DETAILED ACTION
This first non-final action is in response to applicants’ filing on 09/12/2019.  Claims 1-20 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
Acknowledgment is made of applicants’ claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.
Drawings
The drawings filed on 09/12/2019 are accepted.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/25/2020 has been placed in the application file, and the information referred therein has been considered as to the merits.
Claim Objections
Claims 5, 11, and 17 are objected to because of the following informalities:
Claim 5 line 1 recites “one or more of unique key” which should be corrected as “one or more of a unique key”;
Claim 11 line 1 recites “one or more of unique key” which should be corrected as “one or more of a unique key”;
Claim 17 line 1 recites “one or more of unique key” which should be corrected as “one or more of a unique key”;
Appropriate correction is required.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 3-5, 7, 9-11, 13, and 15-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Patwardhan (US 7970894 B1).
As to Claim 1:
Patwardhan discloses a computer-implemented method (e.g. Patwardhan “A method and a system for detecting access point devices that provide unauthorized wireless access to local area computer networks is provided. The method includes transferring one or more marker packets to the wired portion of the local area network. The one or more marker packets include an authentication data that is computed based at least upon identify of the wirelessly active access point device and a secret key. The method includes processing one or more wireless frames transmitted from the wirelessly active access point device to extract and to verify at least a portion of the authentication data” [Abstract]), comprising:
receiving, at a listening wireless network access point (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55] where sniffer receives/detects the 802.11 frame associated with the marker packet on the wireless medium [column 13 lines 21-29]), a beacon message including a hash value as an information element (e.g. Patwardhan where the marker packet includes authentication data which is a cryptographic hash value of data block [column 14 lines 58-64]) of the beacon message, wherein the beacon message is transmitted to the listening wireless network access point from a transmitting wireless network access point (e.g. Patwardhan APs output broadcast packet on the wireless medium after translating broadcast marker packet to the 802.11 style packet [column 11 lines 65-67]-[column 12 lines 1-31]; sniffer detects 802.11 frame associated with the marker packet which is output by the AP [column 15 lines 11-21]), and wherein the hash value is generated using a key value (e.g. Patwardhan “authentication data can include a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]);
determining, at the listening wireless network access point, whether the hash value is valid (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
based on determining that the hash value is valid (e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]), storing, at the listening wireless network access point, a trusted indication that the transmitting wireless network access point is a trusted access point (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]); and
based on determining that the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), storing, at the listening wireless network access point, an impersonator indication that the transmitting wireless network access point is an impersonating access point (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]).
As to Claim 3:
Patwardhan discloses the method of claim 1, wherein determining whether the hash value is valid includes:
generating, at the listening wireless network access point, a listening wireless access point hash value based on one or more of the key value, a basic service set identifier, a service set identifier, or a nonce (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
comparing the listening wireless access point hash value with the hash value received in the beacon message (e.g. Patwardhan “The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 32-34]); and
if the listening wireless access point hash value matches the hash value received in the beacon message, the hash value is determined to be valid e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]; “pass the authentication check performed by the sniffer” [column 15 lines 46-47]).
As to Claim 4:
Patwardhan discloses the method of claim 1, wherein determining whether the hash value is invalid includes determining that the hash value is invalid (e.g. Patwardhan “The computed hash value is compared with the hash value included… from the frame… On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 32-48]) and that the beacon message has one of a basic service set identifier (BSSID) or a service set identifier (SSID) matching a BSSID or an SSID of the listening wireless network access point (e.g. Patwardhan “the attacker 610 can transmit 802.11 style frame 611 in the wireless medium. This frame can include in the source address field of the 802.11 MAC header the MAC address of the Ethernet interface of the sniffer 602. In an embodiment, this MAC address may be learned by the attacker 610 by observing 802.11 style frame 609 related to marker packet 608 that is outputted by the AP 604 over the wireless medium…. Moreover, the frame 611 can include a wireless MAC address of AP 612 in the transmitter address and/or BSSID fields… The sniffer may identify the frame 611 as related to the marker packet (e.g., marker packet 608) due to the presence of MAC address of the wired interface of the sniffer 602 in the source address field of the captured frame, i.e., presence of matching format. Moreover, the sniffer may interpret that the frame 611 is outputted by the AP 612 on the wireless medium due to the presence of the wireless MAC address of the AP 612 in the transmitter address and/or BSSID field on the frame 611. This may result in false inference that the AP 612 is connected to the wired portion 601 of the LAN. The attacker 610 is referred herein as a spoofing attacker as it spoofs the 802.11 style frames, e.g., transmits them as if they came from the wired interface of the sniffer 602 and as if they were transmitted by the AP 612 on the wireless medium when in fact they were not” [column 13 lines 47-57, 66-67]-[column 14 lines 1-13]), respectively.
