DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Remarks
Pending claims for reconsideration are claims 1-17, and 19-21. Applicant has
Amended claims 1-2, 9, 11, 16-17, and 19-20. 
Canceled claim 18. 
Added new claim 21.


Allowable Subject Matter
Claims 3-11, 19 and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claim 3, closest prior art of record Meenan discloses the home-networking gateway associates each device with it IP address or MAC address    (Meenan, Col 5:64-67 to Col 6: 1-17). Newly cited prior art Joslyn (2011/0302252 A1), discloses a device MAC address is received at a Network Manager Node which requires an AP association, a broadcast message is transmitted to all the AP and a reply message is received form an AP indicating association with device (Fig. 7).
But the prior arts of record alone or in combination fails to teach or suggest the claimed limitation of claim 3 “…determining the MAC address to be unassociated with the device when the mapping fails to map the device address to the MAC address; and determining the identifying information fails to fall within the trusted domain when the MAC address is unassociated with the device” along with other limitations of claim 3. Note: claims 4-8, depend on claim 3.

Regarding claim 9, the closest primary prior art of record Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070). The second closest prior art of record Meenan discloses the home-networking gateway associates each device with it IP address or MAC address (Meenan, Col 5:64-67 to Col 6: 1-17). Newly cited prior art Keneji et al. (JP 2004-355073 A), discloses a device access to request to a webserver is connected through a gateway is authenticated based on whether is the gateway is already authenticated. If the gateway is not authenticated the device is redirected and authentication is performed (Keneji, Overview).
But the prior arts of record alone or in combination fails to teach or suggest the claimed limitation of claim 9 “…when the first access point is identified to be untrusted, instructing the device to request the trusted credential from another of the plurality of access points determined to be trusted or to perform a siqn-on process to access the media service” along with other limitations of claim 9. Note: claim 10, depends on claim 9.

Regarding claim 11, the closest primary prior art of record Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 
But the prior arts of record alone or in combination fails to teach or suggest the claimed limitation of claim 11 “…facilitating transport of the trust credential to the device through the first access point when the first access point is determined to be trusted; denying transport of the trust credential through the first access point to the device when the first access point is determined to be untrusted; and when the first access point is identified to be untrusted, instructing the device to perform a siqn-on process to access the media service” along with other limitations of claim 11. 

Regarding claim 19, closest prior art of record Meenan discloses the home-networking gateway associates each device with it IP address or MAC address    (Meenan, Col 5:64-67 to Col 6: 1-17). Newly cited prior art (2011/0302252 A1), discloses a device MAC address is received at a Network Manager Node which requires an AP association, a broadcast message is transmitted to all the AP and a reply message is received form an AP indicating association with device (Fig. 7).
But the prior arts of record alone or in combination fails to teach or suggest the claimed limitation of claim 19 “…transporting the trust credential to the device through the first access point in response to the credential request when the first access point is determined to be trusted; and authenticating the device for the ZSO access to the media services through the second access point in response to receipt of a media request issued from the device through the second access point following the transporting of the trust credential” along with other limitations of claim 19. 

Regarding claim 21, the closest primary prior art of record Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070). The second closest prior art of record Meenan discloses the home-networking gateway associates each device with it IP address or MAC address (Meenan, Col 5:64-67 to Col 6: 1-17). Newly cited prior art Keneji et al. (JP 2004-355073 A), discloses a device access to request to a webserver is connected through a gateway is authenticated based on whether is the gateway is already authenticated. If the gateway is not authenticated the device is redirected and authentication is performed (Keneji, Overview).
But the prior arts of record alone or in combination fails to teach or suggest the claimed limitation of claim 21 “…when the first access point is determined to be untrusted, instructing the device to request the trusted credential from another of the plurality of access points determined to be trusted” along with other limitations of claim 21. 



