DETAILED ACTION

Response to Amendment
The applicant has amended the following: 
		Claims: 1, 4, 12 and 15 have been amended. 
		Claims: 2-3, 5-11, 13-14 and 16-20 have not been amended. 


Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 directed towards limitations reciting “wherein the second message is transmitted through an authorization channel corresponding to the authorization mode” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Applicant’s arguments filed 04/28/21 with regards to claims 1-20 directed towards limitations reciting “sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device,” have been fully considered but they are not persuasive.    

	APPLICANT’S ARGUMENTS:
The applicant argues that the prior art of record does not teach or suggest “… sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device, wherein the second message is transmitted through an authorization channel corresponding to the authorization mode” … (See Pages 11-13 of the Applicant’s Arguments filed on 04/28/21).

EXAMINERS RESPONSE:
The examiner respectfully disagrees.  The combination of the teachings of Hughes in view of Hancock as a whole does disclose the applicant’s argued limitations of “… sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device” as will be apparent in the following explanations provided below.  

“wherein the second message is transmitted through an authorization channel corresponding to the authorization mode” do not include each and every elements of previously objected dependent claim 4 and as such does not place the case in condition for allowance.  In addition, the applicant’s amendments have changed the scope of the claims and a new grounds of rejection is presented herein in view of the applicant’s amendment.
Furthermore, the applicant’s arguments argues that the cited art fails to disclose “… sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device” but provides no specific arguments as to why the applicant believes the cited art fails to disclose the argued limitations and as such, applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references and since no specific arguments against the cited art has been presented, the examiner can only direct the applicant to the citations of Hughes, Fig. 1 & [0009]-[0010], [0012], [0016], [0020], [0024] & [0034]-[0036] and Hancock, Column 4, Lines 25-38 & Lines 65 – Column 5, Lines 1-2 & Column 5, Lines 5-14 & Lines 44-50 &  Column 10, Lines 27-43 as is indicated in detailed mapping of the “… sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device”.


Therefore, the argued limitations read upon the cited references or are written broad such that they read upon the cited references, as follows: 


Allowable Subject Matter
Claims 4-7, 10 and 15-18 are also objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-3 and 11-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hughes et al. (US Patent Publication 2009/0158392 herein after referenced as Hughes) in view of Hancock et al. (US Patent 10,136,318 herein after referenced as Hancock) and further in view of Grobman (US Patent Publication 2010/0211999 herein after referenced as Grobman).  

