by the client computing device and based on the received ANQP element (Pularikkal, Para. 0047, UE 102 requests its Hotspot 2.0 profile via AP/WLC 112/114 using a GAS Initial Request frame having a VSIE set to indicate an ANQP query for the Hotspot 2.0 profile for the UE), a temporary extensible authentication protocol (EAP) configuration comprising (Pularikkal, Para. 0018, upgrade their Wi-Fi access networks to Passpoint; if a client certificate and/or username/password based authentication approach such as EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), as defined in Internet Engineering Task Force (IETF) Request For Comments (RFC) 5216, or EAP-TTLS (EAP-Tunneled TLS), as defined in IETF RFC 5281, is adopted by a SP or Enterprise for a Hotspot 2.0 Passpoint deployment): (i) a Service Set Identifier (SSID) for the wireless access point (Pularikkal, Para. 0021, Wi-Fi AP 112 can be configured with at least one open Service Set Identifier (SSID) 120 to which a Wi-Fi device (e.g., UE 102) can attach to perform one or more operations over an unsecured connection and at least one secure SSID 122 to which a Wi-Fi device can attach to perform one or more operations over a secured connection. In at least one embodiment) and (Pularikkal, para. 0054), (ii) the authentication protocol (Pularikkal, Para. 0018, if a client certificate and/or username/password-based authentication approach such as EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), as defined in Internet Engineering Task Force (IETF) Request for Comments (RFC) 5216, or EAP-TTLS (EAP-Tunneled TLS)), (iii) a server certificate (Pularikkal, Para. 0027, a server certificate based authentication approach can be leveraged to build a secure tunnel that can facilitate secure GAS messaging exchanges between a UE and a Wi-Fi AP of a Hotspot 2.0 network), (iv) a server domain name (Pularikkal, Para. 0045, a profile template can be configured to include a set of parameters common to a specific group (e.g., subscribers of a service provider or a subset of subscribers of a service provider) and can include parameters such as, but not limited to: Domain Name,), and (v) the temporary login credential (Pularikkal, Para. 0067, at 504, it is assumed that the SP allows the subscriber to update their UN/PW credentials after the subscriber's authenticity is verified); and utilizing the temporary EAP configuration to establish the initial network connection (Pularikkal, para. 0054, at 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID. At 226, UE 102 associates to the secure SSID 122 of Wi-Fi AP 112 leveraging the UN/PW credentials from the Hotspot 2.0 profile).
In regards to claim 9, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, further comprising: requesting, by the client computing device, user confirmation to connect to the wireless network, and wherein the establishing of the initial network connection is performed upon receiving the user confirmation (Pularikkal, Para. 0041, at 204, UE 102 is redirected to the SP portal system 132 for consent to access the SP Hotspot 2.0 network 110. Although not explicitly illustrated in FIG. 1, it should be understood that the redirect traverses WLC 114 and WAG 136 toward SP portal system 132. It is assumed for the embodiment of FIG. 2 that the user (e.g., subscriber) associated with UE 102 provides consent to participate in the Hotspot network via Passport consent GUI 144. In various embodiments, consent can be provided by a user checking a GUI box, entering one or more character(s), responding to a prompt, clicking a GUI button, combinations thereof or the like).
In regards to claim 10, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 9, wherein the requesting of the user confirmation further comprises: providing, by a display of the client computing device, a temporary identifier indicative of the wireless network, and an associated user interface element to receive the user confirmation (Pularikkal, Para. 0040, it is assumed that UE 102 is within the coverage area of Wi-Fi AP 112, does not have a Hotspot 2.0 profile installed and begins an 802.11 association procedure with the open SSID 120 of Wi-Fi AP 112. As prescribed by IEEE 802.11, association procedures carried out between a UE and Wi-Fi AP are used to establish an AP/UE mapping that enables UE invocation of system services) and (Pularikkal, Para. 0021, a subscriber profile repository (SPR) 140 and SP managed services 142. SP portal system 132 can be a server or other computing device, which can be configured to provide a Passpoint consent Graphical User Interface (GUI) 144 via a web page, pop-up or other GUI which can receive inputs from a user and/or provide information and/or prompts to the user).
