DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.
The objection to claim 7 has been withdrawn in view of the claim amendment. 

Response to Arguments
Applicant's arguments filed 01/29/21 have been fully considered. Although there might be differences between Applicant’s invention and the cited prior art, the current claims have not successfully captured these differences to render the claims clearly distinguishable from the cited prior art as explained in more detail below.
In response to Applicant’s argument that Ranade does not teach, suggest, or describe a network access package that is created by a network device (pages 7-8 of Remarks), Examiner acknowledged Applicant’s perspective but this argument is moot in view of the new ground of rejection presented below in view of newly found prior art Cao.
In response to Applicant’s argument that a user device that provides the ability to specify an authentication key for a secure access approach, as described by Miller, fails to teach, suggest, or describe a user interface comprising a plurality of network access configuration parameters selectable by the network provider to define the secure network access configuration, as recited by claim 16 (pages 8-9 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, the term “a plurality of network access configuration parameters” is broad and reads on any configuration parameters related to network access.  In addition, the term “secure 
In response to Applicant’s argument that for at least the reasons given above, claim 1 is allowable over any hypothetical combination of Ranade and Miller. Since claims 2-3 depend from claim 1 and recite additional features, claims 2-3 are also allowable over any hypothetical combination of the teachings of Ranade (page 9 of Remarks), Examiner acknowledged Applicant’s perspective but this argument is moot in view of the new ground of rejection presented below in view of newly found prior art Cao.  Moreover, the combination of Ranade, Cao, and Miller also teaches or suggests the additional features recited in claims 2-3 as seen in the rejection below.
In response to Applicant’s argument that even if, arguendo, Ranade and Chung could be combined as suggested by the Office, the resulting combination fails to teach, suggest, or describe an encrypted network access package created by the network device, as recited by claim 7 (pages 10-11 of Remarks), Examiner acknowledged Applicant’s perspective but this argument is moot in view of the new ground of rejection presented below in view of newly found prior art Cao.
In response to Applicant’s argument that claim 16 is allowable over any hypothetical combination of Miller and Chung (page 11 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed because claim 16 is not allowable over Miller as explained 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 16-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Miller (US 20080250478).

Claim 16, Miller discloses A network device comprising: 
a network device interface that provides a Wi-Fi network; a processor; and memory that stores instructions that, when executed by the processor, (e.g. ¶19-21, 67-68:  Embodiments of the present invention are directed toward providing wireless access to networks, and in particular, to networks which are accessible through a WiFi router. A WiFi router is a router that follows one of the IEEE 802.11 WiFi specifications) cause the processor to perform operations comprising 
presenting a user interface through which a network provider can configure a network access package comprising a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with a requester device to provide the requester device access to the Wi-Fi network, (e.g. fig. 5, ¶28-29, 36: The network administrator can set an authentication key in the router (using, for example, the router's configuration interface) to use one of the secured access approaches (i.e., the shared-key approach or pre-shared-key approach). In this case, client devices that do not provide the proper authentication key value during authentication will be denied access to the network. In the shared-key authentication approach, the client may obtain the authentication key from the router…FIG. 5 shows a sample user interface 500 that may be used for configuring a router, according to an embodiment of the present invention.) wherein the user interface comprises a plurality of network access configuration parameters selectable by the network provider to define the secure network access configuration, (e.g. fig. 5, ¶28, 36-37: FIG. 5 shows a sample user interface 500 that may be used for configuring a router, according to an embodiment of the present invention. This configuration interface provides for changing the SSID (see 510) and channel (see 520), and for selecting one of the authentication mechanisms (see 530). Encryption may be enabled or disabled using this configuration interface, as shown at 540 (which refers to "WEP", the Wired Equivalent Privacy encryption algorithm that is built into the 802.11 specification). Any one of 4 authentication keys may be specified from this sample interface, as shown at 570; a drop-down box 560 allows the user to select the encoding in which the keys are specified.)
receiving, via the user interface, input to define the secure network access configuration, and creating, based upon the input, the network access package comprising the secure network access configuration. (e.g. fig. 5, ¶28, 36: The network administrator can set an authentication key in the router (using, for example, the router's configuration interface) to use one of the secured access approaches (i.e., the shared-key approach or pre-shared-key approach)…This configuration interface provides for changing the SSID (see 510) and channel (see 520), and for selecting one of the authentication mechanisms (see 530). Encryption may be enabled or disabled using this configuration interface, as shown at 540 (which refers to "WEP", the Wired Equivalent Privacy encryption algorithm that is built into the 802.11 specification). Any one of 4 authentication keys may be specified from this sample interface, as shown at 570; a drop-down box 560 allows the user to select the encoding in which the keys are specified)

