DETAILED ACTION
The non-final office action is responsive U.S. Patent Application 16/324,598, last communication received on 02/27/2020. Claims 1-15 are pending; claims 1-15 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/27/2020, 08/08/2019, 02/11/2019 was filed before the mailing date of the non-final office action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

As to claim 1, 7, 13, the claim recites “wherein the temporary IP address belongs to an IP network segment corresponding to the temporary role, and a lease for the temporary IP address is a set minimum lease” (emphasis added). It is not clear what lease is considered as “minimum lease.” As people with ordinary skill in the art would know that one might set or adjust IP address lease time on DHCP server with administrative access right. The lease time could be in seconds, minutes, or in hours. Without criteria to judge whether a lease is a minimum lease, this limitation renders the claim indefinite. Examiner will treat “a set minimum lease” as a lease of IP address for examination purpose.
Dependent claims 2-6, 8-12, 14-15 have the limitation from corresponding independent claims and do not remedy the deficiency. Claims 2-6, 8-12, 14-15 are rejected under same rationale.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 13-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.

As to claim 13, the claim recites “[a] machine-readable storage medium storing machine-executable instructions.”  However, the usage of the phrase “machine-readable storage medium” is broad enough to include both “non-transitory” and “transitory” (carrier wave, for example) media.  The specification does not clearly limit the utilization of a non-transitory computer readable storage medium (see [00142]). Thus, with the broadest reasonable interpretation of the claim, the machine-readable storage medium covers a signal per se, which is non-statutory. Accordingly, claim 13 is non-statutory. 
The United States Patent and Trademark Office (USPTO) is obliged to give claims their broadest reasonable interpretation consistent with the specification during proceedings before the USPTO.  See In re Zletz, 893 F.2d 319 (Fed. Cir. 1989) (during patent examination the pending claims must be interpreted as broadly as their terms reasonably allow).  The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent.  See MPEP 2111.01.  When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. § 101 as covering non-statutory subject See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. § 101, Aug. 24, 2009; p. 2.
The USPTO recognizes that applicants may have claims directed to computer readable media that cover signals per se, which the USPTO must reject under 35 U.S.C. § 101 as covering both non-statutory subject matter and statutory subject matter.  In an effort to assist the patent community in overcoming a rejection or potential rejection under 35 U.S.C. § 101 in this situation, the USPTO suggests the following approach.  A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim.  Cf.  Animals - Patentability, 1077 Off. Gaz. Pat. Office 24 (April 21, 1987) (suggesting that applicants add the limitation “non-human” to a claim covering a multi-cellular organism to avoid a rejection under 35 U.S.C. § 101).  Such an amendment would typically not raise the issue of new matter, even when the specification is silent because the broadest reasonable interpretation relies on the ordinary and customary meaning that includes signals per se.  The limited situations in which such an amendment could raise issues of new matter occur, for example, when the specification does not support a non-transitory embodiment because a signal per se is the only viable embodiment such that the amended claim is impermissibly broadened beyond the supporting disclosure.  See, e.g., Gentry Gallery, Inc. v. Berkline Corp., 134 F.3d 1473 (Fed. Cir. 1998).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2016/0036771 A1 to Yadav et al. (hereinafter Yadav) in view of U.S. Patent Application Publication 2015/0304334 A1 to ZHENG et al. (hereinafter ZHENG) and U.S. Patent Application Publication 2014/0052860 A1 to DUGGAL et al (hereinafter DUGGAL).