As to Claim 5:
Patwardhan discloses the method of claim 1, wherein the hash value is based on one or more of unique key, a basic service set identifier (e.g. Patwardhan “a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]; “That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702) [column 15 lines 26-31]), a service set identifier, or a nonce.
As to Claim 7:
Patwardhan discloses an access point (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55]), comprising:
one or more processors (e.g. Patwardhan central processing unit(CPU) [column 8 lines 27-28]); and
a nontransitory computer readable medium (e.g. Patwardhan flash memory where software code for sniffer functionality resides, RAM [column 8 lines 27-31]) coupled to the one or more processors, the nontransitory computer readable medium having stored thereon software instructions that, when 
receiving a beacon message including a hash value as an information element of the beacon message (e.g. Patwardhan sniffer receives/detects the 802.11 frame associated with the marker packet on the wireless medium [column 13 lines 21-29]; where the marker packet includes authentication data which is a cryptographic hash value of data block [column 14 lines 58-64]), wherein the beacon message is transmitted from a transmitting wireless network access point (e.g. Patwardhan APs output broadcast packet on the wireless medium after translating broadcast marker packet to the 802.11 style packet [column 11 lines 65-67]-[column 12 lines 1-31]; sniffer detects 802.11 frame associated with the marker packet which is output by the AP [column 15 lines 11-21]), and wherein the hash value is generated using a key value (e.g. Patwardhan “authentication data can include a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]);
determining whether the hash value is valid (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
based on determining that the hash value is valid (e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]), storing a trusted indication that the transmitting wireless network access point is a trusted access point (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]); and 
based on determining that the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), storing an (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]).
As to Claim 9:
Patwardhan discloses the access point of claim 7, wherein determining whether the hash value is valid includes:
generating a listening wireless access point hash value based on one or more of the key value, a basic service set identifier, a service set identifier, or a nonce (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
comparing the listening wireless access point hash value with the hash value received in the beacon message (e.g. Patwardhan “The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 32-34]);
wherein if the listening wireless access point hash value matches the hash value received in the beacon message, the hash value is determined to be valid e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]; “pass the authentication check performed by the sniffer” [column 15 lines 46-47]).
As to Claim 10:
Patwardhan discloses the access point of claim 7, wherein determining whether the hash value is invalid includes determining that the hash value is invalid (e.g. Patwardhan “The computed hash value is compared with the hash value included… from the frame… On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 32-48]) and that the beacon message has one of a basic service set identifier (BSSID) or a service set identifier (SSID) matching a BSSID or an SSID of the access point (e.g. Patwardhan “the attacker 610 can transmit 802.11 style frame 611 in the wireless medium. This frame can include in the source address field of the 802.11 MAC header the MAC address of the Ethernet interface of the sniffer 602. In an embodiment, this MAC address may be learned by the attacker 610 by observing 802.11 style frame 609 related to marker packet 608 that is outputted by the AP 604 over the wireless medium…. Moreover, the frame 611 can include a wireless MAC address of AP 612 in the transmitter address and/or BSSID fields… The sniffer may identify the frame 611 as related to the marker packet (e.g., marker packet 608) due to the presence of MAC address of the wired interface of the sniffer 602 in the source address field of the captured frame, i.e., presence of matching format. Moreover, the sniffer may interpret that the frame 611 is outputted by the AP 612 on the wireless medium due to the presence of the wireless MAC address of the AP 612 in the transmitter address and/or BSSID field on the frame 611. This may result in false inference that the AP 612 is connected to the wired portion 601 of the LAN. The attacker 610 is referred herein as a spoofing attacker as it spoofs the 802.11 style frames, e.g., transmits them as if they came from the wired interface of the sniffer 602 and as if they were transmitted by the AP 612 on the wireless medium when in fact they were not” [column 13 lines 47-57, 66-67]-[column 14 lines 1-13]), respectively.
