DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are pending.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/22/21 has been entered.

Response to Arguments
Applicant's arguments filed on 07/22/21have been fully considered. 
In response to Applicant’s arguments regarding the newly added limitations recited in claims 1, 7, and 16 (pages 8-15 of Remarks), Examiner acknowledged Applicant’s perspective but these arguments are moot in view of the new grounds of rejection presented below in view of newly found prior arts.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-6 are rejected under 35 U.S.C. 103 as being unpatentable over Ranade (US 20160192196) in view of Hardy (US 20140328250) and further in view of Malasani (US 9584335).

Claim 1, Ranade discloses A provider device comprising: 
a processor; and (e.g. ¶25: processors for executing instructions or accessing information that may be stored in memory)  
memory comprising computer-executable instructions that, when executed by the processor, (e.g. ¶25: non-transitory computer-readable storage (memory)) cause the processor to perform operations comprising 
receiving, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider, (e.g. fig. 1, ¶22, 25-26, 29-30: When a user device 110 requests secure network access, the request may be redirected to web portal server 140…Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100… Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A…the request for secure network access is redirected to web portal server 140) 
in response to the network access request, prompting the network provider to accept or deny the requester device access to the Wi-Fi network, (e.g. ¶25-26, 31: When a user device 110 requests secure network access, the request may be redirected to web portal server 140, which may convey the request to hotspot controller 150…the hotspot controller 150 may receive a request that a user device 110 be allowed to use the secured communication network 120B)
receiving input indicating that the network provider accepts the network access request, (e.g. ¶26, 31-32: Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100…In terms of security, for example, the hotspot controller 150 may receive a request that a user device 110 be allowed to use the secured communication network 120B. Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140)
in response to the input indicating that the network provider accepts the network access request, create a network access package comprising a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration, and creating a network access response comprising the network access package, and sending the network access response to the requester device. (e.g. ¶26, 34-35: Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140, which in turns generates a web page displaying the unique pre-shared key to the user device 110. User device 110 may then use the pre-shared key in a request to access secure communication network 120B… the web portal server 140 generates a webpage to display the unique pre-shared key to the user of user device 110…the unique pre-shared key is entered into user device 110, either manually by the user (e.g., a cut and paste operation), via user selection (e.g., execution of a script associated with a `install` button), or automatically as a result of instructions embedded with a pre-shared key download package. A subsequent request for access to the secure communication network 120B is generated based on the unique pre-shared key. In some instances, the unique pre-shared key may be bundled as part of a package that may be installed automatically or upon request on the user device 110. The package may include any applications, policies, or parameters required for connection to the secure communication network 120B. For example, an application may be downloaded to the wireless device and executed to survey, configure (e.g., install parameters and policies), and/or connect the wireless device to the secured communication network 120B. The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters.)
Although Ranade discloses creating a network access package comprising a secure network access configuration (see above), Ranade does not appear to explicitly disclose but Hardy discloses  
presenting a package configuration software user interface, wherein the package configuration software user interface comprises network access configuration parameters selectable to create, by the network device, a network access package and wherein the network device creates the network access package based, at least in part, on input received via the package configuration software user interface (e.g. figs. 3-4, 9, 12-13, ¶28, 33, 35-37, 49, 52, 78, 80-90: presenting the administration user interface of the access point to an administrator, owner, or manager operating a personal computer (PC) for managing the access point and allowing the administrator, owner or manager to select settings or configurations through the administration user interface to generate by the access point authentication codes or vouchers).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hardy into the invention of Ranade for the purpose of securely enabling an owner or manager to manage authentication codes generated by an access point (Hardy, ¶35-36).
Although Ranade-Hardy discloses presenting a package configuration software user interface (see above), and does not appear to explicitly disclose but Malasani discloses a package configuration software user interface provided by the network device (e.g. col. 10, ll. 5-15: the system and method will often further use the router to provide an operator interface wherein an operator (usually a human operator) may configure various user associated device identification criteria and the router controlled device operational heuristics. This operator interface can be produced by various methods and devices. In some embodiments, the WiFi router can use its processor to provide this operator interface by generating web pages to a router connected computerized device used by the user (often the user device will be running a web browser)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Malasani into the invention of Ranade-Hardy for the purpose of allowing the access point to provide an operator interface to an operator device for remotely configuring the access point thereby increasing the convenience and flexibility of the system.