Allowable Subject Matter
Claim 20 is allowed.
The following is an examiner’s statement of reasons for allowance: The closest primary prior art of record Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070). The second closest prior art of record Meenan discloses a device access request is routed through a home-networking gateway, where the home-networking gateway includes its identifying information such as gateway MAC addresses when forwards the device credential request to a server (Col 9:13-29). The third closest primary prior art of record Danforth discloses disclose determine a duplication MAC address in use and denying service request (Abstract).    
However the applied prior arts alone or in combination fails to teach or suggest the claimed limitation of claim 20 “...determining a media request received from the device through a second access point of the plurality of access points, the media request including the trust credential and being issued to request access to the media services through the second access point; 
determining whether the second access point is one of trusted and untrusted as a function of identifying information included with the media request; 
facilitating ZSO access to the media services through the second access point when the second access point is trusted and without verifying whether the received trust credential has expired, the ZSO access characterized by signaling being delivered to the device to access the media services without requiring a user of the device to correspondingly sign-on or enter a password as part of an authentication process required before permitting access to the media services;
facilitating ZSO access to the media services through the second access point when the second access point is untrusted and without verifying whether the received trust credential has expired when the received trust credential is the certificate;  
and facilitating ZSO access to the media services through the second access point when the second access point is untrusted and the received trust credential is the 915/967,730CTL 60283 PUS2 cookie when the cookie is unexpired and denying ZSO access to the media services when the cookie is expired” along with other limitations of claim 20.
 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.



Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 1 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject 
Claim 1, recites “the first access point adding the MAC address to the credential request after issuance from the device” on last two lines of claim 1. Applicant provided specification discloses: 
When a client application requests an IP address the CMTS 32 inserts the subscriber's cable modem 30 MAC address, which is known and trusted by the service provider 14, in the request before forwarding it to a DHCP 43 server. After the DHCP 43 assigns an IP address to the client application may then notify the provisioning system 42 and indicate which cable modem 30 MAC address it is associated with. It may also notify the provisioning system 42 when an IP address is not associated with a given cable modem MAC address (expires or assigned to another device). Therefore, the provisioning system may create a mapping of client application IP source addresses that are associated with a subscriber's cable modem MAC address” (Specification: Para 0025).
	
As described the CMTS 32 adds subscribers cable modem 30 MAC address i.e., the “the first access point” to the client request not the subscribers cable modem 30. If applicant believes that CMTS 32 is the “first access point” not the “subscribers cable modem 30” then determining trustworthiness of the CMTS 32 would be unnecessary since it is already operating in the Trusted Domain 38.



Response to Arguments
Applicant’s arguments filed on December 15, 2020 have been fully considered but they are not persuasive.
In the remarks, applicant argues in substance:
That-  “The trusted and untrusted determination requires the processing of identifying information, including a MAC address, and as a function thereof, identifying the access point to be one of trusted and untrusted. Neither of the cited references make such a decision or an identification or perform any processing as a function of whether an access point is determined to be trusted and untrusted.” (Page 10: Para 3).  
In response to argument- Examiner respectfully disagrees with applicant’s argument in regard to independent claims 1. Applicant provided specification describes the steps of determining trustworthiness of the access point as:
If the IP address is within a trust domain of IP address of the service provider, e.g., within the IP subnet of one of the service provider's trusted CMTSs, the access point may be considered trusted, and if not, untrusted (Para 0035:8-11).
	
The primary prior art, Baugher discloses a Local Hub enrolls with ISP Hub 410 using manufactures credentials i.e., certificate issued by the an authority for enrolling the Local Hub (Para 0044). These credentials are used to authenticate i.e., establish trustworthiness of the Hub (Para 0040). Furthermore, association i.e., trustworthiness of the Hub is done using IP address that is assigned to the Hub (Para 0061:1-10). But, Baugher fails to specially disclose trustworthiness of the Hub based on MAC address and the secondary prior art Meenan was applied to teach that features. Meenan discloses authentication of the home-networking gateway with the identifying information such as .