Claim 17, Miller discloses The network device of claim 16, wherein the user interface comprises a web interface or a native application interface. (e.g. fig. 5, ¶28, 36)

Claim 18, Miller discloses The network device of claim 17, wherein the plurality of network access configuration parameters selectable by the network provider to define the secure network access configuration comprise at least one of an allowed network parameter, an allowed port parameter, an allowed IP address range parameter, a time limit parameter, a re-entry allowed parameter, a restrict data rate parameter, or a restrict data usage parameter. (e.g. fig. 5, ¶36-37)

Claim 19, Miller discloses The network device of claim 16, wherein the secure network access configuration comprises a rule specifying a condition under which the requester device is permitted to access the Wi-Fi network, wherein the rule is defined, at least in part, via the input that defines at least a portion of the plurality of network access configuration parameters. (e.g. fig. 5, ¶28, 36)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 and 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Ranade (US 20160192196) in view of Cao (US 20160269901).

Claim 1, Ranade discloses A provider device comprising: 
a processor; and (e.g. ¶25: processors for executing instructions or accessing information that may be stored in memory)  
memory comprising computer-executable instructions that, when executed by the processor, (e.g. ¶25: non-transitory computer-readable storage (memory)) cause the processor to perform operations comprising 
receiving, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider, (e.g. fig. 1, ¶22, 25-26, 29-30: When a user device 110 requests secure network access, the request may be redirected to web portal server 140…Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100… Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A…the request for secure network access is redirected to web portal server 140) wherein the Wi-Fi network is provided, at least in part, by a network device, (e.g. fig. 1, ¶22: Communication networks 120A-B are provided by a hotspot access point 130)
in response to the network access request, prompting, the network provider to accept or deny the requester device access to the Wi-Fi network, (e.g. ¶25-26, 31: When a user device 110 requests secure network access, the request may be redirected to web portal server 140, which may convey the request to hotspot controller 150…the hotspot controller 150 may receive a request that a user device 110 be allowed to use the secured communication network 120B)
receiving input indicating that the network provider accepts the network access request, (e.g. ¶26, 31-32: Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100…In terms of security, for example, the hotspot controller 150 may receive a request that a user device 110 be allowed to use the secured communication network 120B. Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140)
in response to the input indicating that the network provider accepts the network access request, creating a network access response comprising a network access package, wherein the network access package comprises a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration, and sending the network access response to the requester device. (e.g. ¶26, 34-35: Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140, which in turns generates a web page displaying the unique pre-shared key to the user device 110. User device 110 may then use the pre-shared key in a request to access secure communication network 120B… the web portal server 140 generates a webpage to display the unique pre-shared key to the user of user device 110…the unique pre-shared key is entered into user device 110, either manually by the user (e.g., a cut and paste operation), via user selection (e.g., execution of a script associated with a `install` button), or automatically as a result of instructions embedded with a pre-shared key download package. A subsequent request for access to the secure communication network 120B is generated based on the unique pre-shared key. In some instances, the unique pre-shared key may be bundled as part of a package that may be installed automatically or upon request on the user device 110. The package may include any applications, policies, or parameters required for connection to the secure communication network 120B. For example, an application may be downloaded to the wireless device and executed to survey, configure (e.g., install parameters and policies), and/or connect the wireless device to the secured communication network 120B. The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters.)
Although Ranade discloses wherein the network access package is created (see above), Ranade does not appear to explicitly disclose but Cao discloses created by the network device (e.g. ¶69: after the wireless AP shown in FIG. 1 is inserted into the second terminal, a client runs on the second terminal, where the client is responsible for creating WiFi and guiding a user of the second terminal to set the SSID and the access password of the AP.  After setting the SSID and the access password of the AP, the user of the second terminal encrypts, according to a preset encryption algorithm, the target AP connection information that includes at least the SSID and the access password, to generate an encrypted character string, and uploads the encrypted character string to the server).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Cao into the invention of Ranade for the purpose of enabling a network terminal to generate a passcode for a wireless connection thereby increasing the flexibility and convenience of the system.