As to claim 7, Yadav teaches a Network Attached Server (NAS) (network controller 105, Yadav, [0020]-[0021]), comprising:
a processor (a hardware processor 201, Yadav, [0020]-[0021]), and
a machine-readable storage medium storing machine executable instructions (The data storage 203 of the network controller 105 may include a fast read-write memory for storing programs and data during operations and a hierarchy of persistent memory, such as Read Only Memory (ROM), Erasable Programmable Read Only Memory (EPROM,) and/or Flash memory for example, for storing instructions and data needed for the startup and/or operation of the network controller 105, Yadav, [0020]-[0021]) which are executable by the processor to cause the NAS to:
when a terminal comes online for a first time, obtain a temporary role for a terminal (Following connection of the client device 103 to the network system 100, the client device 103 may be assigned a first role (e.g. temporary role) at operation 303.  In one embodiment, the first role assigned at operation 303 may indicate that the client device 103 has not been authenticated on the network system 100 and accordingly the client device 103 is not authorized to be connected with or join secure portions of the network system 100, Yadav, [0033]-[0038], [0017]),
when receiving a first Internet Protocol (IP) address request from the terminal, request a temporary IP address for the terminal (Following operation 303, the client device 103 may transmit a DHCP broadcast message in the network system 100 at operation 305 as shown in the data sequence diagram in FIG. 4.  The DHCP broadcast message 1) attempts to seek out DHCP servers (e.g., the DHCP servers 1011 and/or 1012) and 2) requests an IP address for the client device 103, Yadav, [0039]-[0043]), control the terminal to perform an authentication based on the temporary IP address (At operation 313, the network controller 105 may broadcast an Extensible Authentication Protocol (EAP) request message to the network system 100.  This broadcast may be in response to detection of a new device on the network system 100 and/or on the VLAN X (e.g., the client device 103).  The network controller 105 may open a port to accept EAP traffic and drop all other traffic on this port.  The EAP request message may indicate that the network controller 105 would like to perform machine authentication according to a particular authentication protocol (e.g., IEEE 802.1X authentication protocols and/or standards) for new devices on the network system 100, Yadav, [0047]-[0049], [0017]),
wherein the temporary IP address belongs to an IP network segment corresponding to the temporary role (Since the client device 103 is currently assigned the first role and associated with the VLAN X, the client device 103 may be issued an IP address at operation 307 corresponding to the VLAN X, Yadav, [0044]-[0046], [0017]).
Yadav does not explicitly disclose the authentication being a portal authentication and forcing the terminal to go offline based on an obtained offline notification when the portal authentication is successful.
ZHENG discloses an authentication being a portal authentication (the portal server pushes an authentication page to the terminal.  The user of the terminal inputs a user name and password in the authentication page, and then the portal server sends the user name and password carried in an authentication request message to the AC.  After receiving the authentication request message, the AC encapsulates the user name and password into a RADIUS packet, and submits the RADIUS packet to a RADIUS server, ZHENG, [0037]-[0040]) and forcing a terminal to go offline based on an obtained offline notification when the portal authentication is successful (The AC disconnects the wireless connection of the terminal, ZHENG, [0037]-[0040]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use portal authentication and disconnection as taught by ZHENG to modify the sever of Yadav in order to allow the terminal re-request an IP address for the security of the network.
Yadav-ZHENG does not explicitly disclose a lease for the temporary IP address is a set minimum lease;
DUGGAL discloses a lease for a temporary IP address is a set minimum lease (The private and public IP address pools at the WAG 140 can be configurable.  In one example, the duration (e.g., expiration timer) of private IP addresses in the private IP address pool can be configured to fit different needs and situations.  When the duration expires, a private IP address can be recycled and put back into the private IP pool.  In another example, the lease time (e.g., renew timer) of public IP addresses in the public IP address pool can also be configured to fit different needs and situations, DUGGAL, [0057]-[0058]. Note: in view of examiner’s assumption in 112(b) rejection).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to set lease time as taught by DUGGAL to modify the sever of Yadav-ZHENG in order to allow IP addresses to share with others.
Yadav-ZHENG-DUGGAL discloses
when the terminal comes online for a second time, obtain a service role for the terminal (upon detection of machine authentication success at operation 321 (i.e., receipt of an EAP success message), operation 325 may assign a third role (e.g. service role) for the client device 103.  This third role may also be broadcast/downloaded to the datapath.  This third role allows DHCP request/renew messages to be handled by the DHCP servers 1011 and 1012 and associates the client device 103 with the VLAN Y, Yadav, [0054]-[0057], [0017]),
when receiving a second IP address request sent by the terminal at expiry of the lease for the temporary IP address, request a first service IP address for the terminal (At operation 327, the client device 103 may transmit a DHCP renew/request message.  Since the role of the client device 103 has now changed to allow issuance of a new IP address (i.e., the third role does not include a "deny DHCP renew/request" rule) a DHCP acknowledgement (ACK) message may be transmitted from a DHCP server 101.sub.1 or 101.sub.2 at operation 329 with a new IP address (e.g., an IP address for the VLAN Y), Yadav, [0054]-[0057], [0017]),
control the terminal to perform the network access based on the first service IP address (At operation 331, one or more processes may be performed by the client device 103 on the VLAN Y, Yadav, [0054]-[0057], [0017]),
wherein the first service IP address belongs to an IP network segment corresponding to the service role (Yadav, [0054]-[0057], [0017]).

