DETAILED ACTION
This Office Action is in response to the amendment filed 1/13/2021 to the application 15/784,028.
Claims 1, 11, and 21 have been amended.  Claims 1, 11, and 21 are independent claims.  Claims 1-19 and 21 have been examined and are pending.
Notice of Pre-AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This Action is made FINAL.
Response to Arguments
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 1/13/2021, with respect to the rejections of claims 1-19 and 21 have been fully considered but are not persuasive.
Applicant respectfully traverses the rejections.  A. Continuing Use of the First Station Group VLAN Key to Decrypt Restricted Broadcast Packets from the Second Access Point.  Amended claim 1 recites that use of the first station group VLAN key is continued to decrypt restricted broadcast packets from the second access point. The Specification as originally filed supports the amendments ("soft handoff can be invisible to the station 130E in that there is not need for local reconfiguration". Specification, para. 30).  In the interest of compact prosecution. Applicant has amended the claim to traverse the rejection. More specifically. Examiner has already acknowledged that Meir and Gast fail to disclose handling off stations from a first access point to a second access point 
Examiner respectfully notes that, in light of Applicant’s amendment of the claims, the prior art of record has been reconsidered and an update search has been conducted.  The independent claims are now rejected by Meier 160 in view of newly found reference Coan.  Regarding claim 1, Meier ‘160 discloses, in paragraphs 0051 and 0052, a computer-implemented method, in an access point of a wireless network, for restricting broadcast traffic to a VLAN (virtual local area network), the method comprising the steps of: in paragraph 0044, associating a plurality of stations with a BSSID (basic service set identifier); in paragraph 0007, configuring a first VLAN of stations by sending a first station group VLAN key to each station from the plurality of stations that is a member of the first VLAN, in paragraph 0058, wherein each VLAN is associated with a unique station group key; in paragraph 0051, to decrypt restricted broadcast [i.e., multicast] packets from the first access point; in paragraphs 0004, 0006, receiving one or more frames addressed to the first VLAN;  in paragraph 0051, encrypting the one or more frames with the first group VLAN key to prevent stations without the first station group VLAN key from being able to decrypt the one or more frames; and in paragraphs 0051, 0064, and 0062, broadcasting the one or more encrypted VLAN frames to the plurality of stations associated with the BSSID; in paragraphs 0048 and 0044, wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the 
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. 
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 11, and 21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The original disclosure does not appear to support the amended term “unique station group key”.  The word unique appears only once in Applicant’s original disclosure; paragraph 0008 of the specification which discloses each VLAN is associated with a unique group key.  Paragraph 050 of the specification discloses stations of VLANs are configured VLAN is mapped to a group key at step 420.  Paragraph 0050 of the specification originally filed discloses a VLAN is mapped to a group key at step 420.  The disclosure of paragraph 0038 that When a new VLAN is formed, or when a new member is connected, the VLAN module distributes group key(s).  The recitation in claim 1 of “wherein at least one station from the first VLAN is handed-off to a different access point while retaining membership in the first VLAN by maintaining the first station group VLAN key” is subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  There are only two instances Examiner could find of usage of the word maintain in the original disclosure; that is in paragraph 004, the specification discloses “Conventionally, an access point maintains a VLAN table which correlates the Ethernet broadcast or multicast address to particular unicast addresses of each member of that VLAN” and in paragraph 034, the specification discloses “Based on a table of mapping assignments of access points to stations that is maintained by the virtual cell module 114, only the assigned access point responds. Unassigned access points can ignore frames detected by unassigned stations.”  Examiner notes that claims 1 and 4 of the patent granted to parent case 13/772,358, the last lines recite ““Based on a table of mapping assignments of access points to stations that is maintained by the virtual cell module 114, only the assigned access point responds. Unassigned access points can ignore frames detected by unassigned “wherein at least one station from the first VLAN is handed-off to a different access point while retaining membership in the first VLAN by maintaining the first station group VLAN key”; however, this claimed subject matter is not seen as possession of ““wherein at least one station from the first VLAN is handed-off to a different access point while retaining membership in the first VLAN by maintaining the first station group VLAN key” at the time the application was filed.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly 
Claims 1, 10, 11, and 21 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009.