Regarding claim 1, Hughes discloses:
A network access method comprising: (Hughes, [0009] discloses the system includes a user device configured to access a network access server NAS for access to a network or network device).
receiving, by a resident node, a first message from a terminal device, wherein the first message comprises an authorization request; sending, by the resident node, a second message, wherein the second message is processed(Hughes, Fig. 1 & [0010] discloses NAS (i.e. reads on resident node) is configured to receive user credentials (i.e. reads on first message comprises authorization request) from user device (i.e. reads on terminal device) and to selectively provide an authentication request (i.e. reads on second message) to authentication broker and the authentication request may be transmitted as a single transmission or a series of transmissions (i.e. indicates obviousness that the authentication request second message is processed into a third message of multiple messages in order to be transmitted as a series of transmission); Hughes, [0001] discloses in order to be authenticated, the user or user device will generally send an authentication request to a network access server NAS.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that the user device sends a first authentication request comprising the credentials to the NAS which sends a second authentication request that is processed into a third authentication request in order to be transmitted as a series of transmission to the authentication broker).
the third message is used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, (Hughes, [0012] discloses dynamic authentication broker (i.e. reads on gateway device) may include at least one process or service running thereon and is configured to receive incoming authentication requests directed to the ports which it is bound for instance, the authentication broker may receive incoming authentication requests in the RADIUS protocol directed to port 1812, receive incoming authentication requests in the Kerberos format directed to port 88 and receive incoming authentication requests in the LDAP protocol directed to port 389 and upon receipt of an authentication request (i.e. reads on third message), the service may determine at least a NAS identifier and a user identifier from the authentication request (i.e. indicates obviousness of identifying the authorization request as a determination of specific information within the authorization request is performed); Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).
and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device, (Hughes, [0035]-[0036] discloses the authentication server may be configured to receive the authentication credentials and to process the authentication request and validate the supplied credentials and discloses the service on authentication broker may receive a response from the authentication server indicating whether the credentials have been successfully authenticated).
wherein the second message is transmitted (Hughes, Fig. 2 & [0020] discloses receiving incoming authentication requests directed to the port or ports to which it is bound wherein a first service may be bound to port 389 and may receive authentication requests (i.e. reads on second message) using the LDAP protocol (i.e. reads on authorization mode) and a second service may be bound to port 1812 and may receive authentication request using the RADIUS protocol and a third service may be bound to port 88 and configured to receive authentication requests from IP router using the Kerberos protocol).
and receiving, by the resident node, authorization result information from the network, (Hughes, [0024] discloses when the service receives a response from the authentication server and obtains appropriate authorization parameters, the service creates an authentication response to be transmitted to NAS 110 (i.e. reads on receiving, by the resident node, authorization result information from the network) and the NAS may in turn communicate with user device such as to provide access to the requested network or network device; Hughes, [0016] discloses the authentication response may indicate whether the credentials provided by user device have been successfully authenticated by authentication server and may include a connection attribute indicator which may indicate at least in part whether user device is authorized to access the requested network or network device).
Hughes discloses transmitting the authentication request in a series of transmissions to the authentication broker and also discloses the NAS communicating with the user device to provide access as well as disclosing receiving authentication requests at specific ports corresponding to the authentication protocol but fails to explicitly disclose that the series of transmissions to the authentication broker involves “sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message” and “sending the authorization result information to the terminal device” and “wherein the second message is transmitted through an authorization channel corresponding to the authorization mode.”
In a related field of endeavor, Hancock discloses:
sending, by the resident node, a second message, wherein the second message is processed by a network node into a third message, (Hancock, Column 4, Lines 65 – Column 5, Lines 1-2 discloses a UE can transmit UE authentication request via a WiFi access point (i.e. reads on resident node) and the authentication request can travel over nodes (i.e. reads on network node) of the internet before arriving at ARDD (i.e. indicates obviousness that the resident WiFi access point sends the second authentication request to a network node of the internet which processes the message into a third authentication request that is send to the gateway ARDD); Hancock, Column 5, Lines 44-50 discloses in some embodiments, the ARDD can receive UE authentication request directly from a UE where ARDD is comprised in or collocated with a RAN device, a femtocell device, a WiFi access point, etc. and in some embodiments, ARDD can receive UE authentication request via another device such as via a WiFi access point device, etc.; Hancock, Column 4, Lines 25-38 discloses ARDD can inspect incoming UE authentication request to determine characteristics or properties of the authentication request such as a device identity, presence of an EAP payload, etc. that can result in identifying a source of the authentication request and the ARDD can determine if an authentication device is correlated to the identified source of the authentication request such as an AAA server and where the UE is correlated to an authentication device, then the authentication request can be directed to the authorization device; Hancock, Column 10, Lines 27-43 discloses ARDD can be located at any location and selecting or designating a location of ARDD can be subject to a constraint and benefits can be outweigh by other considerations such as cost, distance, access, support, etc. that can cause other locations to be advantageous). 
and sending the authorization result information to the terminal device (Hancock, Column 5, Lines 5-14 discloses a reply (i.e. reads on authorization result information) to the authentication request from the example AAA authentication server can be transported back to ARDD via the example carrier core-network and the ARDD can correlate the responding AAA server to the UE of UE authentication request and pass the response as authentication reply back over the open internet to the UE via the example WiFi access point). 
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Hughes to incorporate the teachings of Hancock for the purpose of providing the system with a means to selecting the location of the gateway according to the constraints and 
“wherein the second message is transmitted through an authorization channel corresponding to the authorization mode.”
In a related field of endeavor, Grobman discloses:
