DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/30/2020 has been entered.
 Response to Arguments
Applicant’s remarks filed on 11/16/2020 have been fully considered. 
Regarding claim[s] 1 – 20 under the various obviousness rejections, applicant's remarks are not persuasive, therefore, see the examiner’s response to such remarks in the office action below. 
The examiner will answer all other remarks that do not concern the prior art rejections, if any, in the office action below. 
Applicant states on page[s] 9 of the remarks as filed: “The Office continues to cite to Olshansky as teaching access privileges being assigned based on a key and the 
In response the examiner isn’t persuaded, applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The examiner points to the prior art of Lang, specifically, at paragraph: 0025, lines 1 – 5, In one embodiment, the WPS client 137.sub.1 receives credentials used to access the secure network hosted by the access point 120. Such credentials may include an SSID [i.e. applicant’s SSID] and password [i.e. applicant’s key] for accessing the secure network, as well as encryption keys, certificates or any other suitable credentials.] Then at paragraph: 0036, lines 1 – 7, Once complete, the WPS component 220 provides the computing device 200 with a set of credentials used to access the secure network 225. In one embodiment, the WPS component 260 may itself update the wireless network settings using the credentials. For example, the WPS client component 260 may store an SSID [i.e. applicant’s SSID], password, and any encryption and/or authentication keys used to access the secure network [i.e. applicant’s key]. 
Turning to the teachings of Olshanky, specifically at paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. applicant’s key of a plurality of keys] of a user device to gain permission to use a network. Where at paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID], Guest Rooms [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID] and Meeting Rooms [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID] without re-authentication, but not in the Business Center. Where at paragraph: 0005, lines 6 – 12, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password…etc.
The Office continues to cite to Olshansky as teaching access privileges being assigned based on a key and the access associated therewith. However, Olshansky does not disclose or suggest such a feature.”
Applicant states on page[s] 10 of the remarks as filed: “Again, in the present application, access permissions are based on the key used (where each of the keys is associated with the same SSID).”
In response the examiner isn’t persuaded, the examiner points out that applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
 	Of the prior art Lang, specifically, at paragraph: 0025, lines 1 – 5, In one embodiment, the WPS client 137.sub.1 receives credentials used to access the secure network [i.e. applicant’s access permissions] hosted by the access point 120. Such credentials may include an SSID [i.e. applicant’s SSID] and password [i.e. applicant’s key] for accessing the secure network, as well as encryption keys, certificates or any other suitable credentials.] Then at paragraph: 0036, lines 1 – 7, Once complete, the WPS component 220 provides the computing device 200 with a set of credentials used to access the secure network 225. In one embodiment, the WPS component 260 may itself update the wireless network settings using the credentials. For example, the WPS client component 260 may store an SSID [i.e. applicant’s SSID], password, and any encryption and/or authentication keys used to access the secure network [i.e. applicant’s key].
	Turning to the teachings of Olshansky, specifically, at paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones [i.e. applicant’s access permissions] have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. applicant’s key of a plurality of keys] of a user device to gain permission to use a network. 
	 Thus, combining the teachings of Land and Olshansky as identified above, we arrive at applicant’s claimed invention. This meets applicant’s argument of: “Again, in the present application, access permissions are based on the key used (where each of the keys is associated with the same SSID).”
Applicant states on page[s] 10 of the remarks as filed: “Olshansky requires separate SSIDs for defining different combinations of access points or zones (which again are defined as groups of access points, not access privileges), which is the conventional manner for controlling access to a Wi-Fi network, which is the exact 
	In response the examiner isn’t persuaded, the examiner points to the prior art of Olshanksy. Specifically, at paragraph: 0005, lines 5 – 10, In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. Further at paragraph: 0017, lines 13 – 20, A second conference, Conference B1 2009, can also have a custom SSID entitled "Conference B1 2009" which allows access to the Lobby, Meeting Rooms, Guest Rooms and the Business Center without re-authentication. Similarly, network providers can also have various levels of SSIDs allowing access to different groups of access points where multiple SSIDs correspond to the same access point or zone. Different SSIDs can correspond to different payment levels. For example, an inexpensive SSID access may only grant access to the Lobby, whereas a more expensive SSID can grant access to the Business Center or Meeting Rooms.