Regarding claim 1, Meier ‘160 discloses a computer-implemented method, in an access point of a wireless network, for restricting broadcast traffic to a VLAN (virtual local area network), the method comprising the steps of (Meier ‘160, paragraphs 0051, 0052, broadcast group key used to encrypt/ decrypt 802.11 frames that belong to station’s LAN):
associating a plurality of stations with a BSSID (basic service set identifier) (Meier ‘160, paragraph 0044,  SSID used to configure wireless clients – the scope of claim limitation “BSSID” includes SSID); 
configuring a first VLAN of stations by sending a first station group VLAN key to each station from the plurality of stations that is a member of the first VLAN (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”), 
wherein each VLAN is associated with a unique station group key (Meier ‘160, paragraph 0058, single group key for a VLAN)
to decrypt restricted broadcast packets from the first access point; (Meier 160, paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast [i.e., restricted broadcast] Domain 180.”); 
receiving one or more frames addressed to the first VLAN (Meier ‘160, paragraph 0004, “VLANs offer significant benefits in terms of efficient use of bandwidth, flexibility, performance, and security.  VLAN technology functions by logically segmenting the network into different "broadcast domains" whereby packets are only switched between ports that are designated for the same VLAN.”; paragraph 0006, “The Internet Engineering Task Force (IETF) has published an Internet Group Management Protocol (IGMP) standard, which defines a method for organizing IP nodes into an IP multicast group.  An IP multicast group is identified by an IP multicast address.”); 
encrypting the one or more frames with the first group VLAN key to prevent stations without the first station group VLAN key from being able to decrypt the one or more frames (Meier ‘160, paragraph 0051, IP multicast group key may be used to encrypt/ decrypt 802.11 frames); and
broadcasting the one or more encrypted VLAN frames to the plurality of stations associated with the BSSID (Meier ‘160, paragraph 0051, 0064, use of broadcast and multicast group encryption keys; paragraph 0062, wireless stations assigned to a multicast VLAN);
wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point, any multicast groups, where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP.”; paragraph 0044, “A wireless client may be bound to a single remote home subnet, or remote home VLAN, even as it roams seamlessly between access points on different subnets.”)
of the first station group VLAN key (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”)
 to decrypt restricted broadcast packets from the second access point (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point [i.e., second access point], any multicast groups , where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP”; paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast Domain 180.” – multicast [i.e., restricted broadcast] groups are extended to that station’s assigned IP multicast domain in the parent AP for a station that roams to a new parent / second access point ).
Meier ‘160 discloses wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point, but does not explicitly disclose wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point.
transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point (Coan, paragraph 0102, “Since the convergence view is v.sub.final, no correct controller sends a REKEY message corresponding to a higher view number, so all members of M will continue using the established group key.”).

Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Coan with the computer-implemented method/ non-transitory computer-readable medium/access point of Meier ‘160 to include while retaining membership in the first VLAN by continuing use  of the first station group VLAN key.
One would have been motivated to provide users with the benefits of a robust and highly available group management system (Coan: paragraph 0008).
Regarding claim 10, Meier ‘160 and Coan disclose the method of claim 1.  Meier 160 discloses wherein the wireless network comprises an IEEE 802.11-type network (Meier 160, paragraph 0015, “The present invention disclosed and claimed herein, in one aspect thereof, comprises a system and method for organizing virtual local area networks (VLANs) corresponding to a wireless network (e.g. IEEE 802.11).”).
Regarding claim 11, Meier '160 a non-transitory computer-readable medium storing instructions that, when executed by a processor, perform a method in an access point of a wireless network, for restricting broadcast traffic to a VLAN (virtual local area Meier '160, paragraph 0059, software that cause a computer to perform an action):
associating a plurality of stations with a BSSID (basic service set identifier) (Meier ‘160, paragraph 0044,  SSID used to configure wireless clients); 
configuring a first VLAN of stations by sending a first station group VLAN key to each station from the plurality of stations that is a member of the first VLAN (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”), 
wherein each VLAN is associated with a unique station group key (Meier ‘160, paragraph 0058, single group key for a VLAN)
to decrypt restricted broadcast packets from the first access point (Meier 160, paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast Domain 180.”);  
receiving one or more frames addressed to the first VLAN (Meier ‘160, paragraph 0004, “VLANs offer significant benefits in terms of efficient use of bandwidth, flexibility, performance, and security.  VLAN technology functions by logically segmenting the network into different "broadcast domains" whereby packets are only switched between ports that are designated for the same VLAN.”; paragraph 0006, “The Internet Engineering Task Force (IETF) has published an Internet Group Management Protocol (IGMP) standard, which defines a method for organizing IP nodes into an IP multicast group.  An IP multicast group is identified by an IP multicast address.”); 
VLAN key to prevent stations without the first station group VLAN key from being able to decrypt the one or more frames (Meier ‘160, paragraph 0051, IP multicast group key may be used to encrypt/ decrypt 802.11 frames); and
broadcasting the one or more encrypted VLAN frames to the plurality of stations associated with the BSSID (Meier ‘160, paragraph 0051, 0064, use of broadcast and multicast group encryption keys; paragraph 0062, wireless stations assigned to a multicast VLAN).
wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point, any multicast groups, where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP.”; paragraph 0044, “A wireless client may be bound to a single remote home subnet, or remote home VLAN, even as it roams seamlessly between access points on different subnets.”)
of the first station group VLAN key (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”)
 to decrypt restricted broadcast packets from the second access point (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point [i.e., second access point], any multicast groups , where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP”; paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast Domain 180.” – multicast [i.e., restricted broadcast] groups are extended to that station’s assigned IP multicast domain in the parent AP for a station that roams to a new parent / second access point ).
Meier ‘160 discloses wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point, but does not explicitly disclose wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point.
However, in an analogous art, Coan discloses wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point (Coan, paragraph 0102, “Since the convergence view is v.sub.final, no correct controller sends a REKEY message corresponding to a higher view number, so all members of M will continue using the established group key.”).

Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Coan with the computer-implemented method/ non-transitory computer-readable medium/access point of Meier continuing use  of the first station group VLAN key.
One would have been motivated to provide users with the benefits of a robust and highly available group management system (Coan: paragraph 0008).
Regarding claim 21, Meier ‘160 discloses an access point of a wireless network, for restricting broadcast traffic to a VLAN (virtual local area network), the access point comprising (Meier ‘160, paragraphs 0031, 0033): 
a processor (Meier ‘160, paragraph 0059, computer);
a communication interface (Meier ‘160, paragraph 0059, computer); and
a memory, communicatively coupled to the processor and communication interface, and storing (Meier ‘160, paragraph 0059, computer):
a first module to associate a plurality of stations with a BSSID (basic service set identifier) (Meier ‘160, paragraph 0044,  SSID used to configure wireless clients);
a second module to configure a first VLAN by sending a first group key to each station from the plurality of stations that is a member of the first VLAN (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”), 
wherein each VLAN is associated with a unique station group VLAN key (Meier ‘160, paragraph 0058, single group key for a VLAN)
to decrypt restricted broadcast packets from the first access point; (Meier 160, paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast Domain 180.”); 
a third module to receive one or more frames addressed to the first VLAN (Meier ‘160, paragraph 0004, “VLANs offer significant benefits in terms of efficient use of bandwidth, flexibility, performance, and security.  VLAN technology functions by logically segmenting the network into different "broadcast domains" whereby packets are only switched between ports that are designated for the same VLAN.”; paragraph 0006, “The Internet Engineering Task Force (IETF) has published an Internet Group Management Protocol (IGMP) standard, which defines a method for organizing IP nodes into an IP multicast group.  An IP multicast group is identified by an IP multicast address.”); 
a fourth module to encrypt the one or more frames 'with the first station group VLAN key to prevent stations without the first station group VLAN key from being able to decrypt the one or more frames (Meier ‘160, paragraph 0051, IP multicast group key may be used to encrypt/ decrypt 802.11 frames); and
a fifth module to broadcast the one or more encrypted VLAN frames to the plurality of stations associated with the BSSID (Meier ‘160, paragraph 0051, 0064, use of broadcast and multicast group encryption keys; paragraph 0062, wireless stations assigned to a multicast VLAN). 
wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point, any multicast groups, where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP.”; paragraph 0044, “A wireless client may be bound to a single remote home subnet, or remote home VLAN, even as it roams seamlessly between access points on different subnets.”)
of the first station group VLAN key (Meier ‘160, paragraph 0007, “Conventionally, the 802.11 standard for wireless networks presumes support for a single group key (e.g. VLAN) for a client.  An 802.11i-compliant AP may be configured to send a Group Key to an 802.11i station.  This Group Key is conventionally sent in an EAPOL Key message in accordance with the IEEE standards.”)
 to decrypt restricted broadcast packets from the second access point (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point [i.e., second access point], any multicast groups , where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP”; paragraph 0051, “The IP multicast group key may be used to encrypt/decrypt 802.11 frames that belong to the station's IP Multicast Domain 180.” – multicast [i.e., restricted broadcast] groups are extended to that station’s assigned IP multicast domain in the parent AP for a station that roams to a new parent / second access point ).