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 12-13, and 15-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mark John Baugher (U.S. Patent Application Publication No.: US 2006/0156392 Al/ or “Baugher” hereinafter) in view of Meenan et al. (U.S. Patent No.: US 7,752,329 B1 / or “Meenan” hereinafter).
A method for authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the method comprising” (Baugher, Abstract: method and devices for controlling access to resources is disclosed): 
“determining a credential request issued from the device to a first access point of the plurality of access points, the credential request being used to request transport of a trust credential to the device, the trust credential being sufficient for authenticating ZSO access to the media services” (Baugher, Fig 4: the Sink Device 430 i.e., "user device" receives network credentials from the ISP Hub 410 through the Local Hub 420; and Para 0044, lines 1-9: a request for enrollment i.e., is received at the Local Hub; and Abstract: credentials is issued to the user device which authorizes the user device to receive resources. Also, Para 0072: a parent and a child hub i.e., multiple APs are disclosed); 
“and to facilitate authenticating the device, identifying the first access point is one of trusted and untrusted as a function of identifying information included with the credential request” (Para 0030: lines 31-37, obtains network credentials; and Para 0044: enrolls with Local Hub which uses manufactures credentials i.e., “identifying information” as its authority for enrolling the user device i.e., trust and/or untrusted is established between the Local Hub 420 and ISP Hub 410), 
Furthermore, Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070).
But Baugher fails to specially disclose “the identifying information including a Media Access Control (MAC) address for the first access point, the first access point adding the MAC address to the credential request after issuance from the device” to establish trust relationship.
the identifying information including a Media Access Control (MAC) address for the first access point added by the first access point to the credential request after issuance from the device” (Meenan, Col 9:13-29, a device access request is routed through a home-networking gateway, where the home-networking gateway includes its identifying information such as gateway MAC address and forwards the device access request; and Col 9:50-64, authenticates the home-networking gateway with the identifying information such as MAC address of the home-networking gateway i.e., determination is made whether the home-networking gateway is one of trusted and/or untrusted using the MAC address). 
It would have been obvious to the ordinary person skilled in the art at the time of invention to employ the teachings of Meenan in the controlled access to resources of in network devices of Baugher where a client device may gain access to resources through the associated home-networking gateway from a host system (Meenan, Col 10:1-6).
This would have been obvious because the ordinary person skilled in the art would have been motivated to combine to allow access to resources to those devices are associated with the home-network gateway. 

Regarding claim 2, in view of claim 1, Baugher discloses “further comprising: determining the first access point to be trusted when the identifying information falls within a trusted domain and to be untrusted when the identifying information fails to fall within the trusted domain; facilitating transport of the trust credential to the device when the first access point is determined to be trusted, thereby enabling the device to use the trust credential to facilitate ZSO access to the media services” (Para 0061, hub is in trusted domain if it is occupying address ; 
“and denying transport of the trust credential through the first access point to the device when the first access point is determined to be untrusted” (Para 0070-0071, denying resources when identified that hub is not associated the requested device).  

Regarding claim 12, in view of claim 1, Baugher discloses “further comprising: determining the first access point to be untrusted when the identifying information indicates a wireless capability of the first access point is locked; facilitating transport of the trust credential to the device through the first access point when the first access point is determined to be trusted; and denying transport of the trust credential through the first access point to the device when the first access point is determined to be untrusted” (Para 0030, 0035, and 0036, discloses how devices initialized and authenticates). 

Regarding claim 13, in view of claim 1, Baugher discloses “further comprising determining the first access point to be untrusted when the identifying information indicates a software version identified in a Management Information Base (MIB) of the first access point is incorrect; 515/967,730CTL 60283 PUS2 facilitating transport of the trust credential to the device through the first access point when the first access point is determined to be trusted; and denying transport of the trust credential through the first access point to the device when the first access point is determined to be untrusted” (Baugher, Para 0005: checks for software configuration).  

further comprising: instructing the device to obtain a security input from a user thereof when the first access point is trusted; transporting the trust credential through the first access point when the security input is verified and the first access point is trusted; and denying transport of the trust credential through the first access point when the security input is unverified” (Meenan, Col 9:30-50, username and password are requested for authentication).  