As to claims 1, 13, the same reasoning applies mutatis mutandis to the corresponding method claim 1 and machine-readable storage medium claim 13. Accordingly, the claims 1 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav in view of ZHENG and DUGGAL.

Claims 2-6, 8-12, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav modified by ZHENG and DUGGAL as applied to claims 1, 7, and 13 above, and further in view of U.S. Patent Application Publication 2014/0096214 A1 to SHETH et al. (hereinafter SHETH).

Yadav-ZHENG-DUGGAL substantially discloses a server as set forth in claim 7 above.
Yadav-ZHENG-DUGGAL does not explicitly send a Media Access Control (MAC) address of the terminal to a Remote Authentication Dial In User Service (RADIUS) Server;
SHETH discloses send a Media Access Control (MAC) address of a terminal to a Remote Authentication Dial In User Service (RADIUS) Server (a new modifier called "authenticate-multiple" may be configured on the RADIUS Server with the value of "authenticate-multiple" to be any combination of authentication attribute "UserName" and "MAC", SHETH, [0030]-[0038], [0006]-[0008]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use MAC address to authenticate devices when the devices try to access network as taught by SHETH to modify the sever of Yadav-ZHENG-DUGGAL in order to manage network access of devices by allowing network access through certain devices while denying access to the rest.
Yadav-ZHENG-DUGGAL-SHETH discloses
receive a temporary role sent by the RADIUS Server when the RADIUS Server determines that no registration information corresponding to the MAC address is recorded, wherein the registration information records the MAC address of the terminal and corresponding account information of the terminal (SHETH, [0030]-[0038]. In view of Yadav, [0033]-[0038]).

Yadav-ZHENG-DUGGAL substantially discloses a server as set forth in  claim 7 above.
Yadav-ZHENG-DUGGAL does not explicitly send a Media Access Control (MAC) address of the terminal to a Remote Authentication Dial In User Service (RADIUS) Server;
SHETH discloses send a Media Access Control (MAC) address of a terminal to a Remote Authentication Dial In User Service (RADIUS) Server (a new modifier called "authenticate-multiple" may be configured on the RADIUS Server with the value of "authenticate-multiple" to be any combination of authentication attribute "UserName" and "MAC", SHETH, [0030]-[0038], [0006]-[0008]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use MAC address to authenticate devices when the devices try to access network as taught by SHETH to modify the sever of Yadav-ZHENG-DUGGAL in order to manage network access of devices by allowing network access through certain devices while denying access to the rest.
Yadav-ZHENG-DUGGAL-SHETH discloses
 receive a service role which is matched to the MAC address and sent by the RADIUS Server when the RADIUS Server determines that registration information corresponding to the MAC address is recorded and a recorded no-perception marker corresponding to the terminal is valid, wherein the registration information records the MAC address of the terminal and corresponding account information of the terminal (SHETH, [0030]-[0038]. In view of Yadav, [0054]-[0057]).

