DETAILED ACTION
This office action is in response to the application filed on 05/09/2019. Claims 1-20 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification Objection
The specification is object to, because it neither recites nor provides a clear description of the limitation, "based on the periodic polling", recited in the claim 19.

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151 , or in an application for patent published or deemed published under section 122(b) , in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-8, 10-14 and 16-20, are rejected under AIA  35 U.S.C. 102(a) (1) as being unpatentable over Potra et al.  (U.S. Pub. No. 2013/0155876 A1, referred to as Potra).

Regarding claims 1, 10 and 16, Potra teaches:

(Fig. 3, Items 301 (processor),  306c ; ¶ 0039, “In particular embodiments, a captive portal check process 306 c is appended to the end of configuration pipeline 306. As discussed in greater detail below, captive portal check process 306 c detects whether the wireless network connection is in a captive portal state; Wi-Fi connection state tracker 304 will not consider the device “fully connected” to the WLAN if captive portal check process 306 c detects a captive portal state.”; Fig. 2, Steps 201-203; ¶ 0028- 0030). 
based on detecting the connection to the captive portal, launching, by the processor, a dedicated secure web browser (Fig. 2, Step 206; ¶ 0032); and 
selectively restricting, by the processor, access of the user device to the network (Fig. 2, Step 205; ¶ 0031), to only allow, via the dedicated secure web browser, communications related to remediation with the captive portal (Fig. 2, Step 207; ¶ 0032; Fig. 7; ¶ 0060- ¶ 0062, “FIG. 7 illustrates a mobile device 300 displaying a browser window 701 generated in response to the detection of a captive portal state (Step 405 of FIG. 4 or state S2 of FIG. 6). In particular embodiments, browser window 701 includes a user interface area 702 generated by mobile device 300, and a content area 706 obtained from the gateway or server of the captive portal. In particular embodiments, mobile device 300 has no control over the content displayed in content area; it merely downloads and renders the content from the captive portal” (communications related to remediation with the captive portal)).
Regarding claim 10, Potra further teaches:
(Fig. 9, System 900; ¶ 0069- ¶ 0071).
Regarding claim 16, Potra further teaches:
One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a user device, cause the processor to execute a method (Fig. 9, System 900; ¶ 0069- ¶ 0071).

Regarding claims 2, 11 and 17 Potra teaches all the features of claim 1, 10 and 16, as outlined above.
Potra further teaches:
based on the launching of the dedicated secure web browser, loading, by the processor, a universal resource locator (URL) that redirects the dedicated secure web browser to a captive portal remediation page Fig. 7, Item 704; ¶ 0060- ¶ 0062, “As should be readily apparent by one of ordinary skill in the art, navigation bar 704 displays the URL of the currently displayed content”).

Regarding claims 3, 12 and 18 Potra teaches all the features of claim 2, 11 and 17, as outlined above.
Potra further teaches:
executing, by the processor, a network security control daemon that detects the connection to the captive portal and updates at least one network access restriction of (Fig. 3, Items 301, 302; ¶ 0039; ¶ 0034, “Connection manager 301 may be a third-party application or, more typically, built-in to the operating system (a network security control daemon) of mobile device 300. Connectivity manager 301 includes a Wi-Fi listener module 302 that actively probes for available Wi-Fi networks. In particular embodiments, Wi-Fi listener module 302 may probe at predetermined intervals.”; Fig. 2, Steps 201-203; ¶ 0028- 0030 (detects the connection to the captive portal); (Fig. 2, Step 205, “connection to social networking sever lost by all applications until authentication” (updates at least one network access restriction of the user device); ¶ 0031); and 
remediating with the captive portal, wherein the remediating with the captive portal comprises: displaying, on the dedicated secure web browser, content received from the captive portal, obtaining, via the dedicated secure web browser, user input related to obtaining access to the network of the captive portal; providing the user input to the captive portal (Fig. 2, Step 206; ¶ 0032; Fig. 7; ¶ 0060- ¶ 0062)
obtaining, from the captive portal, a response indicating one of: access to a network of the captive portal is granted, and further input is required to obtain the access to the captive portal; and periodically polling to detect completion of remediation with the captive portal.
 (Fig. 2, Step 207; ¶ 0032; Fig. 7; ¶ 0044, “When the user clicks a “submit” or “go” button in the captive portal content, the authentication credentials are submitted to the captive portal for verification. If the authentication credentials are valid, the captive portal may, depending on the implementation, transmit an ACK to the user (access to a 300 Internet access”).
Regarding claim 12 Potra further teaches:
a display; and a user interface (Fig. 7; ¶ 0060- ¶ 0062).

Regarding claims 4, Potra teaches all the features of claim 3, as outlined above.
Potra further teaches:
based on detecting the completion of the remediation and the response indicating that the access to the network of the captive portal is granted, updating, by the network security control daemon, the at least one network access restriction of the user device by reapplying one or more network access restrictions executed by the processor prior to the detecting of the connection to the captive portal (Fig. 7; ¶ 0044; Fig. 2, Step 207; ¶ 0032, “at Step 207 data connectivity is restored through the Wi-Fi connection” (reapplying one or more network access restrictions executed by the processor prior to the detecting of the connection to the captive portal)).