***The examiner’s response above applies to the same or similar remarks regarding claim[s] 1 made on page[s] 11 of the remarks as filed. 

Response to Amendment
Status of the instant application:
Claim[s] 1 – 20 are pending in the instant application. 
Regarding claim[s] 1- 20 under the various obviousness rejections, applicant’s claim amendments have been considered, however, they are not persuasive. Therefore, the examiner has addressed the claim amendments in the office action below. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim[s] 1, 4, 5, 8, 11, 13, 18 - 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037]
As per claim 1. Lang does teach a Wi-Fi network [Lang, Figure # 1, component 100], comprising:
one or more access point devices configured to connect to one or more devices [Lang, Figure # 1, component 120 – wireless access point]; 
wherein the Wi-Fi network is designated by a Service Set Identifier (SSID) [Lang, paragraph 0003, lines 1 – 6, To join a network, a host station typically needs to identify a service set identifier (SSID) broadcast by an access point and then perform a process defined by the 802.11 protocol to join the wireless network represented by that SSID. In some cases, the host station may need to authenticate itself to join a wireless network as part of this process.]; 
wherein each Wi-Fi client device accesses the Wi-Fi network using the SSID and a key of a plurality of keys each being a password or certificate for the Wi-Fi network [Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key along with a service set identifier (SSID).]; and 
wherein each of the plurality of keys is associated with the SSID [Lang, paragraph: 0025, lines 1 – 5, In one embodiment, the WPS client 137.sub.1 receives credentials used to access the secure network hosted by the access point 120. Such credentials may include an SSID and password for accessing the secure network, as well as encryption keys, certificates or any other suitable credentials.] and pairs with the SSID to provide access to one of the access zones of the Wi-Fi network [Lang, paragraph: 0036, lines 1 – 7, Once complete, the WPS component 220 provides the computing device 200 with a set of credentials used to access the secure network 225. In one embodiment, the WPS component 260 may itself update the wireless network settings using the credentials. For example, the WPS client component 260 may store an SSID, password, and any encryption and/or authentication keys used to access the secure network.],…………………………………………………………………………….;
Lang does not teach clearly wherein the Wi-Fi network defines a plurality of access zones associated with the SSID, the SSID being a single SSID for the plurality of access zones, each access zone being an access level that defines and manages access privileges of the one or more devices connecting to the Wi-Fi network, via the SSID, the access privileges defining access to the internet and access to other devices on the Wi-Fi network;
wherein each access zone is accessible via any of the one or more access point devices using the SSID;
……………………….and the Wi-Fi network is configured to assign the access privileges to the one or more devices based on the key of the plurality of keys used with the SSID of the Wi-Fi network and a corresponding access zone of the plurality of access zones associated with the key. 
However, Olshansky does teach wherein the Wi-Fi network defines a plurality of access zones associated with the SSID [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. applicant’s plurality of access zones]]. Where at paragraph: 0017, lines 1 – 6, In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID.], the SSID being a single SSID for the plurality of access zones [Olshansky, paragraph: 0017, lines 5 – 6, In an embodiment, the same SSID is assigned to all access points and zones in a network], each access zone being an access level [Olshansky, paragraph: 0005, lines 5 – 10, In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. Further at paragraph: 0017, lines 13 – 20, A second conference, Conference B1 2009, can also have a custom SSID entitled "Conference B1 2009" which allows access to the Lobby, Meeting Rooms, Guest Rooms and the Business Center without re-authentication. Similarly, network providers can also have various levels of SSIDs allowing access to different groups of access points where multiple SSIDs correspond to the same access point or zone. Different SSIDs can correspond to different payment levels. For example, an inexpensive SSID access may only grant access to the Lobby, whereas a more expensive SSID can grant access to the Business Center or Meeting Rooms] that defines and manages access privileges of the one or more devices connecting to the Wi-Fi network, via the SSID [Olshansky, Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s defining and access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. applicant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6. Where at paragraph: 0026, lines 11 – 18, In this case, the user devices will communicate with access point 337. Of course, as will be understood, user devices can be configured to select access points based on any number of different selection options, including, for example, signal strength, bandwidth availability, access rights, access points corresponding to a particular SSID, etc.], the access privileges defining access to the internet [Olshansky, paragraph: 0047, lines 4 – 9, This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones [i.e. applicant’s access privileges]] and access to other devices on the Wi-Fi network [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices, are connected with, attempting to connect with, or are moving between connections with various access points. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network.];
