Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
	This application claims priority to a Finnish application # FI20155924 dated 12/07/2015.
DETAILED ACTION
This office action is in response to an amendment application received on 03/19/2021. In the amendment, applicant has amended independent claims 1 and 5. Claims 2-4 and 6-7 remain original. claim 8 has been added as new claim. No claim has been cancelled. 
	For this office action, claims 1-8 have been received for consideration and have been examined. 
Response to Arguments
Claims Rejection under 35 U.S.C. § 103
	Applicant’s remarks with respect to claims rejection under 35 U.S.C. § 103 have been reviewed by the examiner, however, examiner does not find them to be persuasive. After review, applicant’s remarks have been summarized as follows:
Schroeder does not disclose or suggest ‘receiving, in an access server, an access request message originated from the user terminal requesting access to the first network, the access request message including a data record for a user name and data record for a password’ (Page # 12). 
Schroeder does not disclose or suggest ‘receiving, at a server configured to perform authentication-related tasks from the user terminal, an identification confirmation message, when a receipt of a requested access code at the user terminal matches a stored access code stored in a subscriber module residing in the user terminal’ (Page # 13).
Ruiz does not disclose or suggest ‘generating, by the server configured to perform authentication-related tasks, an identification request message to the user terminal causing a request of an access code from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal’. The provision of a PIN in Ruiz appears to only relate to unlocking the UE in order to provide the user interface for providing the authentication token. The provision of a PIN in Ruiz is not related to accessing a secure element of the subscriber module (Page # 15).  
Furthermore Ruiz does not disclose an authentication mechanism that is implemented with a mobile ID stored in a SIM card (Page # 17). 
New claim 8 "in response to detecting the first network, the user terminal initiates the requesting access to the first network by generating and transmitting the access request message to the access server." Claim 8, which ultimately depends from amended independent claim 1, is patentably distinguished over the references relied upon for at least the reasons discussed above and also by virtue of its additionally-recited features. More specifically, Schroeder does not disclose or suggest that the user terminal initiates requesting access to the first network by generating and transmitting the access request message to the access server (Page # 18).


Examiner’s Response
	Regarding remark # 1 that Schroeder does not disclose or suggest ‘receiving, in an access server, an access request message originated from the user terminal requesting access to the first network, the access request message including a data record for a user name and data record for a password’, examiner respectfully disagrees. Examiner would like to like to mention that Schroeder clearly discloses that ‘wireless device 4’ is initiating the request to access to transition the data services of the wireless device to the WLAN network (See [0007] When in the presence of a WLAN, a user may wish to transition the data services of the wireless to the WLAN so as to accelerate data transmissions, reduce costs, and avoid any delays associated with the mobile service provider network; see [0034] In some situations, a subscriber associated with wireless device 4 may wish to receive data services via alternate access network 10 instead cellular network 6 of SP network 8; also see [0046] when wireless device 4 attempts to authenticate with subscriber credentials to SaMOG WAG 16, AAA server 40 uses the subscriber credentials to look up the mobility information) and in response to that ‘wish/request’ from the ‘wireless device 4’, the access point 32 requests the wireless device 4 to identify itself with an EAP over LAN request identity frame (see [0051] Initially, access point 32 requests wireless device 4 identify itself with an EAP over LAN (EAPoL) Request Identity frame (202). Wireless device 4 response with an EAP Response Identity frame containing an identifier for wireless device 4 (e.g., a username) (204)). Therefore, examiner respectfully disagrees with applicant’s assumption that Schroeder fails to disclose or suggest that “access request message is not originated from the user terminal”. It is clear from above citations that user is requesting access through operation of user equipment/wireless device to the WLAN service.
Regarding remark # 2, that Schroeder does not disclose or suggest ‘receiving, at a server configured to perform authentication-related tasks from the user terminal, an identification confirmation message, when a receipt of a requested access code at the user terminal matches a stored access code stored in a subscriber module residing in the user terminal’, examiner notices that applicant is trying to find this limitation in the primary reference of Schroeder whereas this limitation is rejected by secondary reference of Ruiz where it is clearly mentioned that user is prompted on the mobile station 122 to input a PIN code and then PIN code is validated. The validation of the PIN code is equivalent to the ‘identification confirmation message’. 