As to Claim 11:
Patwardhan discloses the access point of claim 7, wherein the hash value is based on one or more of unique key, a basic service set identifier (e.g. Patwardhan “a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]; “That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702) [column 15 lines 26-31]), a service set identifier, or a nonce.
As to Claim 13:
Patwardhan discloses a nontransitory computer readable medium having stored thereon software instructions that, when executed by one or more processors (e.g. Patwardhan “a memory unit coupled to the processing unit for storing computer executable code” [column 3 lines 44-45]), causes the one or more processors to perform operations including:
receiving, at a listening wireless network access point (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55] where sniffer receives/detects the 802.11 frame associated with the marker packet on the wireless medium [column 13 lines 21-29]), a beacon message including a hash value as an information element (e.g. Patwardhan where the marker packet includes authentication data which is a cryptographic hash value of data block [column 14 lines 58-64]) of the beacon message, wherein the beacon message is transmitted to the listening wireless network access point from a transmitting wireless network access point (e.g. Patwardhan APs output broadcast packet on the wireless medium after translating broadcast marker packet to the 802.11 style packet [column 11 lines 65-67]-[column 12 lines 1-31]; sniffer detects 802.11 frame associated with the marker packet which is output by the AP [column 15 lines 11-21]), and wherein the hash value is generated using a key value (e.g. Patwardhan “authentication data can include a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]);
determining, at the listening wireless network access point, whether the hash value is valid (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
based on determining that the hash value is valid (e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]), storing, at the listening wireless network access point, a trusted indication that the transmitting wireless network access point is a trusted access point (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]); and
based on determining that the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), storing, at the listening wireless network access point, an impersonator indication that the transmitting wireless network access point is an impersonating access point (e.g. Patwardhan sniffers maintain Active_AP_List with entries where second step classifies the APs in Active-AP_List into a) Authorized APs, b) Unauthorized APs… [column 9 lines 10-67]; [column 11 lines 46-64]).
As to Claim 15:
Patwardhan
generating, at the listening wireless network access point, a listening wireless access point hash value based on one or more of the key value, a basic service set identifier, a service set identifier, or a nonce (e.g. Patwardhan “Moreover, at step 710, the sniffer 606 can extract and verify the authentication data included in the marker packet by the sniffer 602 from the captured frame 621. In an embodiment, the sniffer 606 computes a hash value using similar algorithm used by the sniffer 602. That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702). The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 22-34]);
comparing the listening wireless access point hash value with the hash value received in the beacon message (e.g. Patwardhan “The computed hash value is compared with the hash value included in the authentication data extracted from the frame 621 for verification” [column 15 lines 32-34]); and
if the listening wireless access point hash value matches the hash value received in the beacon message, the hash value is determined to be valid e.g. Patwardhan “Since the frame 621 is associated with the legitimate marker packet (e.g., marker packet 620), a match would be found between the hash value computed by the sniffer 606 and the hash value included in the authentication data extracted from the frame 621” [column 15 lines 35-39]; “pass the authentication check performed by the sniffer” [column 15 lines 46-47]).