Meier ‘160 discloses wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point, but does not explicitly disclose wherein at least one station from the first VLAN is transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point.
transparently handed-off to a different access point while retaining membership in the first VLAN by continuing use  of the first station group VLAN key  to decrypt restricted broadcast packets from the second access point (Coan, paragraph 0102, “Since the convergence view is v.sub.final, no correct controller sends a REKEY message corresponding to a higher view number, so all members of M will continue using the established group key.”).

Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Coan with the computer-implemented method/ non-transitory computer-readable medium/access point of Meier ‘160 to include while retaining membership in the first VLAN by continuing use  of the first station group VLAN key.
One would have been motivated to provide users with the benefits of a robust and highly available group management system (Coan: paragraph 0008).
Claims 2 and 12 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Sapkota (US8611270), issued December 17, 2013.
Regarding claim 2, Meier 160 and Coan disclose the method of claim 1.  
Meier 160 and Coan do not explicitly disclose configuring a second VLAN by sending a second group VLAN key to each station that is a member of the second VLAN; station group VLAN key to prevent stations without the second station group VLAN key from being able to decrypt the one or more frames.
However, in an analogous art, Sapkota discloses further comprising:
configuring a second VLAN by sending a second group VLAN key to each station that is a member of the second VLAN (Sapkota, column 6, lines 1-10, broadcast domains such as VLANs are segregated by encryption keys such as group keys where each broadcast domain has its own broadcast encryption key); 
receiving one or more frames addressed to the second VLAN (Sapkota, column 6, lines 1-10, the scope of the claim limitation “receiving one or more frames addressed to the second VLAN” includes the multicast stream that is received);
encrypting the one or more frames with the second station group VLAN key to prevent stations without the second station group VLAN key from being able to decrypt the one or more frames (Sapkota, column 6, lines 1-27, the scope of the claim limitation “encrypting the one or more frames with the second group key to prevent stations without the second group key from being able to decrypt the one or more frames” includes segregating VLANs by the use of different group keys; multicast stream includes frames).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Sapkota with the access point of Meier 160 and Coan to include configuring a second VLAN by sending a second group VLAN key to each station that is a member of the second VLAN; receiving one or more frames addressed to the second VLAN; encrypting the one or more frames with the second station group VLAN key to prevent stations without the second station group VLAN key (Sapkota: column 6, lines 11-14).
Regarding claim 12, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose the computer-readable medium further comprising: configuring a second VLAN by sending a second group key to each station that is a member of the second VLAN; receiving one or more frames addressed to the second VLAN; encrypting the one or more frames with the second station group VLAN key to prevent stations without the second station group VLAN key from being able to decrypt the one or more frames.
However, in an analogous art, Sapkota discloses 
configuring a second VLAN by sending a second group key to each station that is a member of the second VLAN (Sapkota, column 6, lines 1-10, broadcast domains such as VLANs are segregated by encryption keys such as group keys where each broadcast domain has its own broadcast encryption key); 
receiving one or more frames addressed to the second VLAN (Sapkota, column 6, lines 1-10, the scope of the claim limitation “receiving one or more frames addressed to the second VLAN” includes the multicast stream that is received); 
encrypting the one or more frames with the second station group VLAN key to prevent stations without the second station group VLAN key from being able to decrypt the one or more frames (Sapkota, column 6, lines 1-27, the scope of the claim limitation “encrypting the one or more frames with the second group key to prevent stations without the second group key from being able to decrypt the one or more frames” includes segregating VLANs by the use of different group keys; multicast stream includes frames).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Sapkota with the computer-readable medium of Meier 160 and Coan to include further comprising: configuring a second VLAN by sending a second group key to each station that is a member of the second VLAN; receiving one or more frames addressed to the second VLAN; encrypting the one or more frames with the second station group VLAN key to prevent stations without the second station group VLAN key from being able to decrypt the one or more frames to provide users with the benefits of dynamically creating VLANs as new broadcast domains are associated with a wireless transceiver (Sapkota: column 6, lines 11-14).
Claims 3 and 13 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Strom (US20080256646), published October 16, 2008.