Yadav-ZHENG-DUGGAL substantially discloses a server as set forth in claim 7 above.
Yadav-ZHENG-DUGGAL does not explicitly send a Media Access Control (MAC) address of the terminal to a Remote Authentication Dial In User Service (RADIUS) Server;
SHETH discloses send a Media Access Control (MAC) address of a terminal to a Remote Authentication Dial In User Service (RADIUS) Server (a new modifier called "authenticate-multiple" may be configured on the RADIUS Server with the value of "authenticate-multiple" to be any combination of authentication attribute "UserName" and "MAC", SHETH, [0030]-[0038], [0006]-[0008]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use MAC address to authenticate devices when the devices try to access network as taught by SHETH to modify the sever of Yadav-ZHENG-DUGGAL in order to manage network access of devices by allowing network access through certain devices while denying access to the rest.
Yadav-ZHENG-DUGGAL-SHETH discloses
receive a service role matched to the MAC address and a Uniform Resource Locator (URL) associated with the portal authentication, wherein the service role matched to the MAC address and the URL associated with the portal authentication are sent by the RADIUS Server when the RADIUS Server determines that registration information corresponding to the MAC address is recorded and a recorded no-perception marker corresponding to the terminal is invalid (SHETH, [0030]-[0038]. In view of Yadav, [0054]-[0057] and ZHENG, [0014]-[0015]); 
Yadav, [0047]-[0049], [0017]. In view of ZHENG, [0014]-[0015]); 
control the terminal to perform the portal authentication based on the second service IP address (Yadav, [0047]-[0049], [0017]. In view of ZHENG, [0014]-[0015]);
when the portal authentication is successful, force the terminal to go offline based on an obtained offline notification so that the terminal comes online again (ZHENG, [0037]-[0040]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use portal authentication and disconnection as taught by ZHENG to modify the sever of Yadav-ZHENG-DUGGAL-SHETH in order to allow the terminal re-request an IP address for the security of the network.

As to claim 11, Yadav-ZHENG-DUGGAL-SHETH discloses the server according to claim 10. wherein the machine-executable instructions are executed by the processor to further cause the NAS to: obtain the service role for the terminal; control the terminal to perform the network access based on the service role, wherein the terminal uses the requested second service IP when performing the network access based on the service role (Yadav, [0054]-[0057], [0017]).

Yadav-ZHENG-DUGGAL substantially discloses a server as set forth in claim 7 above.
Yadav-ZHENG-DUGGAL does not explicitly send a Media Access Control (MAC) address of the terminal to a Remote Authentication Dial In User Service (RADIUS) Server;
SHETH discloses send a Media Access Control (MAC) address of a terminal to a Remote Authentication Dial In User Service (RADIUS) Server (a new modifier called "authenticate-multiple" may be configured on the RADIUS Server with the value of "authenticate-multiple" to be any combination of authentication attribute "UserName" and "MAC", SHETH, [0030]-[0038], [0006]-[0008]).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to use MAC address to authenticate devices when the devices try to access network as taught by SHETH to modify the sever of Yadav-ZHENG-DUGGAL in order to manage network access of devices by allowing network access through certain devices while denying access to the rest.
Yadav-ZHENG-DUGGAL-SHETH discloses
receive a service role matched to the MAC address and sent by the RADIUS Server when the RADIUS Server determines that registration information corresponding to the MAC address is recorded and a recorded no-perception marker corresponding to the terminal is valid (Yadav, [0054]-[0057], [0017]);
request a second service IP address for the terminal when receiving a third IP address request sent by the terminal, wherein the second IP address belongs to the IP network segment corresponding to the service role (Yadav, [0054]-[0057], [0017]);
Yadav, [0054]-[0057], [0017]).

As to claims 2-6, 14-15, the same reasoning applies mutatis mutandis to the corresponding method claims 2-6 and machine-readable storage medium claim 14-15. Accordingly, the claims 2-6, 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav in view of ZHENG, DUGGAL, and SHETH.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
See attached form PTO-892.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522.  The examiner can normally be reached on Monday-Friday 9:00AM-5:30PM IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RUOLEI ZONG/Primary Examiner, Art Unit 2441                                                                                                                                                                                                        3/25/2021