In regards to claim 11, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, wherein subsequent to the establishing of the initial network connection (Garcia, Para. 0029, “network service” refers to a connection between a computing device and a network access point, such as a WAP or an Ethernet switch, via which data can be transmitted. For example, a WIFI client can receive network service by associating with a WAP), the client computing device is redirected to a captive portal associated with the server (Garcia, Para. 0065, router 204 can direct traffic from a not-yet-authorized computing device 102(N) to a portal server 206) and (Garcia, Para. 0065, one per hotspot, and likewise throughout the document) can whitelist portal server 206 from multiple hotspots. This can permit a single portal server 206 to provide captive-portal content or functions to multiple WAPs 202). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include wherein subsequent to the establishing of the initial network connection (Garcia, Para. 0029), the client computing device is redirected to a captive portal associated with the server (Garcia, Para. 0065) and (Garcia, Para. 0065).
Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 12, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 11, wherein the captive portal comprises one or more of a payment portal, a registration portal, an identification portal, or a terms and conditions (T&C) portal (Garcia, Para. 0031, a captive-portal interface before providing network connectivity to destinations other than those controlled by the hotel. As used herein, “whitelisted” servers or protocols are servers or protocols to which a walled-garden or captive-portal implementation permits access, e.g., without requiring credentials such as a hotel room number, a username and password, or other authorization information). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include wherein the captive portal comprises one or more of a payment portal, a registration portal, an identification portal, or a terms and conditions (T&C) portal (Garcia, Para. 0031). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 13, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 11, wherein the exchanging of the subscription data further comprises: verifying, over the initial network connection, a server certificate associated with the server (Pularikkal, Para. 0027, a server certificate based authentication approach can be leveraged to build a secure tunnel that can facilitate secure GAS messaging exchanges between a UE and a Wi-Fi AP of a Hotspot 2.0 network); launching, by a browser application (Pularikkal, Para. 0021, SP portal system 132 can be a server or other computing device, which can be configured to provide a Passpoint consent Graphical User Interface (GUI) 144 via a web page), a limited web browser that loads a content of the captive portal (Pularikkal, Para. 0017, one current mechanism involves redirecting a user to a portal where the user signs up for the service); and providing, by the client computing device , the content of the captive portal (Pularikkal, Para. 0017), wherein the content comprises one or more subscription tasks to be completed by a user of the client computing device (Pularikkal, Para. 0017, one current mechanism involves redirecting a user to a portal where the user signs up for the service. The user is then redirected to a link to download their profile onto their UE. Once downloaded, the user has to manually activate on the UE by installing the profile. Rather than downloading the profile, one option may include emailing the profile to the user/UE but this also requires the user to manually install the profile and could impose security risks to the user/U), it is noted that the claim does not explicitly labeled as “captive portal”, however, functionally supported.