wherein each access zone is accessible via any of the one or more access point devices using the SSID [Olshansky, paragraph: 0017, lines 1 – 6, In an embodiment, access points advertise their presence by broadcasting a Service Set In an embodiment, the same SSID is assigned to all access points and zones in a network. Then at paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby, Guest Rooms and Meeting Rooms without re-authentication, but not in the Business Center. Where at paragraph: 0005, lines 6 – 12, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password…etc.];
…………………..……….and the Wi-Fi network is configured to assign the access privileges to the one or more devices based on the key of the plurality of keys used with the SSID of the Wi-Fi network [Olshansky, paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. applicant’s key of a plurality of keys] of a user device to gain permission to use a network. Where at paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID], Guest Rooms [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID] and Meeting Rooms [i.e. applicant’s such that the access privileges are assign to the one or more devices based on the key of the plurality of keys used with the SSID] without re-authentication, but not in the Business Center. Where at paragraph: 0005, lines 6 – 12, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password…etc.] and a corresponding access zone of the plurality of access zones [Olshansky, paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. an administrator can separately define different access rights [i.e. applicant’s defining and access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. applicant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. applicant’s plurality of access zones]] associated with the key [Olshansky, paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. applicant’s key of a plurality of keys].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang and Olshansky in order for the authenticating of the requesting user for network access by SSID and password to an access point of Lang to include authenticating the requesting user by dynamic authentication policies depending on the type of zone the access point 
As per claim 4. Lang does teach the Wi-Fi network of claim 1, wherein the access zone defines one or more limitations related to traffic amount, access time, traffic prioritization, and time limit for access for the one or more devices accessing the Wi-Fi network with the associated access key [Lang, paragraph 0024, lines 4 – 8, For example, after a user pushes the PBC button 124 on the access point 120, a registration window begins, i.e., limited period of time where new devices may obtain credentials used to access a secure network hosted by the access point 120].
As per claim 5.  Lang does teach the Wi-Fi network of claim 1, wherein the access privileges further define limitations related to physical location in a distributed Wi-Fi system [Lang, paragraph 0003, The present disclosure is directed to providing a system for controlling network access in different physical locations of a network. In an embodiment, the disclosure describes a system for controlling access in a network for user moving between different physical locations of the network. For example, in an embodiment, when a user moves between different rooms in a particular venue, the system implements rules which establish when the user will be automatically authenticated to the new location, or whether a new authentication is necessary].
As per claim 8. Lang as modified does not teach the Wi-Fi network of claim 1, wherein the rules for the access privileges of each of the plurality of access zones [Olshansky, Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s rules for the access privileges] when moving between zones. For example, in an embodiment, anytime a user moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. applicant’s plurality of access zones]] to at least one of the Wi – Fi network [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. ] and the devices connected to the Wi – Fi network [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices, are connected with, attempting to connect with, or are moving between connections with various access points. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] are implemented on each access point in a multi-access point network such that all traffic does not need to be passed through a single AP in order for access control to operate [Olshansky, Figure # 2, components – 201, 203, 205, 207, 209, 221 and paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.].
As per claim 11. Lang as modified does teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to define the plurality of access zones, the access privileges of each of the access zones [Olshansky, paragraph: 0047, lines 4 – 9, This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones [i.e. applicant’s access privileges]], passwords, and certificates [Olshansky, paragraph 0005, lines 4 – 6, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. Then at paragraph 0005, lines 9 – 19, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network.].
As per claim 13. Lang as modified does teach the Wi-Fi network of claim 1, wherein each individual guest user has an access zone defined specifically for them [Olshansky, paragraph 0005, lines 3 – 5, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones.].