	Regarding remark # 3 that Ruiz does not disclose or suggest ‘generating, by the server configured to perform authentication-related tasks, an identification request message to the user terminal causing a request of an access code from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal’. The provision of a PIN in Ruiz appears to only relate to unlocking the UE in order to provide the user interface for providing the authentication token. The provision of a PIN in Ruiz is not related to accessing a secure element of the subscriber module, examiner respectfully disagrees. Applicant failed to provide any citation in Ruiz reference where provision of the PIN code is related to “unlocking the UE in order to provide the user interface for providing the authentication token”. Examiner would like to mention that Ruiz clearly teaches, where successful entry of PIN code by the user on the user terminal gives access to an application in the SIM within the MS 122 which is equivalent to claimed “initiate access to a secure element of the subscriber module residing in the user terminal” (see Ruiz page 11, Line # 24-29; The MS 122 may request the user to input a PIN code before the user can input the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122. Once the PIN code has been validated, an application in the SIM within the MS 122 communicates with the MS 122 to prompt the user to input the authentication token received by the remote host 116 in step 127). 
Regarding remark # 4 that Ruiz does not disclose an authentication mechanism that is implemented with a mobile ID stored in a SIM card, examiner respectfully disagrees. First of all, applicant is not really claiming the term “Mobile ID” in the claim language therefore examiner is not required to cite a reference which clearly teaches the term “Mobile ID”. 
Examiner has consulted applicant’s instant disclosure for the support of “Mobile ID” and only paragraph [0005] describes about “Mobile ID” in a very generic language. Examiner further searched on the internet for the “Mobile ID” concept and comes to the conclusion that secondary reference of Ruiz clearly teaches the concept of “Mobile ID” where user is requesting for a service and before that access to that service is allowed, user is being authenticated based on the stored PIN code on the subscriber identity module (SIM) and once the PIN code is validated, user is authenticated and access to the service is allowed. 
Regarding remark # 5, examiner notices that it is regarding newly added claim 8 which recites the same concept of “the user terminal initiates the requesting access to the first network by generating and transmitting the access request message to the access server” and applicant alleges that primary reference of Schroeder fails to disclose this concept. As examiner has clearly described in response to remark #1 as to how and where Schroeder teaches this 8 is taught by primary reference of Schroeder. 
Based on above explanations and citations, examiner believe that amended and added claims are still taught by the combination of cited reference. Therefore, examiner is compelled to maintain the rejection. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claim 8 is rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claim 8 recites “The method of claim 1, wherein, in response to detecting the first network …”, examiner fails to see any language in claim 1 where user terminal is performing the action of “detecting the first network”. Therefore claim 8 lacks support for this language in the independent claim 1 and therefore has lack of Antecedent basis. 
For the purpose of examination, claim 8 will interpreted as “The method of claim 1, wherein, the user terminal initiates the requesting access to the first network by generating and transmitting the access request message to the access server”.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Schroeder et al., (US20130288644A1) in view of Ruiz et al., (WO-0117310-A1 or WO2001017310A1) and further in view of Ahmavaara et al., (US20040066769A1).