Claim 2, Ranade-Hardy-Malasani discloses The provider device of claim 1, wherein creating the network access response comprises receiving, via the package configuration software user interface, the input to define the secure network access configuration for the network access package. (Hardy, e.g. figs. 3-4, 9, 12-13, ¶28, 33, 35-37, 49, 52, 78, 80-90).  Same motivation as in claim 1 would apply.

Claim 3, Ranade-Hardy-Malasani discloses The provider device of claim 2, wherein the package configuration software user interface comprises a web interface or a native application interface. (Hardy, e.g. figs. 3-4, 9, 12-13, ¶28, 33, 35-37, 49, 52, 78, 80-90).  Same motivation as in claim 1 would apply.

Claim 4, Ranade-Hardy-Malasani discloses The provider device of claim 1, wherein the secure network access configuration comprises a default configuration. (Ranade, e.g. ¶34-35)

Claim 5, Ranade-Hardy-Malasani discloses The provider device of claim 1, wherein the secure network access configuration comprises a custom configuration specific to the requester device. (Ranade, e.g. ¶34-35)

Claim 6, Ranade-Hardy-Malasani discloses The provider device of claim 1, wherein the network access configuration parameters comprise at least one of an allowed network parameter, an allowed port parameter, an allowed IP address range parameter, a time limit parameter, a re-entry allowed parameter, a restrict data rate parameter, or a restrict data usage parameter. (Ranade, e.g. ¶26, 31-33, 35)

Claims 7-15 are rejected under 35 U.S.C. 103 as being unpatentable over Ranade (US 20160192196) in view of Chung (US 9419799) in view of Hardy (US 20140328250) and further in view of Malasani (US 9584335).

Claim 7, Ranade discloses A requester device comprising: 
a processor; and (e.g. ¶20: processors for executing instructions that may be stored in memory)
memory that stores instructions that, when executed by the processor, (e.g. ¶20: non-transitory computer-readable storage (memory)) cause the processor to perform operations comprising 
generating a network access request requesting access to a Wi-Fi network associated with a network provider, (e.g. fig. 1, ¶22, 25, 29: Communication networks 120A-B are provided by a hotspot access point 130… When a user device 110 requests secure network access, the request may be redirected to web portal server 140… The user of device 110 may be offered access to the secured communication network 120B as an option. Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A) wherein the Wi-Fi network is provided, at least in part, by a network device, (e.g. fig. 1, ¶22: Communication networks 120A-B are provided by a hotspot access point 130)
sending the network access request to a provider device associated with the network provider, (e.g. fig. 1, ¶22, 25-26, 29-30: When a user device 110 requests secure network access, the request may be redirected to web portal server 140…Hotspot controller 150 manages the one or more hotspot access points 130 in network environment 100… Upon selection of that offering, a user request for access to the secure communication network 120B may be sent over the open communication network 120A…the request for secure network access is redirected to web portal server 140)
receiving, from the provider device, an network access package created, and wherein the network access package comprising a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration, (e.g. ¶26, 34-35: Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140, which in turns generates a web page displaying the unique pre-shared key to the user device 110. User device 110 may then use the pre-shared key in a request to access secure communication network 120B… the web portal server 140 generates a webpage to display the unique pre-shared key to the user of user device 110…the unique pre-shared key is entered into user device 110, either manually by the user (e.g., a cut and paste operation), via user selection (e.g., execution of a script associated with a `install` button), or automatically as a result of instructions embedded with a pre-shared key download package. A subsequent request for access to the secure communication network 120B is generated based on the unique pre-shared key. In some instances, the unique pre-shared key may be bundled as part of a package that may be installed automatically or upon request on the user device 110. The package may include any applications, policies, or parameters required for connection to the secure communication network 120B. For example, an application may be downloaded to the wireless device and executed to survey, configure (e.g., install parameters and policies), and/or connect the wireless device to the secured communication network 120B. The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters.)
establishing, with the network device, an unsecure connection, (e.g. fig. 1, ¶21, 24, 29: a user device 110 connects to an open communication network 120A provided by hotspot access point 130. For some network activity (e.g., reading the news), the user may not necessarily require security and the use of the open communication network 120A may be sufficient)
establishing, with the network device, the secure connection in accordance with the secure network access configuration. (e.g. fig. 1, ¶26, 35: User device 110 may then use the pre-shared key in a request to access secure communication network 120B…The unique pre-shared key may then be used to authenticate the user device 110 so that the user device 110 can access the secured communication network 120B according to the installed policies and parameters)
Although Ranade discloses receiving, from the provider device, an network access package created and establishing, with the network device, a secure connection in accordance with the secure network access configuration (see above), Ranade does not explicitly disclose but Chung discloses an encrypted network access package and sending, via the unsecure connection, the encrypted network access package to the network device, wherein the network device decrypts the encrypted network access package to extract the secure network access configuration (e.g. fig. 3, col. 11, ll. 18-27, 35-38: providing secure credential using the secure credential package created by the access connector 140, according to embodiments…After a secure credential package is created as shown in FIG. 2 with an exemplary format as shown in FIG. 3, a client 410 may use the secure credential package stored on the client device 410 for authentication and authorization. The client 410 may send the secure credential package in step 412 to the access connector 140…After obtaining the at least one key and the secure credential package, the secure package validator 144 may decrypt the secure credential package)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chung into the invention of Ranade for the purpose of rendering the secure credential package unreadable by unauthorized parties and enabling the client device to use the secure credential package for authentication and authorization (Chung, col. 9, ll. 9-10, col. 11, ll. 23-25).
Although Ranade-Chung discloses receiving, from the provider device, an encrypted network access package created (see above), Ranade-Chung does not explicitly disclose but Hardy discloses a network access package created by the network device based, at least in part, on input received via a package configuration software user interface and presented by the provider device, wherein the package configuration software user interface comprises network access configuration parameters selectable to create, by the network device the network access package (e.g. figs. 3-4, 9, 12-13, ¶28, 33, 35-37, 49, 52, 78, 80-90: presenting the administration user interface of the access point to an administrator, owner, or manager operating a personal computer (PC) for managing the access point and allowing the administrator, owner or manager to select settings or configurations through the administration user interface to generate by the access point authentication codes or vouchers).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Hardy into the invention of Ranade-Chung for the purpose of securely enabling an owner or manager to manage authentication codes generated by an access point (Hardy, ¶35-36).
Ranade-Chung-Hardy discloses a package configuration software user interface and presented by the provider device (see above), Ranade-Chung-Hardy does not appear to explicitly disclose but Malasani discloses a package configuration software user interface provided by the network device (e.g. col. 10, ll. 5-15: the system and method will often further use the router to provide an operator interface wherein an operator (usually a human operator) may configure various user associated device identification criteria and the router controlled device operational heuristics. This operator interface can be produced by various methods and devices. In some embodiments, the WiFi router can use its processor to provide this operator interface by generating web pages to a router connected computerized device used by the user (often the user device will be running a web browser)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Malasani into the invention of Ranade-Chung-Hardy for the purpose of allowing the access point to provide an operator interface to an operator device for remotely configuring the access point thereby increasing the convenience and flexibility of the system.