wherein the second message is transmitted through an authorization channel corresponding to the authorization mode (Grobman, [0032] discloses the invention may be configured to listen on a communication channel typically used by the authentication system (i.e. reads on authorization channel corresponding to the authorization mode) such as port 88 for Kerberos and receive an initial contact (i.e. reads on second message) from the external machine and perform the preliminary check against a lockout condition and if no lockout is threatened, then tunnel further authentication communication; Grobman, [0030]-[0031] discloses security credentials are received and a test is performed to determine whether attempting to authenticate the security credentials may result in an account lockout and discloses if lockout is not at risk, then authentication may occur normally).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Hughes in view of Hancock to incorporate the teachings of Grobman for the purpose of providing the system with a means to receive the message at the designated port of the authentication protocol (Grobman, [0032]) and for the purpose of making the system more dynamic, versatile and adaptable by allowing the system to handle a number of 
Regarding claim 2, Hughes in view of Hancock and further in view of Grobman discloses:
The method according to claim 1, wherein the authorization request and/or the authorization mode for the terminal device to access a network used by the network to perform authorization on the terminal device comprises: the authorization mode is used to instruct the gateway device to send the authorization request to a network device, (Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).
and the authorization request is used to instruct the network device to perform authorization on the terminal device; (Hughes, [0035] discloses the authentication server may be configured to receive the authentication credentials and to process the authentication request and validate the supplied credentials).
and the receiving, by the resident node, authorization result information from the network comprises: receiving, by the resident node, the authorization result information returned by the network device by using the gateway device (Hughes, [0024] discloses when the service (i.e. reads on gateway device) receives a response from the authentication server and obtains appropriate authorization parameters, the service creates an authentication response to be transmitted to NAS 110 (i.e. reads on resident node) and the NAS may in turn communicate with user device such as to provide access to the requested network or network device; Hancock, Column 5, Lines 5-14 discloses a reply to the authentication request from the example AAA authentication server can be transported back to ARDD via the example carrier core-network and the ARDD can correlate the responding AAA server to the UE of UE authentication request and pass the response as authentication reply back over the open internet to the UE via the example WiFi access point).
Regarding claim 3, Hughes in view of Hancock and further in view of Grobman discloses:
The method according to claim 1, wherein the second message comprises the authorization request and indication information, and the indication information is used to indicate the authorization mode for the terminal device to access a network (Hughes, Fig. 1 & [0010] discloses NAS (i.e. reads on resident node) is configured to receive user credentials from user device and to selectively provide an authentication request (i.e. reads on second message) to authentication broker and the authentication request may be transmitted as a single transmission or a series of transmissions and includes at least the authentication credentials and a NAS identifier such as the IP address of the NAS (i.e. reads on indication information); Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).
Regarding claim 11, Hughes in view of Hancock and further in view of Grobman discloses:
at least one of an identity indicating the resident node, (Hughes, [0010] discloses the authentication request may be transmitted as a single transmission or a series of transmission includes at least the authentication credentials and a NAS identifier such as the IP address of the NAS (i.e. reads on identity indicating the resident node).
Regarding claim 12, Hughes discloses:
An apparatus applied for a resident node comprising: at least one processor; and a memory storing instructions executable by the at least one processor, wherein the instructions instruct the at least one processor to perform operations comprising: receiving, a first message from a terminal device, wherein the first message comprises an authorization request; sending, a second message, wherein the second message is processed (Hughes, Fig. 1 & [0010] discloses NAS (i.e. reads on resident node) is configured to receive user credentials (i.e. reads on first message comprises authorization request) from user device (i.e. reads on terminal device) and to selectively provide an authentication request (i.e. reads on second message) to authentication broker and the authentication request may be transmitted as a single transmission or a series of transmissions (i.e. indicates obviousness that the authentication request second message is processed into a third message of multiple messages in order to be transmitted as a series of transmission); Hughes, [0001] discloses in order to be authenticated, the user or user device will generally send an authentication request to a network access server NAS; Hughes, [0026] discloses computing devices generally include instructions executable by one or more computing devices and in general a processor receives instructions from a memory, computer readable medium, etc. and executes these instructions thereby performing one or more processes described herein.  Therefore one of ordinary skill in the art would recognize and find obvious based on the combined teachings of the cited portions, that the user device sends a first authentication request comprising the credentials to the NAS which sends a second authentication request that is processed into a third authentication request in order to be transmitted as a series of transmission to the authentication broker).
the third message used by a gateway device to identify the authorization request and/or an authorization mode for the terminal device to access a network, (Hughes, [0012] discloses dynamic authentication broker (i.e. reads on gateway device) may include at least one process or service running thereon and is configured to receive incoming authentication requests directed to the ports which it is bound for instance, the authentication broker may receive incoming authentication requests in the RADIUS protocol directed to port 1812, receive incoming authentication requests in the Kerberos format directed to port 88 and receive incoming authentication requests in the LDAP protocol directed to port 389 and upon receipt of an authentication request (i.e. reads on third message), the service may determine at least a NAS identifier and a user identifier from the authentication request (i.e. indicates obviousness of identifying the authorization request as a determination of specific information within the authorization request is performed); Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).
and the authorization request and/or the authorization mode for the terminal device to access a network is used by the network to perform authorization on the terminal device; (Hughes, [0035]-[0036] discloses the authentication server may be configured to receive the authentication credentials and to process the authentication request and validate the supplied credentials and discloses the service on authentication broker may receive a response from the authentication server indicating whether the credentials have been successfully authenticated).
wherein the second message is transmitted (Hughes, Fig. 2 & [0020] discloses receiving incoming authentication requests directed to the port or ports to which it is bound wherein a first service may be bound to port 389 and may receive authentication requests (i.e. reads on second message) using the LDAP protocol (i.e. reads on authorization mode) and a second service may be bound to port 1812 and may receive authentication request using the RADIUS protocol and a third service may be bound to port 88 and configured to receive authentication requests from IP router using the Kerberos protocol).