Claim 4, Ranade-Cao discloses The provider device of claim 1, wherein the secure network access configuration comprises a default configuration. (Ranade, e.g. ¶34-35)

Claim 5, Ranade-Cao discloses The provider device of claim 1, wherein the secure network access configuration comprises a custom configuration specific to the requester device. (Ranade, e.g. ¶34-35)

Claim 6, Ranade-Cao discloses The provider device of claim 1, wherein the secure network access configuration comprises a rule specifying a condition under which the requester device is permitted to access the Wi-Fi network. (Ranade, e.g. ¶35)

Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Ranade (US 20160192196) in view of Cao (US 20160269901) and further in view of Miller (US 20080250478).

Claim 2, Ranade-Cao discloses The provider device of claim 1, (see above) and does not explicitly disclose but Miller discloses presenting a user interface served by the network device, wherein the user interface allows the network provider to define the secure network access configuration for the network access package; and receiving, via the user interface, further input to define the secure network access configuration for the network access package. (e.g. fig. 5, ¶28, 36: The network administrator can set an authentication key in the router (using, for example, the router's configuration interface) to use one of the secured access approaches (i.e., the shared-key approach or pre-shared-key approach). In this case, client devices that do not provide the proper authentication key value during authentication will be denied access to the network…This configuration interface provides for changing the SSID (see 510) and channel (see 520), and for selecting one of the authentication mechanisms (see 530). Encryption may be enabled or disabled using this configuration interface, as shown at 540 (which refers to "WEP", the Wired Equivalent Privacy encryption algorithm that is built into the 802.11 specification). Any one of 4 authentication keys may be specified from this sample interface, as shown at 570; a drop-down box 560 allows the user to select the encoding in which the keys are specified)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Miller into the invention of Ranade-Cao for the purpose of enabling the router to perform an authentication process to allow or deny access to client devices (Miller, ¶29).

Claim 3, Ranade-Cao-Miller discloses The provider device of claim 2, wherein the user interface comprises a web interface or a native application interface. (Miller, e.g. fig. 5, ¶36).  Same motivation as in claim 2 would apply.

Claims 7-15 are rejected under 35 U.S.C. 103 as being unpatentable over Ranade (US 20160192196) in view of Chung (US 9419799) and further in view of Cao (US 20160269901).