Regarding claim 1, Schroeder discloses:
A method for determining an access right of a user terminal (i.e. User Equipment (UE)/Wireless device 4) to a first network (i.e. a WLAN (e.g., alternate access network), the user terminal including a subscription of a second network (i.e. UE having a SIM card), the method comprising:
receiving, in an access server (i.e. SAMOG WAG 16), an access request message (i.e. Request Identity frame (202)) originated from the user terminal requesting access to the first network, the access request message comprising a data record for a user name and a data [0049] In some examples, subscriber database 26 obtains mobility information (e.g., IMSI/MSISDN values) for subscribers from HLR 24 and associates respective mobility information with subscriber credentials (e.g., usernames/passwords); [0051] Initially, access point 32 requests wireless device 4 identify itself with an EAP over LAN (EAPoL) Request Identity frame (202). Wireless device 4 response with an EAP Response Identity frame containing an identifier for wireless device 4 (e.g., a username) (204));
determining, by the access server, that the data record for the user name and the data record for the password are in a predetermined format (i.e. mapping of username/password to MSISDN) and that at least one of data records comprises data from which a subscriber identity for the second network is derivable ([0053] Subscriber database 26 maps the username to a password (together, the “subscriber credentials”), and subscriber 26 maps the subscriber credentials to a “virtual” IMSI/MSISDN, which may or may not represent the IMSI/MSISDN for the true subscriber associated with the subscriber credentials (218). Subscriber database 26 returns the virtual IMSI/MSISDN and optionally an APN to AAA server 40 (220), which forwards them to SaMOG WAG 16);
receiving, at the server configured to perform authentication-related from the user    terminal, an identification confirmation message (i.e. response message) ([0055] Wireless device 4 may then obtain the IP address assigned by GGSN 22. In this example, wireless device 4 issues a Dynamic Host Configuration Protocol (DHCP)-Discover message using the UE MAC address to SaMOG WAG 16 (236), which reads the stored association between the UE MAC address and the IP address returned in the Create PDP-Context Response message and returns the IP address to wireless device 4. SaMOG WAG 16 and wireless device 4 complete the DHCP process to complete the connection and establish IP connectivity (240));
Schroeder fails to disclose:
	in response to a receipt of the authentication request message, generating, by the server configured to perform authentication-related tasks, an identification request message to the user terminal causing a request of an access code from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal; receiving, at the user terminal, the requested access code; determining, at the user terminal, whether the requested access code matches a stored access code stored in a subscriber module residing in the user terminal; generating, at the user terminal, an identification confirmation message when the requested access code is determined to match the stored access code, the received access code providing access to a secure element of the subscriber module residing in the user terminal to generate authentication data included in the generated identification confirmation message.
However, Ruiz discloses:	in response to a receipt of the authentication request message, generating, by the server configured to perform authentication-related tasks, an identification request message (i.e. requesting the user to input a PIN code) to the user terminal (i.e. Mobile station MS 122) causing a request of an access code (i.e. PIN code) from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal (Page # 11, Line # 20-26; At step 128, the authentication server 114 contacts the MS 122 via the PLMN 120, using conventional wireless methods, and requests the user to transmit via the MS 122 the authentication token that was sent to the remote host 116 in step 127 back to the authentication server 114 via the MS 122 and the PLMN 120. The MS 122 may request the user to input a PlN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad; see page 11, Line # 24-29; The MS 122 may request the user to input a PIN code before the user can input the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122. Once the PIN code has been validated, an application in the SIM within the MS 122 communicates with the MS 122 to prompt the user to input the authentication token received by the remote host 116 in step 127);
receiving, at the user terminal, the requested access code (i.e. the PIN code) (Page 11, Line # 24-26; The MS 122 may request the user to input a PIN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122); 
determining, at the user terminal, whether the requested access code matches a stored access code stored in a subscriber module residing in the user terminal (Page # 10, Line # 28-29; In one embodiment of the invention, the user authentication is enhanced by challenging the user's individual secret key stored in the SIM 90; Page 11, Line # 24-26; The MS 122 may request the user to input a PIN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122); 
generating, at the user terminal, an identification confirmation message (i.e. validation of the PIN code) when the requested access code is determined to match the stored access Page # 12, Line 26-29; At step 129, the user inputs the PIN code using the keypad of the MS 122. Once the PIN code has been validated, an application in the SIM within the MS 122 communicates with the MS 122 to prompt the user to input the authentication token received by the remote host 116 in step 127), 
the received access code providing access to a secure element of the subscriber module residing in the user terminal to generate authentication data included in the generated identification confirmation message (Page # 10, Line # 28-29; In one embodiment of the invention, the user authentication is enhanced by challenging the user's individual secret key stored in the SIM 90).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Schroeder reference and authenticate a user through stored access code on the subscriber identity module to access requested service, as disclosed by Ruiz.