and receiving, authorization result information from the network, (Hughes, [0024] discloses when the service receives a response from the authentication server and obtains appropriate authorization parameters, the service creates an authentication response to be transmitted to NAS 110 (i.e. reads on receiving, by the resident node, authorization result information from the network) and the NAS may in turn communicate with user device such as to provide access to the requested network or network device; Hughes, [0016] discloses the authentication response may indicate whether the credentials provided by user device have been successfully authenticated by authentication server and may include a connection attribute indicator which may indicate at least in part whether user device is authorized to access the requested network or network device).
Hughes discloses transmitting the authentication request in a series of transmissions to the authentication broker and also discloses the NAS communicating with the user device to provide access as well as disclosing receiving authentication requests at specific ports corresponding to the authentication protocol but fails to explicitly disclose that the series of transmissions to the authentication broker involves network devices processing the authentication request located in between the NAS and the authentication broker and also fails to explicitly disclose that the NAS sends the “wherein the second message is processed by a network node into a third message,” and “and sending the authorization result information to the terminal device” and “sending the authorization result information to the terminal device” and “wherein the second message is transmitted through an authorization channel corresponding to the authorization mode.”
In a related field of endeavor, Hancock discloses:
wherein the second message is processed by a network node into a third message, (Hancock, Column 4, Lines 65 – Column 5, Lines 1-2 discloses a UE can transmit UE authentication request via a WiFi access point (i.e. reads on resident node) and the authentication request can travel over nodes (i.e. reads on network node) of the internet before arriving at ARDD (i.e. indicates obviousness that the resident WiFi access point sends the second authentication request to a network node of the internet which processes the message into a third authentication request that is send to the gateway ARDD); Hancock, Column 5, Lines 44-50 discloses in some embodiments, the ARDD can receive UE authentication request directly from a UE where ARDD is comprised in or collocated with a RAN device, a femtocell device, a WiFi access point, etc. and in some embodiments, ARDD can receive UE authentication request via another device such as via a WiFi access point device, etc.; Hancock, Column 4, Lines 25-38 discloses ARDD can inspect incoming UE authentication request to determine characteristics or properties of the authentication request such as a device identity, presence of an EAP payload, etc. that can result in identifying a source of the authentication request and the ARDD can determine if an authentication device is correlated to the identified source of the authentication request such as an AAA server and where the UE is correlated to an authentication device, then the authentication request can be directed to the authorization device; Hancock, Column 10, Lines 27-43 discloses ARDD can be located at any location and selecting or designating a location of ARDD can be subject to a constraint and benefits can be outweigh by other considerations such as cost, distance, access, support, etc. that can cause other locations to be advantageous). 
and sending the authorization result information to the terminal device (Hancock, Column 5, Lines 5-14 discloses a reply (i.e. reads on authorization result information) to the authentication request from the example AAA authentication server can be transported back to ARDD via the example carrier core-network and the ARDD can correlate the responding AAA server to the UE of UE authentication request and pass the response as authentication reply back over the open internet to the UE via the example WiFi access point). 
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Hughes to incorporate the teachings of Hancock for the purpose of providing the system with a means to selecting the location of the gateway according to the constraints and advantages required (Hancock, Column 10, Lines 27-43) as well as providing the system with a means of informing the user of the authentication result (Hancock, Fig. 1 
Hughes in view of Hancock fails to disclose that said ports that receives the authentication requests and which corresponds to the specific protocol includes a “wherein the second message is transmitted through an authorization channel corresponding to the authorization mode.”
In a related field of endeavor, Grobman discloses:
wherein the second message is transmitted through an authorization channel corresponding to the authorization mode (Grobman, [0032] discloses the invention may be configured to listen on a communication channel typically used by the authentication system (i.e. reads on authorization channel corresponding to the authorization mode) such as port 88 for Kerberos and receive an initial contact (i.e. reads on second message) from the external machine and perform the preliminary check against a lockout condition and if no lockout is threatened, then tunnel further authentication communication; Grobman, [0030]-[0031] discloses security credentials are received and a test is performed to determine whether attempting to authenticate the security credentials may result in an account lockout and discloses if lockout is not at risk, then authentication may occur normally).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Hughes in view of Hancock to incorporate the teachings of Grobman for the purpose of providing the system with a means to receive the message at the designated port of the authentication protocol (Grobman, [0032]) and for the purpose of making the system more dynamic, versatile and adaptable by allowing the system to handle a number of various different combination of specific design structure / embodiment / scenarios and preventing the system from being limited to a single specific design structure / 
Regarding claim 13, Hughes in view of Hancock and further in view of Grobman discloses:
The apparatus according to claim 12, wherein the authorization request and/or the authorization mode for the terminal device to access a network used by the network to perform authorization on the terminal device comprises: the authorization mode is used to instruct the gateway device to send the authorization request to a network device, (Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).
and the authorization request is used to instruct the network device to perform authorization on the terminal device; (Hughes, [0035] discloses the authentication server may be configured to receive the authentication credentials and to process the authentication request and validate the supplied credentials).
and wherein the instructions instruct the at least one processor to perform operations comprising: the receiving, authorization result information from the network comprises: receiving, the authorization result information returned by the network device by using the gateway device (Hughes, [0024] discloses when the service (i.e. reads on gateway device) receives a response from the authentication server and obtains appropriate authorization parameters, the service creates an authentication response to be transmitted to NAS 110 (i.e. reads on resident node) and the NAS may in turn communicate with user device such as to provide access to the requested network or network device; Hancock, Column 5, Lines 5-14 discloses a reply to the authentication request from the example AAA authentication server can be transported back to ARDD via the example carrier core-network and the ARDD can correlate the responding AAA server to the UE of UE authentication request and pass the response as authentication reply back over the open internet to the UE via the example WiFi access point).

