DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on November 11, 2024, is accepted.
Claims 1 – 20 are being considered on the merits.
Drawings
The drawings, filed on November 11, 2024, are accepted.
Specification
The specification, filed on November 11, 2024, is accepted.
Double Patenting
No rejection warranted at application’s initial filling time of filling for a patent.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20210377047 A1 to Haque et al., (hereinafter, “Haque”) in view of US 20170230823 A1 to Gupta et al., (hereinafter, “Gupta”).
Regarding claim 1, Haque teaches a method comprising: receiving, by a client device, a certificate signed by a certificate authority, [Haque, para. 50 discloses the identity certificate may be received. The identity certificate may be received from the certificate authority. The identity certificate may be received from the certificate authority, via the communication session.] the certificate including network selection credential information identifying a wireless network and stored in a certificate attribute of the certificate; [Haque, para. 45 discloses causing the IoT device to communicate with the certificate authority via the second communications network may comprise causing the IoT device to execute a certificate authority method. The certificate authority method may comprise establishing a communication session between the IoT device and the certificate authority. Establishing the communication session between the IoT device and the certificate authority may be based on the network credential. The certificate authority method may comprise generating a key pair, wherein the key pair comprises a public key and a private key. The key pair may be generated by the IoT device.], but Haque does not teach in response to enabling a supplicant, detecting the network selection credential information in the certificate and configuring a credential of the client device based on the network selection credential information; triggering automatic detection and selection of the wireless network using the using the credential configured with the network selection credential information; and authenticating with the wireless network using the credential.
However, Gupta does teach in response to enabling a supplicant, detecting the network selection credential information in the certificate and configuring a credential of the client device based on the network selection credential information; [Gupta, para. 41 discloses the signup and provisioning process begins at exchange 510 and exchange 512 where the mobile device uses the dependent SSID to authenticate and associate with hotspot 502. This process may use anonymous EAP-TLS with server side authentication. The credentials for mobile device 500 are verified against the home operator's HLR through the AAA server 506 as indicated by exchange 512.] triggering automatic detection and selection of the wireless network using the using the credential configured with the network selection credential information; [Gupta, para. 26 discloses when certificate based credentials are desired, the final exchange is slightly different than previously described in conjunction with exchange 224. When certificate based credentials are desired, after exchange 220 and exchange 222, a subscription management object identifying the credential created by exchange 220 and 222 is retrieved from OSU server 204. Finally, any TLS sessions are released.] and authenticating with the wireless network using the credential. [Gupta, para. 27 discloses Once mobile device 200 has the subscription management object, it dissociates from hotspot 202 as illustrated by 226. Finally, mobile device 200 associates with hotspot 202 using its SSID and the credentials identified in the subscription management object, as indicated by 228.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
Regarding claim 2, modified Haque teaches the method of claim 1, but Haque does not teach wherein the network selection credential information includes properties of a per-provider subscriber management object.
However, Gupta does teach wherein the network selection credential information includes properties of a per-provider subscriber management object. [Gupta, para. 24 discloses this information can form part of the credential section of a subscription management object. After this information has been determined, if the credentials are going to be a user name/password type (as opposed to certificate based or Subscriber Identity Module (SIM) type credentials), the credentials from the trust root AAA server 208 are retrieved and stored in a subscription management object and any TLS sessions are released]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
Regarding claim 3, modified Haque teaches the method of claim 1, but Haque does not teach wherein the certificate attribute comprises a universal resource name within a subject alternative name field.
However, Gupta does teach wherein the certificate attribute comprises a universal resource name within a subject alternative name field. [Gupta, para. 24 discloses the process typically begins with an initial exchange that allows mobile device 200 to make contact with OSU server 204 to start the process. During this initial exchange 216, the OSU typically provides a Universal Resource Identifier (URI) where subscription rates and other such information can be obtained. The initial exchange 216 also typically contains a command for mobile device 200 to launch a browser with the URI obtained from OSU server 204.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
Regarding claim 4, modified Haque teaches the method of claim 1, but Haque does not teach wherein the certificate is provided to an authentication service as part of an extensible authentication protocol-transport security layer (EAP-TLS) authentication.
However, Gupta does teach wherein the certificate is provided to an authentication service as part of an extensible authentication protocol-transport security layer (EAP-TLS) authentication. [Gupta, para. 21 discloses this process uses anonymous Extensible Authentication Protocol Transport Layer Security (EAP-TLS) with server side authentication and the 4-Way Handshake protocol as depicted. The credentials for mobile device 200 are verified against the home operator's HLR. As part of the initial association process, a Virtual Local Area Network (VLAN) identifier is passed to mobile device 200 to be used for online sign up and credential provisioning. Different VLAN configurations can be used for different mobile devices with different routing policies.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
As per claim 5, modified Haque teaches the method of claim 1, further comprising: receiving a second certificate signed by the certificate authority and associated with an authentication service, wherein the client device authenticates the second certificate to authenticate the client device to access the wireless network. [Haque, para. 41 discloses the first notification may comprise a network credential. The first notification may comprise a network credential associated with a second communications network (sometimes referred to as “the second network”). The first notification may comprise at least one of a device identifier associated with the IoT device, an account identifier associated with the IoT device, an authorization status associated with the IoT device, or a registration status associated with the IoT device. The first notification may comprise at least one of: an SSID associated with the second communications network or a password associated with the second communications network.]