The motivation to authenticate the user through stored access code is to ensure legitimate user is accessing the requested service (See Ruiz: Page # 10; The execution of the authentication application performed by the AUTH-APP 108 may be protected by a PIN code).
The combination of Schroeder and Ruiz does not disclose:
	generating, by the access server, an authentication request message from the access server to a server configured to perform authentication-related tasks in the second network based on subscriber information in response to a positive outcome of the determination, the authentication request message comprising the subscriber identity derived at least partly from 
However, Ahmavaara discloses:
generating, by the access server (i.e. a WLAN access server 40), an authentication request message from the access server to a server (i.e. an authentication server 50) configured to perform authentication-related tasks in the second network based on subscriber information in response to a positive outcome of the determination, the authentication request message comprising the subscriber identity derived at least partly from at least one data record in the access request message ([0043] the WLAN comprises a WLAN access server 40 for establishing a connection to external networks such as the home network 100 or another packet-switched network, e.g. the Internet or an operator or company intranet. The home network 100 may be a GPRS network or a WLAN backbone network and comprises an authentication server 50, with an allocated authentication server database 55 in which subscriber information such as service profile information of each connected terminal device or UE are stored; [0048] When the home authentication server 50 is authenticating the user it checks from the authentication server database 55 whether the user is subscribed to home network services)
receiving, in the access server, from the server configured to perform authentication-related tasks (i.e. account/authentication server 24), information on a positive outcome of the FIG. 4; [0064] In successful cases, the authentication server 50 receives a RADIUS Access Accept message from the RADIUS server 130); and
generating, in response to receiving the positive outcome of the authentication, an acknowledgement to the user terminal, the acknowledgement indicating right to access to the first network ([0094] The authentication server 50 adds to the RADIUS Access Accept message an EAP Success message and session keys, and forwards the RADIUS Access Accept message to the WLAN access server 40. In response thereto, the WLAN access server 40 forwards a RADIUS Access Accept message comprising the EAP Success message to the WLAN access point 20 which extracts the EAP Success message and forwards it to the WLAN UE 10).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Schroeder and Ruiz and include a notification of successful authentication as disclosed by Ahmavaara. 
The motivation to include successful notification is to inform the user through user terminal whether access to WLAN network was successful or not (See Ahmavaara: [0094]).
Regarding claim 2, the combination of Schroeder, Ruiz and Ahmavaara discloses:
The method of claim 1, wherein the determining that the at least one of the data records comprises data from which the subscriber identity for the second network is derivable comprises deriving of a Mobile Station International Subscriber Directory Number (MSISDN) from at least one data record in the access request message (Schroeder: [0049-0050]).
Regarding claim 3, the combination of Schroeder, Ruiz and Ahmavaara discloses:
Schroeder: [0047]).