Claim 8, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 7, wherein receiving, from the provider device, the network access package comprises receiving, from the provider device, a network access response comprising the network access package, wherein the network access response further comprises an indication that the network access request was accepted, and wherein the operations further comprise: in response to the indication that the network access request was accepted, presenting a notification to inform a user of the requester device that the network access request was accepted. (Ranade, e.g. ¶26, 32, 34-35)
Although Ranade discloses receiving, from the provider device, the network access package comprises receiving, from the provider device, a network access response comprising the network access package (see above), Ranade does not explicitly disclose but Chung discloses encrypted network access package (e.g. fig. 3, col. 11, ll. 18-27, 35-38).  Same motivation as in claim 7 would apply.

Claim 9, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 7, wherein the operations further comprise storing the network access package in the memory. (Ranade, e.g. ¶20, 26, 35)
Although Ranade discloses storing the network access package in the memory (see above), Ranade does not explicitly disclose but Chung discloses encrypted network access package (e.g. fig. 3, col. 11, ll. 18-27, 35-38).  Same motivation as in claim 7 would apply.

Claim 10, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 9, further comprising a Wi-Fi communications component; wherein the operations further comprise detecting, via the Wi-Fi communications component, a signal from the Wi-Fi network; and wherein establishing, with the network device, the unsecure connection comprises establishing, with the network device, the unsecure connection in response to detecting the signal from the Wi-Fi network. (Ranade, e.g. fig. 1,  ¶20-21, 29)

Claim 11, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 10, wherein the unsecure connection comprises an ad-hoc peer-to-peer connection between the requester device and the network device. (Ranade, e.g. fig. 1, ¶20-21, 24, 29)

Claim 12, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 10, wherein the unsecure connection comprises a dedicated connection (Ranade, e.g. fig. 1, ¶21, 24, 29) and does not explicitly disclose but Chung disclose for exchanging encrypted network access packages. (Chung, col. 4, ll. 39-56, col. 6, ll. 7-10, col. 11, ll. 18-27).  Same motivation as in claim 7 would apply.