As per claim 6, modified Haque teaches the method of claim 1, wherein the client device is headless. [Haque, para. 36 discloses the network device 106 may have a communications module 115, a configuration module 117, and an access control module 119. The communications module 115 may be configured to send and/or receive communications to/from other devices of the system 100. The communications module 115 may include one or more wireless interfaces, such as an 802.11 radio, a ZigBee radio, a Z-Wave radio, or a Bluetooth™ radio. The communications module 115 may be configured to send and/or receive network communications, such as broadcasting a wireless network and sending/receiving data to/from IoT devices associated with the network. The configuration module 117 may include software the network device 106 may use when configuring the headless IoT device to communicate with the network device 106.]
Regarding claim 7, modified Haque teaches the method of claim 1, but Haque does not teach wherein the certificate includes a realm associated with a certificate credential and a Passpoint attribute for enabling the automatic detection and selection of the wireless network.
However, Gupta does teach wherein the certificate includes a realm associated with a certificate credential and a Passpoint attribute for enabling the automatic detection and selection of the wireless network. [Gupta, para. 29 discloses the credential section 300 contains creation date 302, which represents the date on which the credential was either created or last updated. Expiration date 304, if present, represents the date the credentials expire. Realm 330 specifies the realm associated with the credential. A mobile device determines if it should be able to successfully authenticate to a hotspot by comparing the realms returned in the Access Network Query Protocol (ANQP) Network Access Identifier (NAI) Realm element during the initial network discovery phase with this realm. IEEE 802.11u capable mobile devices will query IEEE 802.11u capable hotspots for additional information using ANQP. This can include a request for an element called the NAI Realm list. The NAI Realm list includes one or more NAI Realms (defined according to RFC-4282) and optional EAP methods and authentication parameters to access associated with the realm.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
As per claim 8, modified Haque teaches the method of claim 1, wherein the network selection credential information is stored as the certificate attribute encoded as an Abstract Syntax Notation number one (ASN.1) string. [Haque, para. 66 discloses the certificate authority may complete the CSR and send, to the IoT device 104, a unique certificate such as an X.509 certificate. The certificate may comprise a structured, binary record. The certificate may comprise at least one key encoded using techniques known in the art such as standard Abstract Syntax Notation (ASN). The unique certificate may comprise identifiers such as a common name, an organization unit or the like or hashes thereof.]
Regarding claim 9, modified Haque teaches the method of claim 1, but Haque does not teach wherein automatic detection and selection of the wireless network is based on a Passpoint specification.
However, Gupta does teach wherein automatic detection and selection of the wireless network is based on a Passpoint specification. [Gupta, para. 18 discloses this may allow cellular-type network service providers that may already be implementing one or more of these protocols in their backend core networks to use the same servers and installed components to extend that functionality for servicing Wi-Fi networks. Para. 29 discloses The credential section 300 contains creation date 302, which represents the date on which the credential was either created or last updated. Expiration date 304, if present, represents the date the credentials expire. Realm 330 specifies the realm associated with the credential. A mobile device determines if it should be able to successfully authenticate to a hotspot by comparing the realms returned in the Access Network Query Protocol (ANQP) Network Access Identifier (NAI) Realm element during the initial network discovery phase with this realm. IEEE 802.11u capable mobile devices will query IEEE 802.11u capable hotspots for additional information using ANQP. This can include a request for an element called the NAI Realm list. The NAI Realm list includes one or more NAI Realms (defined according to RFC-4282) and optional EAP methods and authentication parameters to access associated with the realm.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gupta’s system with Haque’s system, with a motivation for the network forms the operational environment for secure online signup and provisioning of credentials according to some embodiments. In FIG. 1, mobile device 100 (sometimes referred to as User Equipment (UE), a Station (STA), or a wireless device) may be a Wi-Fi enabled device configured to associate with a Wi-Fi hotspot 102 and perform the various functions associated with secure online signup and provisioning. [Gupta, para. 15]
As per claim 10, modified Haque teaches the method of claim 1, wherein the network selection credential information is stored in the certificate based on a standard provided by a standards organization. [Haque, para. 19 discloses the authentication credentials map 156 stores a record of a relationship between a credential identifier 136 and authentication credentials 143. The authentication credentials map 156 can include a table, map, key-value store, or similar data structure. As previously discussed, authentication credentials 143 can include a combination of a username and password, a public-private authentication key pair, an authentication certificate, or other authentication mechanism that allows a user or application to authenticate with the certificate authority 139 (e.g., for the purpose of issuing or revoking a certificate).]
Regarding claims 11 – 20, they recite features similar to features within claims 1 – 20, therefore, they are rejected in a similar manner.
Conclusion
Pertinent prior art made of record however not relied upon:
US 20200195642 A1 to Liderman et al.
“Disclosed are various embodiments for delegating authentication to certificate authorities. A first request for a certificate is received from a client device. Then a certificate request can be created. The certificate request may include a credential identifier for a certificate authority. The credential identifier may uniquely identify an authentication credential to use to request the certificate from certificate authority. The certificate request can then be added to a message queue. Later, a second request from another computing device is received and the message stored in the message queue is provided in response. A certificate is then received from the other computing device and is provided to the client device in response to the first request.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/P.P./Patent Examiner, Art Unit 2408
/LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408