Regarding claim 16, Baugher discloses “A method for authenticating a device for zero sign-on (ZSO) access to media services available through a plurality of access points, the method comprising” (Baugher, Abstract: method and devices for controlling access to resources is disclosed; and claim 16, computer readable medium): 615/967,730CTL 60283 PUS2 
[associating a plurality of Internet protocol (IP) addresses with a plurality of Media Access Control (MAC) addresses within a mapping, the plurality of MAC addresses each having been previously assigned to one of the plurality of access points, the plurality of IP addresses each having been previously assigned to one of a plurality of devices, the plurality of devices including the device]; 
“determining a credential request received from the device through a first access point of the plurality of access points, the credential request being used to request transport of a trust credential to the device, the trust credential being sufficient for authenticating ZSO access to the media services at a second access point, the plurality of access points excluding the second access point” (Baugher, Fig 4: the Sink Device 430 i.e., "user device" receives network credentials from the ISP Hub 410 and through the Local Hub 420; and Para 0044, lines 1-9: a request for enrollment i.e., is received at the Local Hub; and Abstract: credentials is issued to the 
“determining whether the first access point is one of trusted and untrusted as a function of identifying information included with the credential request, the identifying information including a device address for the device and a [MAC address for the first access point], including determining the first access point to be untrusted when” ( Para 0030: lines 31-37, obtains network credentials; and Para 0044: enrolls with Local Hub which uses manufactures credentials i.e., “identifying information” as its authority for enrolling the user device): 
“i. the plurality of IP addresses in the mapping omits the device address” (Para 0042);
{ii. the plurality of MAC addresses in the mapping omits the MAC address; or 
iii. the plurality of IP addresses in the mapping includes the device address and the plurality of MAC addresses in the mapping includes the MAC address without associating the device address with the MAC address denying transport of the trust credential to the device through the first access point in response to the credential request when the first access point is determined to be untrusted} (Note: examiner did not reject these limitations in {} because they are in alternate form).
Furthermore, Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070).
But Baugher fails to specially disclose assigning access points with MAC addresses and accessing also assigning plurality of devices to one of the access point.
However, Meenan discloses “associating a plurality of Internet protocol (IP) addresses with a plurality of Media Access Control (MAC) addresses within a mapping, the plurality of MAC addresses each having been previously assigned to one of the plurality of access points, the plurality of IP addresses each having been previously assigned to one of a plurality of devices, the plurality of devices including the device” (Fig. 1; and Meenan, Col 9:13-29, a device access request is routed through a home-networking gateway, where the home-networking gateway includes its identifying information such as gateway when forwards the device access request; and Col 9:50-64, authenticates the home-networking gateway and its associated user accounts based on list or table; Col 5:64-67 to Col 6: 1-17, where the home-networking gateway associates each device with it IP address or MAC address). 
It would have been obvious to the ordinary person skilled in the art at the time of invention to employ the teachings of Meenan in the controlled access to resources of in network devices of Baugher where client devices associated with a particular home-networking gateway may gain access to resources from a host system through the particular home-networking gateway based on association formed with the home-networking gateway (Meenan, Col 10:1-6).
This would have been obvious because the ordinary person skilled in the art would have been motivated to combine to allow access to resources to those devices are associated with the home-network gateway. 
  
Regarding claim 17, in view of claim 16, Baugher discloses “further comprising: generating the mapping according to notifications issued from a dynamic host configuration protocol (DHCP) 715/967,730CTL 60283 PUS2 server, the notifications each individually associating one of the plurality of device addresses with one of the plurality of MAC addresses” (Meenan, Col 6: 1-17, DHCP assigns device IPs); 
“and adding one of the plurality of MAC addresses to each of a plurality of address requests transmitted to the DHCP server, the DHCP server processing the plurality of address request for assigning the plurality of IP addresses to the plurality of devices and for determining the one of the plurality of MAC addresses to be included within each notification” (Meenan, Col 7: 18-50, the home-networking gateway 115 sends identifying information to the host system 120, where the host system 120 associates user accounts with the home-networking gateway 115 identifying information).  


Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Mark John Baugher in view of Meenan and in further view of Roses et al. (US 2003/0216143 A1 / or “Roses” hereinafter).

Regarding claim 14, in view of claim 1, Baugher discloses multiple hubs in a network or household (Para 0029, and Para 0056) and accessing resources through the hubs that are authenticated through manufactures credentials (Para 0070).
Meenan discloses a device access request is routed through a home-networking gateway, where the home-networking gateway includes its identifying information such as gateway when forwards the device access request (Col 9:13-29).
 But Baugher and Meenan fail to specially disclose determine trust an AP based on identifying information of a known device connection/location information and decide where to facilitate or not to facilitate communication through the AP.
further comprising: determining the first access point to be untrusted when the identifying information indicates a known device is physically disconnected from the first access point; facilitating transport of the trust credential's through the first access point when the first access point is determined to be trusted; and denying transport of the trust credential through the first access point to the device when the first access point is determined to be untrusted” (Roses, Abstract; and Fig. 6; and Para 0094: restricting access). 
It would have been obvious to the ordinary person skilled in the art at the time of invention to employ the teachings of Roses in the system of Baugher and Meenan where a device connection/location information gain from another device in the network (Roses, Abstract).
This would have been obvious because the ordinary person skilled in the art would have been motivated to combine to establish a trust relation of devices in the network (Roses, Abstract). 


Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Adimatyam et al. (US 8,832,726 B2) discloses “entitlement/key server 150 may determine whether the portable communication device is located in an allowed domain based on the IP address and/or MAC address that is associated with the access point through which the subscriber connects. Entitlement/key server 150 may compare the MAC address (or IP address) received from authentication server 180 to the MAC address associated with the subscriber's account (as previously received from user .


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 






Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SAMSON B LEMMA/Primary Examiner, Art Unit 2498