As to Claim 16:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein determining whether the hash value is invalid includes determining that the hash value is invalid (e.g. Patwardhan “The computed hash value is compared with the hash value included… from the frame… On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 32-48]) and that the beacon message has one of a basic service set identifier (BSSID) or a service set identifier (SSID) matching a BSSID or an SSID of the listening wireless network access point (e.g. Patwardhan “the attacker 610 can transmit 802.11 style frame 611 in the wireless medium. This frame can include in the source address field of the 802.11 MAC header the MAC address of the Ethernet interface of the sniffer 602. In an embodiment, this MAC address may be learned by the attacker 610 by observing 802.11 style frame 609 related to marker packet 608 that is outputted by the AP 604 over the wireless medium…. Moreover, the frame 611 can include a wireless MAC address of AP 612 in the transmitter address and/or BSSID fields… The sniffer may identify the frame 611 as related to the marker packet (e.g., marker packet 608) due to the presence of MAC address of the wired interface of the sniffer 602 in the source address field of the captured frame, i.e., presence of matching format. Moreover, the sniffer may interpret that the frame 611 is outputted by the AP 612 on the wireless medium due to the presence of the wireless MAC address of the AP 612 in the transmitter address and/or BSSID field on the frame 611. This may result in false inference that the AP 612 is connected to the wired portion 601 of the LAN. The attacker 610 is referred herein as a spoofing attacker as it spoofs the 802.11 style frames, e.g., transmits them as if they came from the wired interface of the sniffer 602 and as if they were transmitted by the AP 612 on the wireless medium when in fact they were not” [column 13 lines 47-57, 66-67]-[column 14 lines 1-13]), respectively.
As to Claim 17:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein the hash value is based on one or more of unique key, a basic service set identifier (e.g. Patwardhan “a cryptographic hash value (or a value derived from the cryptographic hash value) of data block including information associated with at least the wireless MAC address of the AP 604 and the secret key” [column 14 lines 60-64]; “That is, the sniffer 606 can compute a hash value using the cryptographic hashing function over an input data comprising information associated with the wireless MAC address of the AP (which is derived from the transmitter address and/or the BSSID fields of the frame 621 at step 708) and the secret key (which is provided at step 702) [column 15 lines 26-31]), a service set identifier, or a nonce.
As to Claim 18:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein the operations further comprise, if the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), sending an indication of the impersonating access point from the listening wireless network access point to one or more of a network administrator system, another wireless network access point, or a threat management facility (e.g. Patwardhan “The third step 303 can generate an indication of unauthorized wireless access (e.g., intrusion alert) if an Unauthorized AP is identified in step 302. Once the intrusion alert is generated, the method sends an indication of the Unauthorized AP and/or intruding wireless station to a prevention process. Depending upon the embodiment, the method sends the indication via an inter process signal between various processes, which can be provided in computer codes. Alternatively, the method performs a selected function within the same process code to implement the prevention process. Further details of the prevention process can be found throughout the present specification and more particularly below” [column 10 lines 1-12]).
As to Claim 19:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein the operations further comprise, if the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), transmitting a message to one or more endpoint devices indicating presence of the impersonating access point (e.g. Patwardhan “At step 304 certain action can be performed to disable or disrupt any communication between the Unauthorized AP and the intruding wireless station. One embodiment of this step works by preventing or breaking the "association" between the Unauthorized AP and the intruding wireless station. Association is certain procedure according to the IEEE 802.11 MAC protocol wherein the wireless station and the AP establish a wireless connection between them. Techniques for preventing or breaking the association between the Unauthorized AP and the intruding wireless station include but are not limited to sending one or more spoofed "deauthentication" packets from one or more sniffers with the Unauthorized AP's wireless MAC address as source address with a reason code "Authentication Expired" to the intruding wireless station or to a broadcast address, sending one or more spoofed deuthentication packets from one or more sniffers to the Unauthorized AP with the intruding wireless station's wireless MAC address as source address with reason code "Auth Leave", sending one or more spoofed "disassociation" packets from one or more sniffers with the Unauthorized AP's wireless MAC address as source address to the intruding wireless station or to a broadcast address, and sending one or more spoofed disassociation packets from one or more sniffers to the Unauthorized AP” [column 10 lines 13-36]).