detecting, by the client computing device, a type of the captive portal (Garcia, Para. 0233, for example, even if the user is not using a Web browser and therefore is not interacting with a captive portal, a depiction of a gate can indicate to the user that opening a Web browser to interact with a captive portal should readily correct network-connectivity failures, and a depiction of a roaming consortium's logo). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include detecting, by the client computing device, a type of the captive portal (Garcia, Para. 0233). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 14, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 13, wherein the subscription file comprises a trust certificate, and the method further comprises (Pularikkal, Para. 0015, Hotspot profile for a given Hotspot 2.0 network can include a username (UN) and a password (PW) for a subscriber, a Root certificate for the Hotspot 2.0 network and other parameters associated with the network including, but not limited to: Quality of Service (QoS) information, subscription information, network accounting, authentication and/or authorization information): receiving an indication of user completion of the one or more subscription tasks (Pularikkal, Para. 0041, consent can be provided by a user checking a GUI box, entering one or more character(s), responding to a prompt, clicking a GUI button, combinations thereof or the like); in response to the user completion of the one or more subscription tasks (Pularikkal, Paras. 0041-0042), downloading, from the server, the trust certificate for the client computing device based on one or more of a version of a browser application or an operating system of the client computing device (Pularikkal, Para. 0041, at 206, SP portal system 132 sends an indication of the consent to policy server 134 to activate Hotspot 2.0 access for the UE. The request can include the MAC address of the UE. At 208, the policy server performs a look-up on the UE MAC address and generates a RADIUS Change of Authorization (CoA) request for Hotspot 2.0 activation for the UE and sends the RADIUS CoA to AAA server 138); and installing the downloaded trust certificate onto the client computing device (Pularikkal, Para. 0054, at 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID. At 226, UE 102 associates to the secure SSID 122 of Wi-Fi AP 112 leveraging the UN/PW credentials from the Hotspot 2.0 profile), and wherein the encrypted and trusted network connection is based on the downloaded trust certificate (Pularikkal, Para. 0027, during a provisioning (e.g., onboarding) phase between a given UE and a Wi-Fi AP of a Hotspot 2.0 network, an anonymous client Authentication and Key Management (AKM) procedure as discussed in Passpoint Release 2.0 can be leveraged to facilitate secure GAS messaging exchanges between the UE and the Wi-Fi AP in accordance with one potential embodiment. Alternatively, in another potential embodiment, a server certificate-based authentication approach can be leveraged to build a secure tunnel that can facilitate secure GAS messaging exchanges between a UE and a Wi-Fi AP of a Hotspot 2.0 network).
In regards to claim 15, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 14, wherein the trust certificate comprises one of a profile trust certificate or a subscription trust certificate (Pularikkal, Para. 0015, a client certificate can generally be referred to as ‘credentials’, which can be used to authenticate and associate the subscriber's UE in a Wi-Fi access network).
In regards to claim 16, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, wherein the authentication protocol comprises a server authentication protocol and a phase-2 protocol (Pularikkal, Para. 0018, as defined in Internet Engineering Task Force (IETF) Request For Comments (RFC) 5216, or EAP-TTLS (EAP-Tunneled TLS), as defined in IETF RFC 5281, is adopted by a SP or Enterprise for a Hotspot 2.0 Passpoint deployment).
In regards to claim 19, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 1, wherein the wireless network is one of an Enterprise or a Passpoint network (Pularikkal, para. 0014, the original intent of the Hotspot (HS) 2.0 initiative by the Wi-Fi Alliance and the corresponding specifications and certification programs (e.g., Passpoint™) was to significantly improve end user experience and make an end user's experience as seamless as possible when connected to HS 2.0 networks).
In regards to claim 20, Pularikkal discloses a computer-implemented method, comprising: broadcasting, by a wireless access point (WAP) (Pularikkal, Para. 0021), that the WAP supports an in-band secure access protocol to connect to a wireless network hosted by a server (Pularikkal, Para. 0027, the solutions provided by the systems and methods described herein can push a profile to a given UE in a secured manner such that a secured communication link (e.g., via secured SSID 122) can be established between the UE and a given Wi-Fi AP for exchanging GAS messaging), wherein the in-band secure access protocol comprises establishing an initial network connection to exchange subscription data to connect to the wireless network (Pularikkal, Para. 0040, beginning at 202, it is assumed that UE 102 is within the coverage area of Wi-Fi AP 112, does not have a Hotspot 2.0 profile installed and begins an 802.11 association procedure with the open SSID 120 of