Regarding claim 3, Meier 160 and Coan disclose the method of claim 1.
Meier 160 and Coan do not explicitly disclose receiving a list of members of the first VLAN.
However, in an analogous art, Strom discloses further comprising: receiving a list of members of the first VLAN (Strom, paragraph 0044, “Domain information 136 includes a domain ID field 138, a device ID field 140, a domain controller (DC) uniform resource locator (URL) field 142, a key pair field 144, and an expiration field 146.  Domain ID field 138 couples with device ID field 140 to maintain a list of registered devices for each domain that domain controller 110 controls.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Strom with the method of Meier 160 and Coan to include, receiving a list of members of the first VLAN, to enable seamless movement and consumption of licensed digital content amongst multiple devices (Strom: paragraph 0007).
Regarding claim 13, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose the method further comprising: receiving a list of members of the first VLAN.
However, in an analogous art, Strom discloses the method further comprising: receiving a list of members of the first VLAN (Strom, paragraph 0044, “Domain information 136 includes a domain ID field 138, a device ID field 140, a domain controller (DC) uniform resource locator (URL) field 142, a key pair field 144, and an expiration field 146.  Domain ID field 138 couples with device ID field 140 to maintain a list of registered devices for each domain that domain controller 110 controls.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Strom with the computer-readable medium of Meier 160 and Coan to include, receiving a list of members of the first (Strom: paragraph 0007).
Claims 4 and 14 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Meier (Meier ‘282) (US20040103282), published May 27, 2004.
Regarding claim 4, Meier 160 and Coan disclose the method of claim 1.
Meier 160 and Coan do not explicitly disclose wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point.
However, in an analogous art, Meier ‘282 discloses wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point (Meier ‘282, paragraph 1283, “A multicast address is dynamically enabled on an AP secondary port if it is contained in a WTLV_MCAST_ADDR_LIST TLV in a Registration Request or in a MULTICAST.sub.--802_ADDRESS_LIST element in an 802.11 (Re)Association message or 802.11 Action frame.  A dynamically enabled multicast address is aged and discarded if it is not re-registered after the maximum AP registration lifetime.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Meier ‘282 with the method of Meier 160 and Coan to include, wherein the one or more frames are addressed to either a (Meier ‘282: paragraph 0130).
Regarding claim 14, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point.
However, in an analogous art, Meier ‘282 discloses wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point (Meier ‘282, paragraph 1283, “A multicast address is dynamically enabled on an AP secondary port if it is contained in a WTLV_MCAST_ADDR_LIST TLV in a Registration Request or in a MULTICAST.sub.--802_ADDRESS_LIST element in an 802.11 (Re)Association message or 802.11 Action frame.  A dynamically enabled multicast address is aged and discarded if it is not re-registered after the maximum AP registration lifetime.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Meier ‘282 with the computer-readable medium of Meier 160 and Coan to include, wherein the one or more frames are addressed to either a broadcast port or a multicast port of the access point, to reduce both message and computational burden (Meier ‘282: paragraph 0130).
Claims 5 and 15 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Bishop (US20070015514), published January 18, 2007.
Regarding claim 5, Meier 160 and Coan disclose the method of claim 1.  Meier 160 discloses wherein the access point is … provided by the wireless network in which the BSSID is also associated with at least one other access points in the wireless network and at least one station from the first VLAN is connected to one of the at least one other access points  (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point, any multicast groups, where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP.”).
Meier 160 and Coan do not explicitly disclose wherein the access point is part of a virtual cell service.
However, in an analogous art, Bishop discloses wherein the access point is part of a virtual cell service (Bishop, paragraph 0061, “When a mobile device initiates communications with a network, a virtual cell may be constructed for the session if the subscriber's agreement permits a virtual cell and if the data type is proper.”; paragraph 0062, “Because the virtual cell has several radios broadcasting and operating in unison, the virtual cell may use several times the bandwidth of a conventional communication session between one mobile device and a radio transceiver.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Bishop with the method of Meier (Bishop: paragraphs 0007 and 0008).
Regarding claim 15, Meier 160 and Coan disclose the computer-readable medium of claim 11.  Meier 160 discloses wherein the access point is … provided by the wireless network in which the BSSID is also associated with at least one other access points in the wireless network and at least one station from the first VLAN is connected to one of the at least one other access points (Meier 160, paragraph 0048, “When an 802.11 station roams to a new parent access point, any multicast groups, where the station is a member, must be extended to the station's assigned IP multicast domain in the parent AP.”).