Claim 7, Ranade discloses A requester device comprising: 
a processor; and (e.g. ¶20: processors for executing instructions that may be stored in memory)
memory that stores instructions that, when executed by the processor, (e.g. ¶20: non-transitory computer-readable storage (memory)) cause the processor to perform operations comprising 
generating a network access request requesting access to a Wi-Fi network associated with a network provider, (e.g. fig. 1, ¶22, 25, 29: Communication networks 120A-B are provided by a hotspot access point 130… When a user device 110 requests secure network access, the request may be redirected to web portal server 140… The user of device 110 may be offered access to the secured communication network 120B as an option. Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A) wherein the Wi-Fi network is provided, at least in part, by a network device, (e.g. fig. 1, ¶22: Communication networks 120A-B are provided by a hotspot access point 130)
sending the network access request to a provider device associated with the network provider, (e.g. fig. 1, ¶22, 25-26, 29-30: When a user device 110 requests secure network access, the request may be redirected to web portal server 140…Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100… Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A…the request for secure network access is redirected to web portal server 140)
receiving, from the provider device, an network access package, wherein the network access package comprises a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi network, (e.g. ¶26, 34-35: Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140, which in turns generates a web page displaying the unique pre-shared key to the user device 110. User device 110 may then use the pre-shared key in a request to access secure communication network 120B… the web portal server 140 generates a webpage to display the unique pre-shared key to the user of user device 110…the unique pre-shared key is entered into user device 110, either manually by the user (e.g., a cut and paste operation), via user selection (e.g., execution of a script associated with a `install` button), or automatically as a result of instructions embedded with a pre-shared key download package. A subsequent request for access to the secure communication network 120B is generated based on the unique pre-shared key. In some instances, the unique pre-shared key may be bundled as part of a package that may be installed automatically or upon request on the user device 110. The package may include any applications, policies, or parameters required for connection to the secure communication network 120B. For example, an application may be downloaded to the wireless device and executed to survey, configure (e.g., install parameters and policies), and/or connect the wireless device to the secured communication network 120B. The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters.)
establishing, with the network device, an unsecure connection, (e.g. fig. 1, ¶21, 24, 29: a user device 110 connects to an open communication network 120A provided by hotspot access point 130. For some network activity (e.g., reading the news), the user may not necessarily require security and the use of the open communication network 120A may be sufficient)
establishing, with the network device, the secure connection in accordance with the secure network access configuration. (e.g. fig. 1, ¶26, 35: User device 110 may then use the pre-shared key in a request to access secure communication network 120B… The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters)
Although Ranade discloses receiving, from the provider device, an network access package and establishing, with the network device, the secure connection in accordance with the secure network access configuration (see above), Ranade does not explicitly disclose but Chung discloses an encrypted network access package and sending, via the unsecure connection, the encrypted network access package to the network device, wherein the network device decrypts the encrypted network access package to extract the secure network access configuration (e.g. fig. 3, col. 11, ll. 18-27, 35-38: providing secure credential using the secure credential package created by the access connector 140, according to embodiments…After a secure credential package is created as shown in FIG. 2 with an exemplary format as shown in FIG. 3, a client 410 may use the secure credential package stored on the client device 410 for authentication and authorization. The client 410 may send the secure credential package in step 412 to the access connector 140…After obtaining the at least one key and the secure credential package, the secure package validator 144 may decrypt the secure credential package)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chung into the invention of Ranade for the purpose of rendering the secure credential package unreadable by unauthorized parties and enabling the client device to use the secure credential package for authentication and authorization (Chung, col. 9, ll. 9-10, col. 11, ll. 23-25).
Although Ranade-Chung discloses receiving, from the provider device, an encrypted network access package (see above), Ranade-Chung does not explicitly disclose but Cao discloses created by the network device (e.g. ¶69: after the wireless AP shown in FIG. 1 is inserted into the second terminal, a client runs on the second terminal, where the client is responsible for creating WiFi and guiding a user of the second terminal to set the SSID and the access password of the AP.  After setting the SSID and the access password of the AP, the user of the second terminal encrypts, according to a preset encryption algorithm, the target AP connection information that includes at least the SSID and the access password, to generate an encrypted character string, and uploads the encrypted character string to the server).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Cao into the invention of Ranade-Chung for the purpose of enabling a network terminal to generate a passcode for a wireless connection thereby increasing the flexibility and convenience of the system.

Claim 8, Ranade-Chung-Cao discloses The requester device of claim 7, wherein receiving, from the provider device, the network access package comprises receiving, from the provider device, a network access response comprising the network access package, wherein the network access response further comprises an indication that the network access request was accepted, and wherein the operations further comprise: in response to the indication that the network access request was accepted, presenting a notification to inform a user of the requester device that the network access request was accepted. (Ranade, e.g. ¶26, 32, 34-35)
Although Ranade discloses receiving, from the provider device, the network access package comprises receiving, from the provider device, a network access response comprising the network access package (see above), Ranade does not explicitly disclose but Chung discloses encrypted network access package (e.g. fig. 3, col. 11, ll. 18-27, 35-38).  Same motivation as in claim 7 would apply.