Wi-Fi AP 112. As prescribed by IEEE 802.11, association procedures carried out between a UE and Wi-Fi AP are used to establish an AP/UE mapping that enables UE invocation of system services); enabling the exchange of the subscription data between the client computing device and the server over the initial network connection (Pularikkal, Para. 0043, an exchange is performed with SPR 140 to perform a lookup of the username and password (UN/PW) for the subscriber associated with UE 102 against the subscription ID of the subscriber. In various embodiments, a subscription ID for a subscriber can include an IMSI or the like, which can be any unique identifier used by a service provider to identify a subscriber to track billing information and/or other Operational Support System (OSS)/Business Support System (BSS) to support end-to end services for UE, which corresponds to exchange with SPR to look up UN/PW against subscription ID); and completing the in-band secure access protocol by providing, over the initial network connection (Pularikkal, Para. 0054, the Advertisement Protocol ID for the GAS Initial Response can be configured with a VSIE set to indicate an ANQPR including the Hotspot 2.0 profile for the UE. At 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID), a subscription file for download by the client computing device, wherein the subscription file is based on the subscription data(Pularikkal, Para. 0054, the Advertisement Protocol element and Advertisement Protocol ID for the GAS Initial Response can be formatted as shown in TABLES 2-4; however, the Advertisement Protocol ID for the GAS Initial Response can be configured with a VSIE set to indicate an ANQPR including the Hotspot 2.0 profile for the UE. At 224, UE 102 installs the Hotspot 2.0 profile and disconnects from the open SSID), and wherein the subscription file enables the client computing device to establish an encrypted and trusted network connection over the wireless network (, Para. 0079, during a provisioning (e.g., onboarding) phase between a given UE and a Wi-Fi AP of a Hotspot 2.0 network, an anonymous client Authentication and Key Management (AKM) procedure as discussed in Passpoint Release 2.0 can be leveraged to facilitate secure GAS messaging exchanges between the UE and the Wi-Fi AP in accordance with one potential embodiment).
Pularikkal does not explicitly disclose sending, by the WAP to a client computing device, a temporary login credential and an authentication protocol for the server; enabling, by the WAP, the client computing device to utilize the temporary login credential and the authentication protocol to establish the initial network connection with the WAP;
However, Garcia teaches sending, by the WAP to a client computing device, a temporary login credential and an authentication protocol for the server; enabling, by the WAP (Garcia, Para. 0037, a WAP accepting issuing-entity credentials, e.g., only during specific times, such as during sporting events or concerts, is considered to have a state of partial visitability. In another example, a WAP on an aircraft, such as GOGO INFLIGHT, may provide at least one of network service, network connectivity, or network visitability only during specific portions of a flight, e.g., cruise flight or when the aircraft is at an altitude above 10,000 feet) and (Garcia, Para. 0038, a terminal receiving network service from a network access point providing a state of full visitability can use that network service, e.g., via a WIFI network, instead of a cellular network whenever the type of network transmission permit), the client computing device to utilize the temporary login credential and the authentication protocol to establish the initial network connection with the WAP (Garcia, Para. 0038, a terminal receiving network service from a network access point providing a state of full visitability can use that network service, e.g., via a WIFI network, instead of a cellular network whenever the type of network transmission permit);
Pularikkal and Garcia are both considered to be analogous to the claim invention because they are in the same field of a secure initial access via a wireless access point by a client device to the server. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include sending, by the WAP to a client computing device, a temporary login credential and an authentication protocol for the server; enabling, by the WAP (Garcia, Para. 0037) and (Garcia, Para. 0038), the client computing device to utilize the temporary login credential and the authentication protocol to establish the initial network connection with the WAP (Garcia, Para. 0038). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 21, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 20, wherein the broadcasting comprises broadcasting a beacon comprising a capability bit indicating the support for that the WAP supports the in-band secure access protocol (Garcia, Para. 0047, NAP 104 is a WAP having antenna 106 and providing wireless network service. For example, NAP 104 can host a local network 108, e.g., an Ethernet or WIFI local-area network (LAN)) and (Garcia, Para. 0080, request module 302 can determine the first destination based on a beacon packet, e.g., transmitted by WAP 202. For example, request module 302 can receive an address of WAP 202, e.g., in a beacon packet, and determine the first destination to be the received address).
Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include the computer-implemented method of claim 20, wherein the broadcasting comprises broadcasting a beacon comprising a capability bit indicating the support for that the WAP supports the in-band secure access protocol (Garcia, Para. 0047) and (Garcia, Para. 0080). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
In regards to claim 22, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 20, further comprising: receiving, from the client computing device, a request for an access network query protocol (ANQP) element (Pularikkal, Para. 0047, UE 102 requests its Hotspot 2.0 profile via AP/WLC 112/114 using a GAS Initial Request frame having a VSIE set to indicate an ANQP query for the Hotspot 2.0 profile for the UE. IEEE 802.11u standards define that a GAS Initial Request frame (e.g., message) can be sent by a requesting station (STA) to request information from another STA. A station can be a UE or a Wi-Fi AP), and wherein the sending of the temporary login credential and the authentication protocol comprises sending the ANQP element in response to the request for the ANQP element (Pularikkal, Para. 0047, the GAS Initial Response frame can follow the formatting as prescribed by 802.11u in which the VSIE can be included in an Advertisement Protocol element for the GAS Initial Response frame).
Regarding claim 23, the claim is interpreted and rejected for the same rational set forth
in claim 5.
Regarding claim 24, the claim is interpreted and rejected for the same rational set forth
in claim 8.
Regarding claim 25, the claim is interpreted and rejected for the same rational set forth
in claim 11.
In regards to claim 26, the combination of Pularikkal in view of Garcia teaches the computer-implemented method of claim 25, wherein the subscription file comprises a trust certificate, and wherein the completing of the in-band secure access protocol further comprises (Pularikkal, Para. 0015, a Hotspot profile for a given Hotspot 2.0 network can include a username (UN) and a password (PW) for a subscriber, a Root certificate for the Hotspot 2.0 network and other parameters associated with the network including): receiving, by the WAP, an indication that one or more subscription tasks at the captive portal have been completed by a user of the client computing device (Pularikkal, Para. 0041, a, FIG. 2 that the user (e.g., subscriber) associated with UE 102 provides consent to participate in the Hotspot network via Passport consent GUI 144); providing, by the WAP and to the client computing device and over the initial network connection (Pularikkal, Para. 0045, operations at 214 can include WLC 114 determining an appropriate profile template for UE 102 based on one or more of the subscriber ID associated with the UE and/or one or more credentials for the UE and generating an appropriate Hotspot 2.0 profile for the UE including the UN/PW for the subscriber/UE and the set of parameters common to the group of subscribers to which the subscriber/UE belongs), the trust certificate for download and installation by the client computing device (Pularikkal, Para. 0017, allows the download of profile and credentials to a customer's UE), the trust certificate having been generated by the server (Pularikkal, Para. 0027, a server certificate based authentication approach can be leveraged to build a secure tunnel that can facilitate secure GAS messaging exchanges between a UE and a Wi-Fi AP of a Hotspot 2.0 network), receiving, by the WAP and over the initial network connection, an indication that the client computing device has been authenticated by the server based on the trust certificate (Pularikkal, Para. 0067, At 504, it is assumed that the SP allows the subscriber to update their UN/PW credentials after the subscriber's authenticity is verified); and enabling the establishing of the encrypted and trusted network connection over the wireless network (Pularikkal, Para. 0027, the solutions provided by the systems and methods described herein can push a profile to a given UE in a secured manner such that a secured communication link (e.g., via secured SSID 122) can be established between the UE and a given Wi-Fi AP for exchanging GAS messaging).
wherein the trust certificate is based on one or more of a version of a browser application or an operating system of the client computing device (Garcia, Para. 0052, the portal server can include, a Web server responding to queries by providing content of a captive-portal Web page. The portal server can also communicate with NAP 104 to control the network connectivity provided to a particular computing device 102. For example, when a user provides valid credentials to a portal server via a computing device 102, the portal server can direct NAP 104 to provide a selected state of network connectivity, e.g., full connectivity, to the corresponding computing device 102); Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal to incorporate the teachings of Garcia to include wherein the trust certificate is based on one or more of a version of a browser application or an operating system of the client computing device (Garcia, Para. 0052). Doing so would aid to Select a network to use for data connections based at least in part on a state of network visitability may reduce the occurrence of dropped or interrupted network connections, or may permit the user to use network services without interruption by, e.g., captive-portal user interfaces (UIs)( Garcia, Para. 0065).
Regarding claim 27, the claim is interpreted and rejected for the same rational set forth
in claim 15.