Regarding claim 19, Potra teaches all the features of claim 18, as outlined above.
Potra further teaches:
based on the periodic polling, detect the completion of the remediation with the captive portal and the response indicating that the access to the captive portal is granted, update, by the network security control daemon, the captive portal network (Fig. 7; ¶ 0044; Fig. 2, Step 207; ¶ 0032, “at Step 207 data connectivity is restored through the Wi-Fi connection” (applying the one or more existing network access restrictions)).

Regarding claims 5, 13 and 20 Potra teaches all the features of claim 1, 10 and 16, as outlined above.
Potra further teaches:
wherein the selectively restricting the access of the user device to the network comprises updating at least one network access restriction of the user device such that one or more user applications, executed by the processor, are blocked from the access to the network (Fig. 2, Step 205, “connection to social networking sever lost by all applications until authentication” (one or more applications are blocked from the access to the network); ¶ 0031).
Regarding claim 13, Porta further teaches:
wherein the one or more user applications include a web browser and at least one of virtualized desktop applications, social media applications, email applications, and content streaming applications (Fig. 2, Step 205, “connection to social networking sever lost by all applications until authentication (social media applications)); Fig. 3, Items 307(applications), 308 (web browser), 309 (social networking applications); ¶ 0033; Fig. 8, Item 832 (web browser); ¶ 0068).

Regarding claim 6, Potra teaches all the features of claim 5, as outlined above.
Potra further teaches:
wherein the one or more user applications include a web browser and at least one of virtualized desktop applications, social media applications, email applications, and content streaming applications (Fig. 2, Step 205, “connection to social networking sever lost by all applications until authentication” (social media applications)); Fig. 3, Items 307(applications), 308 (web browser), 309 (social networking applications); ¶ 0033; Fig. 8, Item 832 (web browser); ¶ 0068).

Regarding claim 7, Potra teaches all the features of claim 6, as outlined above.
Potra further teaches:
wherein the selectively restricting the access of the user device to the network comprises blocking transmission of data from the one or more user applications to one or more destinations external to the user device (Fig. 2, Step 205, “connection to social networking sever lost by all applications until authentication”; Fig. 8, Items 830, 832, 820, 822 (one or more destinations external to the user device); ¶ 0068).

Regarding claims 8 and 14, Potra teaches all the features of claims 7 and 13, as outlined above.
Potra further teaches:
wherein the selectively restricting the access of the user device to the network comprises updating the at least one network access restriction of the user device such that data received by the user device from sources external to the user device is dropped without being processed (Fig. 2, Step 205, “connection to social networking ¶ 0031, “At Steps 204-205, mobile device 105 remains trapped in captive portal state 208. Packets addressed from mobile device 105 to the Internet are not forwarded by the WLAN, whose default gateway or web server continues to bombard mobile device 105 with HTTP responses including content for the portal web page. Because non-browser mobile applications are not expecting, or cannot render these HTTP responses, they typically drop the packets (data received by the user device from sources external to the user device is dropped without being processed), and the user may remain in captive portal state 208 indefinitely”).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claims 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Potra, in view of Kishida (U.S Pub No. 2016/0269380 A1, referred to as Kishida).

Regarding claims 9 and 15, Potra teaches all the features of claims 1 and 10, as outlined above.
Potra does not explicitly disclose, however Kishida teaches:
initiating, by the processor, a virtual private network (VPN) tunnel with a VPN server (Kishida: Fig. 1, Items 101, 107; Fig. 2, Item 203; ¶ 0032, “A VPN connection 203 is a device or a program for connecting to the VPN authentication server 107 to execute a process necessary for VPN communication. ”); 
based on detecting the connection to the captive portal, updating, by the processor, one or more existing network access restrictions to one or more captive portal network access restrictions which include blocking data to and from the VPN server (Kishida: Fig. 3; ¶ 0023- ¶ 0025, “If there is a response from the dedicated HTTP server and it is thus determined that the terminal is connected to the Internet, the VPN communication terminal restricts its communication to communication with the VPN authentication server”); 
detecting, by the processor, a successful completion of remediation with the captive portal (Kishida: Fig. 6; ¶ 0039, “Once it is determined that captive portal authentication is complete,”);  21ATTORNEY DOCKET NO. 0370.3922C (1021704-US.01) CPOL No. 1021704-US.01 
based on the detecting the successful completion of remediation with the captive portal, updating the one or more captive portal network access restrictions of the user device to re-apply the one or more existing network access restrictions; and based on the updating to the one or more existing network access restrictions, reestablishing the VPN tunnel with the VPN server (Kishida: Fig. 6; ¶ 0039, “the Internet connection status detection unit 201 instructs the network connection unit 204 to prohibit network communication of the browser program. After that, the VPN connection unit 203 realizes VPN communication with the VPN authentication server 107 via the network connection unit 204. It should be noted that communication with IP addresses other than the IP address contained in the policy information 302 is prohibited by the packet filtering unit 202. That is, it becomes possible for the user terminal 101 to communicate with 107 (FIG. 6). Consequently, leakage of information from the user terminal 101 is prevented.”).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Potra by Kishida to use a VPN communication in order to prevent information leakage from a user terminal during an authentication of a captive portal. (Kishida: ¶ 0043).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  






/HASSAN SAADOUN/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435