Meier 160 and Coan do not explicitly disclose wherein the access point is part of a virtual cell service.
However, in an analogous art, Bishop discloses wherein the access point is part of a virtual cell service (Bishop, paragraph 0061, “When a mobile device initiates communications with a network, a virtual cell may be constructed for the session if the subscriber's agreement permits a virtual cell and if the data type is proper.”; paragraph 0062, “Because the virtual cell has several radios broadcasting and operating in unison, the virtual cell may use several times the bandwidth of a conventional communication session between one mobile device and a radio transceiver.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Bishop with the computer-readable medium of Meier 160 and Coan to include, wherein the one or more frames (Bishop: paragraphs 0007 and 0008).
Claims 6 and 16 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Haddad (US20120210136), published August 16, 2012.
Regarding claim 6, Meier 160 and Coan disclose the method of claim 1.
Meier 160 and Coan do not explicitly disclose wherein the first station group VLAN key is sent to the station using the IEEE 802.IX protocol.
However, in an analogous art, Haddad discloses wherein the first station group VLAN key is sent to the station using the IEEE 802.IX protocol (Haddad, paragraph 0022, “In other embodiments, the group keys can be distributed to the sensors using IEEE 802.1x (a port-based network access control protocol) or similar authentication protocols.”; paragraph 0036, "In one embodiment, the access router 201 or gateway can distribute the group keys to the resources using a protocol for carrying authentication for network access (PANA), a port-based network access control (PNAC) protocol (IEEE 802.1x) or authentication protocol.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Haddad with the method of Meier 160 and Coan to include, wherein the first station group VLAN key is sent to the station (Haddad: paragraph 0002).
Regarding claim 16, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose wherein the first station group VLAN key is sent, to the station using the IEEE 802. IX protocol.
However, in an analogous art, Haddad discloses wherein the first station group VLAN key is sent, to the station using the IEEE 802. IX protocol (Haddad, paragraph 0022, “In other embodiments, the group keys can be distributed to the sensors using IEEE 802.1x (a port-based network access control protocol) or similar authentication protocols.”; paragraph 0036, "In one embodiment, the access router 201 or gateway can distribute the group keys to the resources using a protocol for carrying authentication for network access (PANA), a port-based network access control (PNAC) protocol (IEEE 802.1x) or authentication protocol.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Haddad with the computer-readable medium of Meier 160 and Coan to include, wherein the first station group VLAN key is sent, to the station using the IEEE 802. IX protocol, to enable secure access to resources such as sensor networks on a per application basis (Haddad: paragraph 0002).

Claims 7 and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Frindell (US20080130880), published June 5, 2008.
Regarding claim 7, Meier 160 and Coan disclose the method of claim 1.  Meier '160 discloses sent by the access point to the plurality of stations (Meier ‘160, paragraph 0053, “Continuing with the embodiment of FIG. 1, upon receipt of an Ethernet IP multicast frame via a multicast VLAN, a parent AP 145 may be configured to wirelessly transmit the frame to 802.11 stations (110, 115, 120, 125) in the corresponding IP Multicast Domain 180.”).
Meier 160 and Coan do not explicitly disclose wherein the first station group VLAN key also decrypts general, VLAN frames sent by the access point to the plurality of stations.
However, in an analogous art, Frindell discloses wherein the first station group VLAN key also decrypts general, VLAN frames sent by the access point to the plurality of stations (Frindell, paragraph 0021, “Each multikey instance has a unique identifier associated with it so that the encryption engine 116 can be used to decrypt any data transferred from a remote location using that location's instance.”; paragraph 0027, “In the example of FIG. 1, the network 104 may include any type of network including but not limited to the Internet, an intranet, a LAN, a WAN, a WLAN, a VLAN, or any other known or convenient network that is capable of carrying electronic data.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Frindell with the method of Meier station group VLAN key also decrypts general, VLAN frames sent by the access point to the plurality of stations to provide users with the benefits of facilitating best practice security (Frindell: paragraph 0006).
Regarding claim 17, Meier 160 and Coan disclose the computer-readable medium of claim 11.  Meier '160 discloses sent by the access point to the plurality of stations (Meier ‘160, paragraph 0053, “Continuing with the embodiment of FIG. 1, upon receipt of an Ethernet IP multicast frame via a multicast VLAN, a parent AP 145 may be configured to wirelessly transmit the frame to 802.11 stations (110, 115, 120, 125) in the corresponding IP Multicast Domain 180.”).