As to Claim 20:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein the operations further comprise, if the hash value is not valid (e.g. Patwardhan “On the other hand, if the captured frame were an 802.11 style frame transmitted by the spoofing attacker (e.g., frame 611 transmitted by attacker 610), the match would not be found in a preferred embodiment. The reason being that the attacker may not have the knowledge of the secret key (e.g., the secret key of step 702) and thus may not be able to include authentication data in the frame 611 that would pass the authentication check performed by the sniffer 606 as in step 710” [column 15 lines 40-48]), interrupting the impersonating access point using a Wireless Intrusion Prevention System (WIPS) (e.g. Patwardhan intrusion detection and prevention system [column 5 lines 62-63]; “The third step 303 can generate an indication of unauthorized wireless access (e.g., intrusion alert) if an Unauthorized AP is identified in step 302. Once the intrusion alert is generated, the method sends an indication of the Unauthorized AP and/or intruding wireless station to a prevention process… Alternatively, the method performs a selected function within the same process code to implement the prevention process. Further details of the prevention process can be found throughout the present specification and more particularly below” [column 10 lines 1-12]; “At step 304 certain action can be performed to disable or disrupt any communication between the Unauthorized AP and the intruding wireless station. One embodiment of this step works by preventing or breaking the "association" between the Unauthorized AP and the intruding wireless station. Association is certain procedure according to the IEEE 802.11 MAC protocol wherein the wireless station and the AP establish a wireless connection between them. Techniques for preventing or breaking the association between the Unauthorized AP and the intruding wireless station include but are not limited to sending one or more spoofed "deauthentication" packets from one or more sniffers with the Unauthorized AP's wireless MAC address as source address with a reason code "Authentication Expired" to the intruding wireless station or to a broadcast address, sending one or more spoofed deuthentication packets from one or more sniffers to the Unauthorized AP with the intruding wireless station's wireless MAC address as source address with reason code "Auth Leave", sending one or more spoofed "disassociation" packets from one or more sniffers with the Unauthorized AP's wireless MAC address as source address to the intruding wireless station or to a broadcast address, and sending one or more spoofed disassociation packets from one or more sniffers to the Unauthorized AP” [column 10 lines 13-36]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 2, 8, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Patwardhan in view of Gray et al. (US 20090235354 A1, hereinafter Gray).
As to Claim 2:
Patwardhan discloses the method of claim 1, wherein the key value is provided by a threat management system to one or more trusted wireless network access points (e.g. Patwardhan “At step 702, a secret key is provided to the security monitoring system. As merely an example, the secret key can include a password. As another example, the secret key can include a digital certificate. Preferably, the secret key can be stored in the system memory so that it is accessible to the sniffers 602 and 606. In an embodiment, the secret key is distributed by the server 124 to the sniffers 122, e.g., over the computer network. Preferably, the secret key is changed periodically” [column 14 lines 24-32]), and wherein the listening wireless network access point is one of the one or more trusted wireless network access points (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55] where the intrusion detection system includes these sniffer/sensor devices [column 7 lines 65-67]), but does not specifically disclose:
one or more trusted wireless network access points that have each registered with the threat management system (although Patwardhan does teach a maintained Active_AP_List with entries of authorized APs [column 9 lines 10-67]; [column 11 lines 46-64]).
However, the analogous art Gray does disclose one or more trusted wireless network access points that have each registered with the threat management system (e.g. Gray at least one wireless access point is registered with the airspace management platform and can be used to scan for rogue access points, after registration, access points are authorized [0052]).  Patwardhan and Gray are analogous art because they are from the same field of endeavor in management of wireless networks to protect against rogue access points.
(e.g. see Gray, “Using the airspace management platform 56, a network administrator registers at least one wireless access point 52 by entering or [0052]; [0056]; [0059]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Patwardhan and Gray before him or her, to modify the invention of Patwardhan with the teachings of Gray to include one or more trusted wireless network access points that have each registered with the threat management system as claimed because Patwardhan provides a method and intrusion detection system for authenticating authorized APs that are provided a secret key (Patwardhan [columns 2-17]) where the APs can be first registered with a management platform (Gray [0021]; [0025]).  The suggestion/motivation for doing so would have been to allow for efficient and cost effect WLAN mapping of the air space associated with wireless networks and to facilitate detection of rogue or unauthorized wireless access points (Gray [0008]; [0009]).  Therefore, it would have been obvious to combine Patwardhan and Gray to obtain the invention as specified in the instant claim(s).