As per claim 18. Lang as modified does teach the Wi-Fi network of claim 1, wherein the plurality of access zones are automatically propagated across all of an owner’s networks comprising the Wi-Fi network and one or more additional Wi-Fi networks and any new extensions made to the owner’s network [Olshansky, Figure # 2, and paragraph 0024, lines 1 – 12, FIG. 2 illustrates a cross section of various access points in a hospitality setting. Hotel 201 includes guest rooms 203, conference room 205, restaurant 207 and lobby 209. The guest rooms 203, conference room 205, restaurant 207 and lobby 209 include various access points 221. Although illustrated as having one or more access points in each room, it is to be understood that fewer or more access points can be used. For example, in an embodiment, a single access point can be used for multiple guest rooms. The access points can be configured into various zones. The zones can be defined along room lines or in any other configuration. For example, the access points 221 in the guest rooms 203 area can all be a single zone.].
As per method claim 19 that includes the same or similar claim limitations as Wi – Fi network claim 1, and is similarly rejected. 

As per Wi – Fi claim 20 that includes the same or similar claim limitations as Wi – Fi network claim 1, and is similarly rejected.

***The examiner notes that the prior art does teach applicant’s recited “one or more radio’s,” and “processor,” at Figure # 1, units: 141,143, 145, 147, 149, 151, 153, 155 – one or more radios, then unit : 103 – processor of Olshansky. 

Claim[s] 2, 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Menezes et al. [US PGPUB # 2012/0167185]
As per clam 2. Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the SSID is for both guest users and home users with the guest users having a different password or certificate from the home users.
However, Menezes does teach the Wi-Fi network of claim 1, wherein the SSID is for both guest users and home users with the guest users having a different password or certificate from the home users [paragraph 0021, lines 9 – 11, homes users can provide guest access to friends and relatives based on easily remembered identities, such as email addresses].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Menezes in order for the authenticating the requesting user for network 
As per claim 3. Lang as modified does teach the Wi-Fi network of claim 1, wherein the access zones comprise a first access zone with unlimited access and a second access zone for guests [Menezes, paragraph 0001, lines 6 – 9, Typically, a user has different passphrases and keys for home network access, and businesses setup temporary guest accounts for visitor access, or provide open, unsecure networks for guest access.], and wherein the second access zone comprises one or more devices on the Wi-Fi network selectively disallowed for the guests [Menezes, paragraph 0028, lines 2 – 4, a client device and grant Internet access via the network interface device to other designated users, such as the user contacts in an email address book. A visitor to the user’s home or business can provide email login credentials [i.e. applicant’s second access zone for guests]].
Claim[s] 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Ilnickl et al. [US PGPUB # 2007/0286195]
As per claim 6.    Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
	Further, Olshansky does teach the claim limitation of “for the access privileges to at least one of the Wi - Fi network [Olshansky, Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s rules for the access privileges] when moving between zones. For example, in an embodiment, anytime a user moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6.] and the devices connected to the Wi – Fi network [Olshansky,  paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone].”
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a traffic forwarding table within the one or more access points is programmed to control rules for the access privileges to at least one of the Wi - Fi network and the devices connected to the Wi – Fi network.
However, IInickl does teach the Wi-Fi network of claim 1, wherein a traffic forwarding table within the one or more access points is programmed to control rules [paragraph 0003, lines 5 – 9, Examples of inspection and processing by switches and routers can include blocking certain traffic based upon an access control list (ACL) 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and IInickl in order for the authenticating the requesting user for network access by SSID and password to an access point of Lang as modified to include authentication of the requesting user on the fly IInickl. This would allow for the user to experience no delay in accessing the network during the authentication process. See paragraph 0013 of IInickl.
Claim[s] 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Lee et al. [US PGPUB # 2016/0270101]
As per claim 7.  Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the one or more access point devices utilize frame forwarding rules based on Software Defined Networking (SDN) to implement the plurality of access zones.