Regarding claim 5, Schroeder discloses:
A system for determining an access right of a user terminal (i.e. User Equipment (UE)/Wireless device 4) to a first network (i.e. a WLAN (e.g., alternate access network), the user terminal including a subscription of a second network (i.e. UE having a SIM card), the system comprising:
an access server (i.e. SAMOG WAG 16) comprising one or more hardware processors configured to:
receive, an access request message (i.e. Request Identity frame (202)) originated from the user terminal requesting access to the first network, the access request message comprising a data record for a user name and a data record for a password ([0049] In some examples, subscriber database 26 obtains mobility information (e.g., IMSI/MSISDN values) for subscribers from HLR 24 and associates respective mobility information with subscriber credentials (e.g., usernames/passwords); [0051] Initially, access point 32 requests wireless device 4 identify itself with an EAP over LAN (EAPoL) Request Identity frame (202). Wireless device 4 response with an EAP Response Identity frame containing an identifier for wireless device 4 (e.g., a username) (204));
i.e. mapping of username/password to MSISDN) and that at least one of data records comprises data from which a subscriber identity for the second network is derivable ([0053] Subscriber database 26 maps the username to a password (together, the “subscriber credentials”), and subscriber 26 maps the subscriber credentials to a “virtual” IMSI/MSISDN, which may or may not represent the IMSI/MSISDN for the true subscriber associated with the subscriber credentials (218). Subscriber database 26 returns the virtual IMSI/MSISDN and optionally an APN to AAA server 40 (220), which forwards them to SaMOG WAG 16); and
receive, at the server configured to perform authentication-related from the user    terminal, an identification confirmation message (i.e. response message) ([0055] Wireless device 4 may then obtain the IP address assigned by GGSN 22. In this example, wireless device 4 issues a Dynamic Host Configuration Protocol (DHCP)-Discover message using the UE MAC address to SaMOG WAG 16 (236), which reads the stored association between the UE MAC address and the IP address returned in the Create PDP-Context Response message and returns the IP address to wireless device 4. SaMOG WAG 16 and wireless device 4 complete the DHCP process to complete the connection and establish IP connectivity (240));
Schroeder fails to disclose:
	in response to a receipt of the authentication request message, generate, by the server configured to perform authentication-related tasks, an identification request message to the user terminal causing a request of an access code from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal; receive, at 
However, Ruiz discloses:	in response to a receipt of the authentication request message, generate, by the server configured to perform authentication-related tasks, an identification request message (i.e. requesting the user to input a PIN code) to the user terminal (i.e. Mobile station MS 122) causing a request of an access code (i.e. PIN code) from the user by the user terminal to initiate access to a secure element of the subscriber module residing in the user terminal (Page # 11, Line # 20-26; At step 128, the authentication server 114 contacts the MS 122 via the PLMN 120, using conventional wireless methods, and requests the user to transmit via the MS 122 the authentication token that was sent to the remote host 116 in step 127 back to the authentication server 114 via the MS 122 and the PLMN 120. The MS 122 may request the user to input a PlN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad; see page 11, Line # 24-29; The MS 122 may request the user to input a PIN code before the user can input the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122. Once the PIN code has been validated, an application in the SIM within the MS 122 communicates with the MS 122 to prompt the user to input the authentication token received by the remote host 116 in step 127);
receive, at the user terminal, the requested access code (i.e. the PIN code) (Page 11, Line # 24-26; The MS 122 may request the user to input a PIN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122); 
determine, at the user terminal, whether the requested access code matches a stored access code stored in a subscriber module residing in the user terminal (Page # 10, Line # 28-29; In one embodiment of the invention, the user authentication is enhanced by challenging the user's individual secret key stored in the SIM 90; Page 11, Line # 24-26; The MS 122 may request the user to input a PIN code before the user can input 25 the authentication token into the MS 122 using an input device such as for example, a keypad. At step 129, the user inputs the PIN code using the keypad of the MS 122); 
generate, at the user terminal, an identification confirmation message (i.e. validation of the PIN code) when the requested access code is determined to match the stored access code (Page # 12, Line 26-29; At step 129, the user inputs the PIN code using the keypad of the MS 122. Once the PIN code has been validated, an application in the SIM within the MS 122 communicates with the MS 122 to prompt the user to input the authentication token received by the remote host 116 in step 127), 
the received access code providing access to a secure element of the subscriber module residing in the user terminal to generate authentication data included in the generated Page # 10, Line # 28-29; In one embodiment of the invention, the user authentication is enhanced by challenging the user's individual secret key stored in the SIM 90).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Schroeder reference and authenticate a user through stored access code on the subscriber identity module to access requested service, as disclosed by Ruiz.
The motivation to authenticate the user through stored access code is to ensure legitimate user is accessing the requested service (See Ruiz: Page # 10; The execution of the authentication application performed by the AUTH-APP 108 may be protected by a PIN code).