Claim 9, Ranade-Chung-Cao discloses The requester device of claim 7, wherein the operations further comprise storing the network access package in the memory. (Ranade, e.g. ¶20, 26, 35)
Although Ranade discloses storing the network access package in the memory (see above), Ranade does not explicitly disclose but Chung discloses encrypted network access package (e.g. fig. 3, col. 11, ll. 18-27, 35-38).  Same motivation as in claim 7 would apply.

Claim 10, Ranade-Chung-Cao discloses The requester device of claim 9, further comprising a Wi-Fi communications component; wherein the operations further comprise detecting, via the Wi-Fi communications component, a signal from the Wi-Fi network; and wherein establishing, with the network device, the unsecure connection comprises establishing, with the network device, the unsecure connection in response to detecting the signal from the Wi-Fi network. (Ranade, e.g. fig. 1,  ¶20-21, 29)

Claim 11, Ranade-Chung-Cao discloses The requester device of claim 10, wherein the unsecure connection comprises an ad-hoc peer-to-peer connection between the requester device and the network device. (Ranade, e.g. fig. 1, ¶20-21, 24, 29)

Claim 12, Ranade-Chung-Cao discloses The requester device of claim 10, wherein the unsecure connection comprises a dedicated connection (Ranade, e.g. fig. 1, ¶21, 24, 29) and does not explicitly disclose but Chung disclose for exchanging encrypted network access packages. (Chung, col. 4, ll. 39-56, col. 6, ll. 7-10, col. 11, ll. 18-27).  Same motivation as in claim 7 would apply.

Claim 13, Ranade-Chung-Cao discloses The requester device of claim 7, wherein the secure network access configuration comprises a default configuration. (Ranade, e.g. ¶34-35)

Claim 14, Ranade-Chung-Cao discloses The requester device of claim 7, wherein the secure network access configuration comprises a custom configuration specific to the requester device. (Ranade, e.g. ¶34-35)

Claim 15, Ranade-Chung-Cao discloses The requester device of claim 7, wherein the secure network access configuration comprises a rule specifying a condition under which the requester device is permitted to access the Wi-Fi network. (Ranade, e.g. ¶35)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 20080250478) in view of Chung (US 9419799).

Claim 20, Miller discloses The network device of claim 16, and to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration (see above) and does not explicitly disclose but Chung discloses cryptographic module, executable by the processor to cause the processor to perform further operations comprising encrypting the network access package to create an encrypted network access package, wherein the encrypted network access package can only be decrypted by the network device. (e.g. fig. 3, col. 11, ll. 18-27, 35-38, col. 12, ll. 8-10: providing secure credential using the secure credential package created by the access connector 140, according to embodiments…After a secure credential package is created as shown in FIG. 2 with an exemplary format as shown in FIG. 3, a client 410 may use the secure credential package stored on the client device 410 for authentication and authorization. The client 410 may send the secure credential package in step 412 to the access connector 140… After obtaining the at least one key and the secure credential package, the secure package validator 144 may decrypt the secure credential package…Though the secure credential package persists on client devices, the credentials may only be decrypted by the access connector)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chung into the invention of Miller for the purpose of rendering the secure credential package unreadable by unauthorized parties and enabling the client device to use the secure credential package for authentication and authorization (Chung, col. 9, ll. 9-10, col. 11, ll. 23-25).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20180092138 discloses an apparatus for establishing a wireless network connection wherein a network access point generates a passcode for a wireless connection between the network access point and a mobile station (e.g. ¶35).

US 20120239916 discloses a flow diagram of the process followed by a user of the computer of FIG. 2 when initially setting up a wireless network with the conventional wireless router.

Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:30 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436