The apparatus according to claim 12, wherein the second message comprises the authorization request and indication information, and the indication information is used to indicate the authorization mode for the terminal device to access a network (Hughes, Fig. 1 & [0010] discloses NAS (i.e. reads on resident node) is configured to receive user credentials from user device and to selectively provide an authentication request (i.e. reads on second message) to authentication broker and the authentication request may be transmitted as a single transmission or a series of transmissions and includes at least the authentication credentials and a NAS identifier such as the IP address of the NAS (i.e. reads on indication information); Hughes, [0034] discloses the service may determine an authentication server which is configured to process the authentication request by for example, determining the authentication protocol (i.e. reads on authorization mode) in which the authentication request may be processed and the service may determine an appropriate authentication protocol by accessing a NAS database that includes authentication protocol information for a particular combination of NAS identifier and user identifier).


Claim 8-9 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hughes et al. (US Patent Publication 2009/0158392 herein after referenced as Hughes) in view of Hancock et al. (US Patent 10,136,318 herein after referenced as .  

Regarding claim 8 and claim 19, Hughes in view of Hancock and further in view of Grobman discloses:
The method according to claim 1 and The apparatus according to claim 12, wherein the authorization result information comprises information that the authorization succeeds, and a return message corresponding to the authorization result information (Hughes, [0016] discloses the authentication response may indicate whether the credentials provided by user device have been successfully authenticated by authentication server and may include a connection attribute indicator which may indicate at least in part whether user device is authorized to access the requested network or network device).
Hughes in view of Hancock and further in view of Grobman discloses the network device receiving authentication result information that includes connection attribute indicators but fails to explicitly disclose that said connection attribute indicators includes “and a return message corresponding to the authorization result information comprises address allocation information and/or route configuration information, wherein the route configuration information comprises reference information that is of route configuration and that is allocated by the network device or configuration information that is of route configuration and that is determined by the gateway device based on reference information of the route configuration, and the address allocation information comprises a network address pre-allocated or allocated to the terminal device.”
In a related field of endeavor, Dubuc discloses:
and a return message corresponding to the authorization result information comprises or configuration information that is of route configuration and that is determined by the gateway device based on reference information of the route configuration, (Dubuc, [0053] discloses during authentication with a customer’s authentication server, one or more authentication attributes may be returned by the authentication server to facilitate routing of an end user traffic flow for example information regarding a destination virtual network such as a destination VLAN can be returned by the authentication server and then used by a network device such as one of network gateways to install a policy route from the clients source IP address to the desired virtual network; Dubuc, [0072] discloses there are many ways of using the one or more VSAs that might be returned with the authentication result and instead of a policy route, a regular route could be used and in various embodiments, the RADIUS server might return to the gateway either exact information about a destination VLAN or it might return some kind of reference that may be processed further by the gateway to obtain the VLAN; Dubuc, [0031] discloses the invention is applicable to various other network devices, edge appliances, gateways, firewalls and the like for example even a generic router is thought to benefit from use of embodiments of the present invention for certain applications; Dubuc, [0045] discloses authentication based routing logic to both authenticate end users of subscribers and maintain logical separation among subscribers; Dubuc, [0007] discloses one issue facing service providers and network providers wishing to provide value added services such as security services is that their customers have access into their infrastructure from anywhere in the world and from any network in the world and most security providers do not use virtual private networks to create customer separation and as a result these users cannot be distinguished from one another).
Therefore, at the time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the invention of Hughes in view of Hancock and further in view of Grobman to incorporate the teachings of Dubuc for the purpose of providing the system with a means to perform authentication based routing logic to authenticate end users and maintain logical separation among subscribers (Dubuc, [0007] & [0045]).