Regarding claim 28, the claim is interpreted and rejected for the same rational set forth
in claim 16.
Regarding claim 31, the claim is interpreted and rejected for the same rational set forth
in claim 1.
Claims 17-18, and 29-30 are rejected under 35 U.S.C. 103 as being unpatentable over Pularikkal et al. (US 2017/0230905 A1), hereinafter Pularikkal in view of Garcia et al. (US 2017/0359326 A1), hereinafter Garcia and further in view of Potter et al. (US 2007/0118883 A1), hereinafter Potter.
In regards to claim 17, the combination of Pularikkal in view of Garcia does not explicitly teach the computer-implemented method of claim 16, wherein the server authentication protocol comprises an extensible authentication protocol (EAP) with a secure sockets layer (SSL) around diameter type length values (TLVs), and the phase-2 protocol comprises a challenge handshake authentication protocol.
However, Potter teaches the computer-implemented method of claim 16, wherein the server authentication protocol comprises an extensible authentication protocol (EAP) with a secure sockets layer (SSL) around diameter type length values (TLVs) (Potter, Para. 0011, type-length-value triplets (TLVs) are now used inside tunneled EAP methods to create sequences of EAP methods. This approach is required because the EAP specification states that top-level EAP methods cannot be chained. Hence an EAP method only receives an EAP-TLV, and a sequence of methods occurs conceptually “inside” the EAP-TLV exchange) and (Potter, Para. 0072), and the phase-2 protocol comprises a challenge handshake authentication protocol (Potter, Para. 0008, the inside method may comprise Microsoft Challenge-Authentication Protocol (MS-CHAP)).
Pularikkal and Garcia and Potter are all considered to be analogous to the claim invention because they are in the same field of a secure initial access via a wireless access point by a client device to the server. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal and Garcia to incorporate the teachings of Potter to include wherein the server authentication protocol comprises an extensible authentication protocol (EAP) with a secure sockets layer (SSL) around diameter type length values (TLVs) (Potter, Para. 0011) and (Potter, Para. 0072), and the phase-2 protocol comprises a challenge handshake authentication protocol (Potter, Para. 0008). Doing so would aid to allow the AAA server to query the supplicant about its identity and capabilities before expending server resources on actually performing an authentication conversation. As a result, the techniques herein can result in fewer wasted server CPU cycles involved in processing authentication requests that ultimately will fail (Potter, Para. 0074).
In regards to claim 18, the combination of Pularikkal and Garcia in view of Potter teaches the computer-implemented method of claim 16, wherein the server authentication protocol comprises an extensible authentication protocol (EAP) with a secure sockets layer (SSL) around the EAP (Potter, Para. 0011, a conventional outer EAP method conversation is performed to establish a secure tunnel between the supplicant 104 and the authentication server 120. Within the secure tunnel, in step 232 a capability assertion conversation is performed as shown in step 208 to step 222, inclusive, of FIG. 2A-FIG. 2B), and the phase-2 protocol comprises a generic token card (GTC) (Potter, Para. 0008, for example, the outer method may be EAP-PEAP and the inside method may comprise EAP GTC, in which the user uses a cryptographic token card to supply a user credential, or the inside method may comprise Microsoft Challenge-Authentication Protocol (MS-CHAP)). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Pularikkal and Garcia to incorporate the teachings of Potter to include wherein the server authentication protocol comprises an extensible authentication protocol (EAP) with a secure sockets layer (SSL) around the EAP (Potter, Para. 0011), and the phase-2 protocol comprises a generic token card (GTC) (Potter, Para. 0008). Doing so would aid to allow the AAA server to query the supplicant about its identity and capabilities before expending server resources on actually performing an authentication conversation. As a result, the techniques herein can result in fewer wasted server CPU cycles involved in processing authentication requests that ultimately will fail (Potter, Para. 0074).
Regarding claim 29, the claim is interpreted and rejected for the same rational set forth
in claim 17.
Regarding claim 30, the claim is interpreted and rejected for the same rational set forth
in claim 18.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571)272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GITA FARAMARZI/Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496