The combination of Schroeder and Ruiz does not disclose:
	generate, by the access server, an authentication request message from the access server to a server configured to perform authentication-related tasks in the second network based on subscriber information in response to a positive outcome of the determination, the authentication request message comprising the subscriber identity derived at least partly from at least one data record in the access request message; receive, in the access server, from the server configured to perform authentication-related tasks, information on a positive outcome of the authentication of the subscriber in the second network; and generate, in response to receiving the positive outcome of the authentication, an acknowledgement to the user terminal, the acknowledgement indicating right to access to the first network.
However, Ahmavaara discloses:
i.e. a WLAN access server 40), an authentication request message from the access server to a server (i.e. an authentication server 50) configured to perform authentication-related tasks in the second network based on subscriber information in response to a positive outcome of the determination, the authentication request message comprising the subscriber identity derived at least partly from at least one data record in the access request message ([0043] the WLAN comprises a WLAN access server 40 for establishing a connection to external networks such as the home network 100 or another packet-switched network, e.g. the Internet or an operator or company intranet. The home network 100 may be a GPRS network or a WLAN backbone network and comprises an authentication server 50, with an allocated authentication server database 55 in which subscriber information such as service profile information of each connected terminal device or UE are stored; [0048] When the home authentication server 50 is authenticating the user it checks from the authentication server database 55 whether the user is subscribed to home network services)
receive, in the access server, from the server configured to perform authentication-related tasks (i.e. account/authentication server 24), information on a positive outcome of the authentication of the subscriber in the second network (FIG. 4; [0064] In successful cases, the authentication server 50 receives a RADIUS Access Accept message from the RADIUS server 130); and
generate, in response to receiving the positive outcome of the authentication, an acknowledgement to the user terminal, the acknowledgement indicating right to access to the first network ([0094] The authentication server 50 adds to the RADIUS Access Accept message an EAP Success message and session keys, and forwards the RADIUS Access Accept message to the WLAN access server 40. In response thereto, the WLAN access server 40 forwards a RADIUS Access Accept message comprising the EAP Success message to the WLAN access point 20 which extracts the EAP Success message and forwards it to the WLAN UE 10).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Schroeder and Ruiz and include a notification of successful authentication as disclosed by Ahmavaara. 
The motivation to include successful notification is to inform the user through user terminal whether access to WLAN network was successful or not (See Ahmavaara: [0094]).
Regarding claim 8, the combination of Schroeder, Ruiz and Ahmavaara discloses:
The method of claim 1, wherein, the user terminal initiates the requesting access to the first network by generating and transmitting the access request message to the access server (Schroeder: [0007] When in the presence of a WLAN, a user may wish to transition the data services of the wireless to the WLAN so as to accelerate data transmissions, reduce costs, and avoid any delays associated with the mobile service provider network; see [0034] In some situations, a subscriber associated with wireless device 4 may wish to receive data services via alternate access network 10 instead cellular network 6 of SP network 8; also see [0046] when wireless device 4 attempts to authenticate with subscriber credentials to SaMOG WAG 16, AAA server 40 uses the subscriber credentials to look up the mobility information).


s 4, and 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Schroeder et al., (US20130288644A1) in view of Ruiz et al., (WO-0117310-A1 or WO2001017310A1) in view of Ahmavaara et al., (US20040066769A1) and further in view of Carneheim et al., (US6618584B1).
Regarding claim 4, the combination of Schroeder, Ruiz and Ahmavaara fails to disclose:
The method of claim 1, further comprising manipulating a timer value of a timer defining a period of time given for an authentication procedure between the user terminal, an access controller and the access server in response to a positive outcome of the determination.