The method according to claim 8 and The apparatus according to claim 12, wherein the method further comprises: storing, by the resident node, the route configuration information, wherein the route configuration information is used by the resident node to determine corresponding route configuration for a service of the terminal device (Dubuc, [0053] discloses during authentication with a customer’s authentication server, one or more authentication attributes may be returned by the authentication server to facilitate routing of an end user traffic flow for example information regarding a destination virtual network such as a destination VLAN can be returned by the authentication server and then used by a network device such as one of network gateways to install a policy route from the clients source IP address to the desired virtual network; Dubuc, [0072] discloses there are many ways of using the one or more VSAs that might be returned with the authentication result and instead of a policy route, a regular route could be used and in various embodiments, the RADIUS server might return to the gateway either exact information about a destination VLAN or it might return some kind of reference that may be processed further by the gateway to obtain the VLAN; Dubuc, [0031] discloses the invention is applicable to various other network devices, edge appliances, gateways, firewalls and the like for example even a generic router is thought to benefit from use of embodiments of the present invention for certain applications).



Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y MAPA whose telephone number is (571)270-5540.  The examiner can normally be reached on Monday thru Thursday: 10 AM - 8 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anthony Addy can be reached on (571) 272 - 7795.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MICHAEL Y MAPA/Primary Examiner, Art Unit 2645