As to Claim 8:
Patwardhan discloses the access point of claim 7, wherein the key value is provided by a threat management system to one or more trusted wireless network access points (e.g. Patwardhan “At step 702, a secret key is provided to the security monitoring system. As merely an example, the secret key can include a password. As another example, the secret key can include a digital certificate. Preferably, the secret key can be stored in the system memory so that it is accessible to the sniffers 602 and 606. In an embodiment, the secret key is distributed by the server 124 to the sniffers 122, e.g., over the computer network. Preferably, the secret key is changed periodically” [column 14 lines 24-32]), and wherein the access point is one of the one or more trusted wireless network access points (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55] where the intrusion detection system includes these sniffer/sensor devices [column 7 lines 65-67]), but does not specifically disclose:
one or more trusted wireless network access points that have each registered with the threat management system (although Patwardhan does teach a maintained Active_AP_List with entries of authorized APs [column 9 lines 10-67]; [column 11 lines 46-64]).
However, the analogous art Gray does disclose one or more trusted wireless network access points that have each registered with the threat management system (e.g. Gray at least one wireless access point is registered with the airspace management platform and can be used to scan for rogue access points, after registration, access points are authorized [0052]).  Patwardhan and Gray are analogous art because they are from the same field of endeavor in management of wireless networks to protect against rogue access points.
(e.g. see Gray, “Using the airspace management platform 56, a network administrator registers at least one wireless access point 52 by entering or discovering information unique to the access point, such as BSSID or Wireless MAC address, LAN MAC address, and LAN IP address. As discussed below, BSSID or Wireless MAC address, LAN MAC address, and IP address are used as indexes in tables or other data structures that store information about each access point. Wireless access point(s) 52 that are registered with the airspace management platform 56 can then be used to scan for rogue access points and client devices, as discussed below. After registration, access points are authorized or brought under management of airspace management platform 56. The airspace management platform 56 can monitor the registered wireless access point(s) over computer network” [0052]; [0056]; [0059]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Patwardhan and Gray before him or her, to modify the invention of Patwardhan with the teachings of Gray to include one or more trusted wireless network access points that have each registered with the threat management system as claimed because Patwardhan provides a method and intrusion detection system for authenticating authorized APs that are provided a secret key (Patwardhan [columns 2-17]) where the APs can be first registered with a management platform (Gray [0021]; [0025]).  The (Gray [0008]; [0009]).  Therefore, it would have been obvious to combine Patwardhan and Gray to obtain the invention as specified in the instant claim(s).
As to Claim 14:
Patwardhan discloses the nontransitory computer readable medium of claim 13, wherein the key value is provided by a threat management system to one or more trusted wireless network access points (e.g. Patwardhan “At step 702, a secret key is provided to the security monitoring system. As merely an example, the secret key can include a password. As another example, the secret key can include a digital certificate. Preferably, the secret key can be stored in the system memory so that it is accessible to the sniffers 602 and 606. In an embodiment, the secret key is distributed by the server 124 to the sniffers 122, e.g., over the computer network. Preferably, the secret key is changed periodically” [column 14 lines 24-32]), and wherein the listening wireless network access point is one of the one or more trusted wireless network access points (e.g. Patwardhan “both the sniffer and the AP functionality can be provided in the same hardware platform” [column 8 lines 51-55] where the intrusion detection system includes these sniffer/sensor devices [column 7 lines 65-67]), but does not specifically disclose:
one or more trusted wireless network access points that have each registered with the threat management system (although Patwardhan does teach a maintained Active_AP_List with entries of authorized APs [column 9 lines 10-67]; [column 11 lines 46-64]).
However, the analogous art Gray does disclose one or more trusted wireless network access points that have each registered with the threat management system (e.g. Gray at least one wireless access point is registered with the airspace management platform and can be used to scan for rogue access points, after registration, access points are authorized [0052]).  Patwardhan and Gray are analogous art because they are from the same field of endeavor in management of wireless networks to protect against rogue access points.