However, Carneheim discloses:
	a step of manipulating a timer value of a timer defining a period of time given for the authentication procedure between the user terminal, access controller and the access server in response to a positive outcome of the determination (Col. 3, Line # 59-67 – Col. 4, Line # 1-8; Reference is now made to FIG. 1 wherein there is shown a nodal operation and flow diagram for a first embodiment timer based trigger for authentication. The subscriber terminal 10 sets a timer 16 in action 18 with a certain measured time period and executes a testing loop in action 20 to detect expiration of that time period. As one option, the set timer action 18 may choose the length of the measured time period. As another option, a resetting of the timer 16 in this scenario may then occur (as generally indicated at 34) responsive to each state transition from the suspended state to the active state (instead of resetting responsive to the expiration of the measured time period). Responsive to such time period expiration, the subscriber terminal 10 engages in an authentication transaction 22 (i.e., a message exchange and appropriate data processing action needed to authenticate the terminal) with the supporting wireless communications system 12, and returns 24 to action 18 to re-set the timer 16. Thus, the timer based trigger procedure implements an authentication transaction 22 once every certain time period as measured by the timer 16).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the references of Schroeder, Ruiz and Ahmavaara and include a timer based authentication procedure, as disclosed by Carneheim. 
	The motivation is to have an efficient authentication system in which access timer can be changed to restrict user access to electronic device (See Carneheim: Col. 3, Line # 59-67 – Col. 4, Line # 1-8). 
Regarding claim 6, the combination of Schroeder, Ruiz and Ahmavaara fails to disclose:
The method of claim 2 further comprising manipulating a timer value of a timer defining a period of time given for the authentication procedure between the user terminal, access controller and the access server in response to a positive outcome of the determination.
However, Carneheim discloses:
	a step of manipulating a timer value of a timer defining a period of time given for the authentication procedure between the user terminal, access controller and the access server in response to a positive outcome of the determination (Col. 3, Line # 59-67 – Col. 4, Line # 1-8; Reference is now made to FIG. 1 wherein there is shown a nodal operation and flow diagram for a first embodiment timer based trigger for authentication. The subscriber terminal 10 sets a timer 16 in action 18 with a certain measured time period and executes a testing loop in action 20 to detect expiration of that time period. As one option, the set timer action 18 may choose the length of the measured time period. As another option, a resetting of the timer 16 in this scenario may then occur (as generally indicated at 34) responsive to each state transition from the suspended state to the active state (instead of resetting responsive to the expiration of the measured time period). Responsive to such time period expiration, the subscriber terminal 10 engages in an authentication transaction 22 (i.e., a message exchange and appropriate data processing action needed to authenticate the terminal) with the supporting wireless communications system 12, and returns 24 to action 18 to re-set the timer 16. Thus, the timer based trigger procedure implements an authentication transaction 22 once every certain time period as measured by the timer 16).
Regarding claim 7, the combination of Schroeder, Ruiz, & Ahmavaara fails to disclose:
	 The method of claim 3, further comprising manipulating a timer value of a timer defining a period of time given for an authentication procedure between the user terminal, an access controller, and the access server in response to a positive outcome of the determination.
However, Carneheim discloses:
	comprising manipulating a timer value of a timer defining a period of time given for an authentication procedure between the user terminal, an access controller, and the access server in response to a positive outcome of the determination (Col. 3, Line # 59-67 – Col. 4, Line # 1-8; Reference is now made to FIG. 1 wherein there is shown a nodal operation and flow diagram for a first embodiment timer based trigger for authentication. The subscriber terminal 10 sets a timer 16 in action 18 with a certain measured time period and executes a testing loop in action 20 to detect expiration of that time period. As one option, the set timer action 18 may choose the length of the measured time period. As another option, a resetting of the timer 16 in this scenario may then occur (as generally indicated at 34) responsive to each state transition from the suspended state to the active state (instead of resetting responsive to the expiration of the measured time period). Responsive to such time period expiration, the subscriber terminal 10 engages in an authentication transaction 22 (i.e., a message exchange and appropriate data processing action needed to authenticate the terminal) with the supporting wireless communications system 12, and returns 24 to action 18 to re-set the timer 16. Thus, the timer based trigger procedure implements an authentication transaction 22 once every certain time period as measured by the timer 16).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018.  The examiner can normally be reached on 8:30 AM - 6:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/S.M.A./             Patent Examiner, Art Unit 2432                                                                                                                                                                                           
/SYED A ZAIDI/             Primary Examiner, Art Unit 2432