Meier 160 and Coan do not explicitly disclose wherein the first station group VLAN key also decrypts general, VLAN frames.
However, in an analogous art, Frindell discloses wherein the first station group VLAN key also decrypts general, VLAN frames (Frindell, paragraph 0021, “Each multikey instance has a unique identifier associated with it so that the encryption engine 116 can be used to decrypt any data transferred from a remote location using that location's instance.”; paragraph 0027, “In the example of FIG. 1, the network 104 may include any type of network including but not limited to the Internet, an intranet, a LAN, a WAN, a WLAN, a VLAN, or any other known or convenient network that is capable of carrying electronic data.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Frindell with the computer-readable medium of Meier 160 and Coan to include wherein the first station group VLAN (Frindell: paragraph 0006).
Claims 8 and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Meier (Meier ‘620) (US6847620), issued January 25, 2005.
Regarding claim 8, Meier 160 and Coan disclose the method of claim 1.  
Meier 160 and Coan do not explicitly disclose wherein the members of the first VLAN comprise a subset of stations associated with the BSSID.
However, in an analogous art, Meier ‘620 discloses wherein the members of the first VLAN comprise a subset of stations associated with the BSSID (Meier, ‘620, “In general, an assumption is made herein that VLAN-unaware stations in a BSS should belong to the local VLAN (i.e., subnet).  VLAN-aware stations can belong to any VLAN. --- the scope of the claim limitation " the members of the first VLAN comprise a subset of stations associated with the BSSID” includes VLAN-unaware stations in a BSS should belong to the local VLAN (i.e., subnet) as VLAN-aware stations may belong to the same local VLAN too and so those VLAN-unaware stations that belong to the local VLAN form a subset of stations associated with the BSSID.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Meier ‘620 with the method of Meier 160 and Coan to include, wherein the members of the first VLAN comprise a subset (Meier ‘620, column 2, lines 53-58).
Regarding claim 18, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose wherein the members of the first VLAN comprise a subset of stations associated with the BSSID.
However, in an analogous art, Meier ‘620 discloses wherein the members of the first VLAN comprise a subset of stations associated with the BSSID (Meier, ‘620, “In general, an assumption is made herein that VLAN-unaware stations in a BSS should belong to the local VLAN (i.e., subnet).  VLAN-aware stations can belong to any VLAN. --- the scope of the claim limitation " the members of the first VLAN comprise a subset of stations associated with the BSSID” includes VLAN-unaware stations in a BSS should belong to the local VLAN (i.e., subnet) as VLAN-aware stations may belong to the same local VLAN too and so those VLAN-unaware stations that belong to the local VLAN form a subset of stations associated with the BSSID.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Meier ‘620 with the computer-readable medium of Meier 160 and Coan to include, wherein the members of the first VLAN comprise a subset of stations associated with the BSSID, to integrate access points and mobile client stations into a VLAN network (Meier ‘620, column 2, lines 53-58).
Claims 9 and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Meier (Meier ‘160) (US20050025160), published February 3, 2005, in view of Coan (US20100180116), filed November 3, 2009, and further in view of Diener (US20040028003), filed April 22, 2003.
Regarding claim 9, Meier 160 and Coan disclose the method of claim 1.
Meier 160 and Coan do not explicitly disclose wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted.
However, in an analogous art, Diener discloses wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted (Diener, paragraph 0190, “lmst_BadICV The data/mgmt frame was filtered because it failed to decrypt successfully.  This may indicate a security attack.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Diener with the method of Meier 160 and Coan to include, wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted, to identify security attacks (Diener: paragraph 0190).
Regarding claim 19, Meier 160 and Coan disclose the computer-readable medium of claim 11.
Meier 160 and Coan do not explicitly disclose wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted.
However, in an analogous art, Diener discloses wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted Diener, paragraph 0190, “lmst_BadICV The data/mgmt frame was filtered because it failed to decrypt successfully.  This may indicate a security attack.”).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Diener with the computer-readable medium of Meier 160 and Coan to include, wherein the station processes successfully decrypted frames and ignores frames that are not successfully decrypted, to identify security attacks (Diener: paragraph 0190).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439                                                                                                                                                                                                        

/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439