However, Lee does teach Wi-Fi network of claim 1, wherein the one or more access point devices utilize frame forwarding rules based on Software Defined Networking (SDN) to implement the plurality of access zones [Figure # 1, and network edge may be a combination of hardware and software that includes a number of wireless access points, wireless routers, switches, gateways, and instructions processed to define the forwarding behavior of data packets and extend network policies out to client devices. Further, as used in the present specification and in the appended claims, the term "access point" is meant to be understood broadly as any wireless network edge point within a network and can apply equally to a wireless access point, wireless router, switches, gateway, or any other wireless networking device. Then at paragraph 0012, lines 1 – 20, FIG. 1 is a block diagram of a network that includes wireless and wired communication devices, in accordance with examples of the present disclosure. The network 100 may include a network computing system that utilizes software-defined networking (SDN) infrastructure. For example, the network 100 may be a wireless local area network (WLAN), a wide area network (WAN), an enterprise private network, or a virtual private network (VPN), or combinations thereof. The network 100 can include a network controller 102 configured to support a plurality of network applications 104. The network controller 102 may be a computer, a server, or any sort of hardware or software device that can allow an administrator to control and manage a number of access points and client devices in the network 100 from a centralized location. The network applications 104 supported by the network controller 102 may include forwarding of data packets, establishments of network policies, and creation of time schedules. The network controller 102 can be communicatively coupled to a switch 103, which directs traffic to and from one or more access points 106 that act as network edges.].
.
Claim[s] 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Santos et al. [US PAT # 8122251]
As per claim 9.  Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, further comprising:
a captive portal configured to communicate to a user information related to the user’s access based on its access zone.
However, Santos does teach the Wi-Fi network of claim 1, further comprising:
a captive portal configured to communicate to a user information related to the user’s access based on its access zone [col. 21, lines 24 – 31, For example, where the transaction is a request to access a network via a network access point, the 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Santos in order for the administrator that monitors the authenticating of the requesting user for network access by SSID and password to an access point of Lang as modified to include using a Black lists of IP addresses of Santos. This would allow for the administrator to protect the network from unauthorized access by an unauthorized IP addresses. See col. 1, lines 52 – 64 of Santos.
Claim[s] 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Lee et al. [US PGPUB # 2013/0052992]
As per claim 10. Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a user attempting to access a denied service or device is connected to a web page or captive portal from which they can request access to the desired service or device.
However, Lee does teach Wi-Fi network of claim 1, wherein a user attempting to access a denied service or device is connected to a web page or captive portal from which they can request access to the desired service or device [Figure # 13 and paragraph 0153, lines 1 – 6,  Referring to FIG. 13, if an access request is generated from an application or a service that is determined to have to be blocked by the determining unit 240, the blocking module B may display a pattern lock screen to a user. The blocking module B may allow access if the pattern lock is released.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Lee in order for the user’s requests for access of the network of Lang as modified to include monitoring by the requesting user the application requests for network access from the user’s own device of Lee. This would allow for the prevention of data leakage and or unauthorized user access of the network. See paragraph 0012 of Lee. 
Claim[s] 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Bushman et al. [US PGPUB # 2014/0074896]
As per claim 12.  Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to observe Internet and device access activities on the Wi-Fi network.
However, Bushman does teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to observe Internet and device access activities on the Wi-Fi network [paragraph 0082, lines 1 – 11, Alerts may be displayed on a dashboard such as user interface 200 of FIG. 2 when numbers fall within a certain range (for example, the number of parent activity data fails below 1000), then the administrator is either automatically shown a drop down menu or is displayed a button that when pressed will display the drop down menu; the drop down menu being configured to provide an expandable list of recommended actions on how the administrator could respond to the trend such as by sending a message to a certain group of message recipients or viewing a watch list of individuals or students who contributed to the change in the trend in the network].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Bushman in order for the administrator that monitors the packet traffic as the user interacts with the network of Lang as modified to include dashboard with alert systems of Bushman. This would allow for the administer to make further exacting effective decision making by using drill down menus that display further details of . 
Claim[s] 14, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Robinson et al. [US PGPUB # 2007/0288319]
As per claim 14. Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the key defining a password or certificate for a Wi-Fi client device is communicated via a Web page identified via a text or email message.
However, Robinson does teach the Wi-Fi network of claim 1, wherein the key defining a password or certificate for a Wi-Fi client device is communicated via a Web page identified via a text or email message [paragraph 0021, lines 9 – 28, For example, if the second user is enrolled in the biometric redemption rights system, the purchasing user could provide the second user's name or a system identification code via a system website, kiosk, email, and the like. If the second user is not enrolled in the system, the purchasing user could communicate information to the second user to enable the transfer. For example, the redemption rights transfer system could provide the purchasing user with a pass code related to the advance purchase, which could be communicated via email to the second user either by the system or the initial user. The second user could then enroll in the system at an authorization station, such as a kiosk, service desk, website or mobile communication device, by submitting required The enrolled second user could then submit the pass code received from the system or initial user in order to enable the transfer of redemption authorization for the advance purchase, provided that the transfer meets system and/or operator approval guidelines.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Robinson in order for the authenticating the requesting user for network access by SSID and password to an access point of Lang as modified to include authenticating the user’s biometric attributes for access to the network of Robinson. This would allow for the secure access of the network, based on that user biometric attributes are very difficult to duplicate. See paragraph 0005 of Robinson. 