(e.g. see Gray, “Using the airspace management platform 56, a network administrator registers at least one wireless access point 52 by entering or discovering information unique to the access point, such as BSSID or Wireless MAC address, LAN MAC address, and LAN IP address. As discussed below, BSSID or Wireless MAC address, LAN MAC address, and IP address are used as indexes in tables or other data structures that store information about each access point. Wireless access point(s) 52 that are registered with the airspace management platform 56 can then be used to scan for rogue access points and client devices, as discussed below. After registration, access points are authorized or brought under management of airspace management platform 56. The airspace management platform 56 can monitor the registered wireless access point(s) over computer network” [0052]; [0056]; [0059]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Patwardhan and Gray Patwardhan with the teachings of Gray to include one or more trusted wireless network access points that have each registered with the threat management system as claimed because Patwardhan provides a method and intrusion detection system for authenticating authorized APs that are provided a secret key (Patwardhan [columns 2-17]) where the APs can be first registered with a management platform (Gray [0021]; [0025]).  The suggestion/motivation for doing so would have been to allow for efficient and cost effect WLAN mapping of the air space associated with wireless networks and to facilitate detection of rogue or unauthorized wireless access points (Gray [0008]; [0009]).  Therefore, it would have been obvious to combine Patwardhan and Gray to obtain the invention as specified in the instant claim(s).
Claims 6 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Patwardhan in view of KIUKKONEN et al. (US 20130309971 A1, hereinafter Kiukkonen).
As to Claim 6:
Patwardhan discloses the method of claim 5, but does not specifically disclose:
wherein the nonce is updated periodically and distributed to the listening wireless network access point.
However, the analogous art Kiukkonen does disclose wherein the nonce is updated periodically and distributed to the listening wireless network access point (e.g. Kiukkonen random number may be refreshed periodically and transmitted to the access point AP [0232]; [0233]).  Patwardhan and Kiukkonen
(e.g. see Kiukkonen, “authentication information 25 is also transmitted by the host device A to the access point AP, over its IEEE 802.11 in-band short-range carrier communication connection with the access point AP” [0232]; “The authentication information 25 may include, for example, a random number or a value based on public key encryption that was previously generated as the authentication information by the host device A. The host device A may generate unique random numbers to improve security. This random number or cryptographic information value may be sent during connection setup and may be refreshed at any time later, for example in a periodic refresh” [0233]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Patwardhan and Kiukkonen before him or her, to modify the invention of Patwardhan with the teachings of Kiukkonen to include wherein the nonce is updated periodically and distributed to the listening wireless network access point as claimed because Patwardhan provides a method and intrusion detection system for authenticating authorized APs using computed hash values (Patwardhan [columns 2-17]) which could be based on periodically refreshed random numbers (Kiukkonen [0232]; [0233]).  The suggestion/motivation for doing so would have been to improve security (Kiukkonen [0233]).  Therefore, it would have been obvious to combine Patwardhan and Kiukkonen to obtain the invention as specified in the instant claim(s).
As to Claim 12:
Patwardhan discloses the access point of claim 11, but does not specifically disclose:
wherein the nonce is updated periodically and distributed to the access point.
Kiukkonen does disclose wherein the nonce is updated periodically and distributed to the access point (e.g. Kiukkonen random number may be refreshed periodically and transmitted to the access point AP [0232]; [0233]).  Patwardhan and Kiukkonen are analogous art because they are from the same field of endeavor in securing wireless networks.
(e.g. see Kiukkonen, “authentication information 25 is also transmitted by the host device A to the access point AP, over its IEEE 802.11 in-band short-range carrier communication connection with the access point AP” [0232]; “The authentication information 25 may include, for example, a random number or a value based on public key encryption that was previously generated as the authentication information by the host device A. The host device A may generate unique random numbers to improve security. This random number or cryptographic information value may be sent during connection setup and may be refreshed at any time later, for example in a periodic refresh” [0233]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Patwardhan and Kiukkonen before him or her, to modify the invention of Patwardhan with the teachings of Kiukkonen to include wherein the nonce is updated periodically and distributed to the access point as claimed because Patwardhan provides a method and intrusion detection system for authenticating authorized APs using computed hash values (Patwardhan [columns 2-17]) which could be based on periodically refreshed random numbers (Kiukkonen [0232]; [0233]).  The suggestion/motivation for doing so would have been to improve security (Kiukkonen [0233]).  Therefore, it would have been Patwardhan and Kiukkonen to obtain the invention as specified in the instant claim(s).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Ballai (US 20040023640 A1)
Chaskar et al. (US 20050195753 A1)
Adya et al. (US 20060068811 A1)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530.  The examiner can normally be reached on Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  






/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

05.08.2021