Claim 13, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 7, wherein the secure network access configuration comprises a default configuration. (Ranade, e.g. ¶34-35)

Claim 14, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 7, wherein the secure network access configuration comprises a custom configuration specific to the requester device. (Ranade, e.g. ¶34-35)

Claim 15, Ranade-Chung-Hardy-Malasani discloses The requester device of claim 7, wherein the network access configuration parameters comprise at least one of an allowed network parameter, an allowed port parameter, an allowed IP address range parameter, a time limit parameter, a re-entry allowed parameter, a restrict data rate parameter, or a restrict data usage parameter. (Ranade, e.g. ¶26, 31-33, 35)

Claims 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 20080250478) in view of in view of Malasani (US 9584335) and further in view of Ranade (US 20160192196).

Claim 16, Miller discloses A network device comprising: 
a network device interface that provides a Wi-Fi network; a processor; and memory that stores instructions that, when executed by the processor, (e.g. ¶19-21, 67-68:  Embodiments of the present invention are directed toward providing wireless access to networks, and in particular, to networks which are accessible through a WiFi router. A WiFi router is a router that follows one of the IEEE 802.11 WiFi specifications) cause the processor to perform operations comprising 
providing, for display, a package configuration software user interface through which a network provider can configure a network access package comprising a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with a requester device to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration, (e.g. fig. 5, ¶28-29, 36: The network administrator can set an authentication key in the router (using, for example, the router's configuration interface) to use one of the secured access approaches (i.e., the shared-key approach or pre-shared-key approach). In this case, client devices that do not provide the proper authentication key value during authentication will be denied access to the network. In the shared-key authentication approach, the client may obtain the authentication key from the router…FIG. 5 shows a sample user interface 500 that may be used for configuring a router, according to an embodiment of the present invention.) wherein the package configuration software user interface comprises a plurality of network access configuration parameters selectable by the network provider to create, by the network device, the network access package comprising the secure network access configuration, (e.g. fig. 5, ¶28, 36-37: FIG. 5 shows a sample user interface 500 that may be used for configuring a router, according to an embodiment of the present invention. This configuration interface provides for changing the SSID (see 510) and channel (see 520), and for selecting one of the authentication mechanisms (see 530). Encryption may be enabled or disabled using this configuration interface, as shown at 540 (which refers to "WEP", the Wired Equivalent Privacy encryption algorithm that is built into the 802.11 specification). Any one of 4 authentication keys may be specified from this sample interface, as shown at 570; a drop-down box 560 allows the user to select the encoding in which the keys are specified.)
receiving, via the package configuration software user interface, input to define the secure network access configuration, creating, based upon the input, the network access package comprising the secure network access configuration, wherein the network access package is provided to the requester device, (e.g. fig. 5, ¶28, 36: The network administrator can set an authentication key in the router (using, for example, the router's configuration interface) to use one of the secured access approaches (i.e., the shared-key approach or pre-shared-key approach). In this case, client devices that do not provide the proper authentication key value during authentication will be denied access to the network. In the shared-key authentication approach, the client may obtain the authentication key from the router…This configuration interface provides for changing the SSID (see 510) and channel (see 520), and for selecting one of the authentication mechanisms (see 530). Encryption may be enabled or disabled using this configuration interface, as shown at 540 (which refers to "WEP", the Wired Equivalent Privacy encryption algorithm that is built into the 802.11 specification). Any one of 4 authentication keys may be specified from this sample interface, as shown at 570; a drop-down box 560 allows the user to select the encoding in which the keys are specified)
receiving the network access package from the requester device, and establishing the secure connection with the requester device to provide the requester device with access to the Wi-Fi network in accordance with the secure network access configuration of the network access package. (e.g. ¶28, 29: Upon receiving the authentication key from the client device, the router performs an authentication process for that client. Block 220 tests whether the authentication is successful. If so, then the client is allowed access (Block 240)…If the test in Block 220 has a negative result, however (indicating that the client device did not supply the correct authentication key), access to the network through this router is denied (Block 230).)
Although Miller discloses providing, for display, a package configuration software user interface through which a network provider can configure a network access package (see above), Miller does not appear to explicitly disclose but Hardy discloses that the providing is in response to access by a provider device and for display by the provider device and a network provider associated with the provider device (e.g. col. 10, ll. 5-15: the system and method will often further use the router to provide an operator interface wherein an operator (usually a human operator) may configure various user associated device identification criteria and the router controlled device operational heuristics. This operator interface can be produced by various methods and devices. In some embodiments, the WiFi router can use its processor to provide this operator interface by generating web pages to a router connected computerized device used by the user (often the user device will be running a web browser)).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Malasani into the invention of Miller for the purpose of allowing the access point to provide an operator interface to an operator device for remotely configuring the access point thereby increasing the convenience and flexibility of the system.
Although Miller-Malasani discloses the network access package is provided to the requester device (see above), Miller does not appear to explicitly disclose but Ranade discloses the network access package is provided to the requester device by the provider device (e.g. ¶26, 34-35: Hotspot controller 150 dynamically generates a unique pre-shared key for the requesting user device 110 and return the key to web portal server 140, which in turns generates a web page displaying the unique pre-shared key to the user device 110. User device 110 may then use the pre-shared key in a request to access secure communication network 120B… the web portal server 140 generates a webpage to display the unique pre-shared key to the user of user device 110…the unique pre-shared key is entered into user device 110, either manually by the user (e.g., a cut and paste operation), via user selection (e.g., execution of a script associated with a `install` button), or automatically as a result of instructions embedded with a pre-shared key download package…In some instances, the unique pre-shared key may be bundled as part of a package that may be installed automatically or upon request on the user device 110. The package may include any applications, policies, or parameters required for connection to the secure communication network 120B.)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Ranade into the invention of Miller-Malasani for the purpose of providing secure network access at hotspots (Ranade, ¶10).