As per claim 16. Lang as modified does teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate, and wherein the Web page has one of instructions for utilizing the password or certificate or a single click mechanism for installing the password or certificate [Olshansky, paragraph 0005, lines 4 – 6, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. Then at paragraph 0005, lines 9 – 19, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network].
Claim[s] 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Van Zoest et al. [US PGPUB # 2002/0062252]
As per claim 15.   Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate, and wherein the Web page has one or more of a long random Uniform Resource Locator (URL) and an expiry time of 24 hours or less.
However, Van Zoest does teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate [paragraph 0065, lines 1 – 11, Once the content is acquired or made accessible from a third party, a user can access this content with a personal computer 115, cell phone 116, or any device with Internet access. More specifically, the user accesses the data through the User Interface Server 120. The User Interface Server 120 displays a web page to users that access the system over the network 130. To access the system, the web site preferably requires the user to login before the user is permitted to access the site. FIG. 3 shows an example of a typical login 300, which requires the user to enter a previously assigned user identification and password.], and wherein the Web page has one or more of a long random Uniform Resource Locator (URL) and an expiry time of 24 hours or less [paragraph 0115, lines 7 – 10, For example, a URL may be acquired at 9:00 am and expire twenty four hours later so that any attempt to access that URL after 9:00 am the next day is not validated].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Van Zoest in order for the monitoring the authenticated user that accesses a network by SSID and password to an access point of Lang as modified to include a time limit of accessing the network of Van Zoest. This would allow for the access point to allow access of a network to a user for a limited amount of time, and prevent any access by the previously authorized user or any other previously authorized user after the time limit of access expires. See Col. 115, lines 7 – 10 of Van Zoest.  
Claim[s] 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Verkaik et al. [US PGPUB # 2016/0198501]
As per claim 17. Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the plurality of access zones are administered from a cloud to the Wi-Fi network and one or more additional Wi-Fi networks.
However, Verkaik does teach the Wi-Fi network of claim 1, wherein the plurality of access zones are administered from a cloud to the Wi-Fi network and one or more additional Wi-Fi networks [paragraph 0033,  To further illustrate, cloud 150 can provide specific services for client A. For example, cloud 150 can handle traffic, deploy a network or specific network components, configure links or devices, automate services or functions, or provide any other services for client A. Other non-limiting example services by cloud 150 can include network administration services, network monitoring services, content filtering services, application control, WAN optimization, firewall services, gateway services, storage services, protocol configuration services, wireless deployment services, and so forth. Then at paragraph 0036, lines 1 – 7, Cloud 150 can similarly provide one or more services to client B, as previously described with respect to client A. Client B can use router 120 to communicate with cloud 150 through network 162. Router 120 can connect to cloud 150 through network 162 in order to receive service(s), access data, send data, store data, extend client B's network, manage traffic or devices, etc.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Verkaik in order for the authenticating and accessing by the requesting user for access to a network of Lang as modified to include authenticating the user’s by a cloud controller to a cloud network of resources of Verkaik. This would allow for the user to be authenticated and access a collection of dynamically created resources in the cloud on demand by a cloud management layer. See paragraphs 0026, and 0049 of Verkaik. 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The prior art of Li [US PGPUB # 2015/0195711], who does teach a method and system for a terminal accessing to a wireless local area network, and a terminal thereof, wherein the method includes: a terminal which does not know a wireless local are network access key sending a key acquisition request to a shared server in the wireless local area network, wherein the request carries a terminal location and a service set identifier (SSID); the shared server in the wireless local area network selecting an access key based on a correspondence relationship between the terminal location, the SSID and the access key, and sending the selected access key to the terminal; the terminal accessing to the wireless local area network according to the access key. The embodiment of the present document enables the terminal efficiently and conveniently access to a wireless local area network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910.  The examiner can normally be reached on M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434