Claim 17, Miller-Malasani-Ranade discloses The network device of claim 16, wherein the package configuration software user interface comprises a web interface or a native application interface. (Miller, e.g. fig. 5, ¶28, 36).  

Claim 18, Miller-Malasani-Ranade discloses The network device of claim 17, wherein the plurality of network access configuration parameters selectable by the network provider to define the secure network access configuration comprise at least one of an allowed network parameter, an allowed port parameter, an allowed IP address range parameter, a time limit parameter, a re-entry allowed parameter, a restrict data rate parameter, or a restrict data usage parameter. (Miller, e.g. fig. 5, ¶36-37)

Claim 19, Miller-Malasani-Ranade discloses The network device of claim 16, wherein the secure network access configuration comprises a rule specifying a condition under which the requester device is permitted to access the Wi-Fi network, wherein the rule is defined, at least in part, via the input that defines at least a portion of the plurality of network access configuration parameters. (Miller, e.g. fig. 5, ¶28, 36)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 20080250478) in view of in view of Malasani (US 9584335) in view of Ranade (US 20160192196) and further in view of Chung (US 9419799).

Claim 20, Miller-Malasani-Ranade discloses The network device of claim 16, and to provide the requester device access to the Wi-Fi network in accordance with the secure network access configuration (see above) and does not explicitly disclose but Chung discloses cryptographic module, executable by the processor to cause the processor to perform further operations comprising encrypting the network access package to create an encrypted network access package, wherein the encrypted network access package can only be decrypted by the network device. (e.g. fig. 3, col. 11, ll. 18-27, 35-38, col. 12, ll. 8-10: providing secure credential using the secure credential package created by the access connector 140, according to embodiments…After a secure credential package is created as shown in FIG. 2 with an exemplary format as shown in FIG. 3, a client 410 may use the secure credential package stored on the client device 410 for authentication and authorization. The client 410 may send the secure credential package in step 412 to the access connector 140… After obtaining the at least one key and the secure credential package, the secure package validator 144 may decrypt the secure credential package…Though the secure credential package persists on client devices, the credentials may only be decrypted by the access connector)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Chung into the invention of Miller-Malasani-Ranade for the purpose of rendering the secure credential package unreadable by unauthorized parties and enabling the client device to use the secure credential package for authentication and authorization (Chung, col. 9, ll. 9-10, col. 11, ll. 23-25).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20100115278 discloses a method of operating an access point (AP) configured to support multiple pre-shared keys at a given time to authenticate its associated client devices. Each client device associated with the AP is provisioned with a key. To authenticate the client device that attempts to connect to the AP, the AP determines which pre-shared key (PSK) of the multiple supported pre-shared keys (PSKs). if any, matches information including the key received from the client device. When the information matches, the client device is allowed to connect to the AP. Provisioning the AP with multiple PSKs allows selectively disconnecting associated client devices from the AP. The AP may be configured to support PSKs of different lifetime and complexity.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436