DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 08/11/2020.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 2, 12 and 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 7, 13 and 17 of U.S. Patent No. 10,673,630 in view of Uh et al US 2006/0112269. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 7, 13 and 17 of U.S. Patent No. 10,673,630 include all the limitations of claims 2, 12 and 16 of the instant application 16/890644. 

Patent 10,673,630 does not explicitly disclose receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and registering the first wireless AP into the wireless network upon receiving the first request. However, Uh discloses receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network (Fig.7, par 0068  When a station gets access to a home network area, and acquires and registers an ID and a password from the AP, i.e. first wireless AP,  to the management web server, or the service manager, i.e. the wireless network,  par 0077 the station 10 transmits an associate-request, i.e. first request, message to the AP 20 in order to make a request for association (S71), and the AP 20 transmits an associate response message to the station 10 (S72). Then, in the case of using the 802.1x standard and then registers, i.e. requesting, its ID and password, or credential information, with the web server 24 located in the AP 20. The ID and password of the station 10 are endowed by the service manager.); and registering the first wireless AP into the wireless network upon receiving -2- 6403177.1the first request (par 0079 the station 10 obtains access to the AP 20 and registers, i.e. registering, the ID and password (S74), the AP 20 allocates the authentication level that is predetermined by the service manager to the corresponding station 10).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  receiving … and encrypting.. and broadcasting…. Of Uh, based on the teaching of registering  the password from the access point to the web server of Uh, because doing so would provide the station transmits an associate-request message to the AP in order to make a request for association, and the AP transmits an associate response message to the station.

Instant application # 16/890644
 Patent # 10,673,630
2. A method implemented by a gateway for facilitating a secure configuration of one or more new 802.11 access points (APs) in a wireless network of the gateway, the method comprising: receiving, wirelessly, first wireless AP information including a first public key, of a first public-private key pair associated with a first wireless AP of the one or more new 802.11 APs, from a STA that is registered with the wireless network, wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network; encrypting credentials for the wireless network using the first public key into a first ciphertext, the credentials including a SSID and a password of the wireless network; broadcasting, wirelessly, the first ciphertext to the first wireless AP such that the first wireless AP can decrypt the first ciphertext using a first private key of the first public-private key pair; receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and registering the first wireless AP into the wireless network upon receiving the first request. 



12. A gateway (GW) for facilitating the automated configuration of one or more new 802.11 access points (APs) in a wireless network of the GW, the GW comprising: a processor operatively connected to a memory, the processor configured to execute instructions stored in the memory; and a communications interface connected to the processor, the communications interface and the processor configured to: receive, wirelessly, first wireless AP information including a first public key, of a first public-private key pair associated with a first wireless AP of the one or more new 802.11 APs, from a STA that is registered with the wireless network, wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network; encrypt credentials for the wireless network using the first public key into a first ciphertext, the credentials including a SSID and a password of the wireless network; broadcast, wirelessly, the first ciphertext to the first wireless AP such that the first wireless AP can decrypt the first ciphertext using a first private key of the first public-private key pair; receive a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and register the first wireless AP into the wireless network upon receiving the first request.

16. The GW of claim 12, wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of IEEE 802.11u. 


7. A method for facilitating an automated secure configuration of one or more new 802.11 access points (APs) to a network carried out by a cloud server, the method comprising: receiving a message associated with a customer account regarding the one or more new 802.11 APs; associating a first wireless AP, of the one or more new 802.11 APs, that is previously unassociated with the network with the customer account based on the message; retrieving a first public key of a first public-private key pair associated with the first wireless AP; sending the first public key to a gateway (GW) associated with the customer account; and instructing the GW to encrypt network credentials including an SSID and a password of the GW based on the first public key into a first ciphertext and to wirelessly broadcast the first ciphertext to securely associate the first wireless AP that has a first private key of the first public-private key pair to the network.










13. A gateway (GW) for facilitating the automated configuration of one or more new 802.11 access points (APs) in a network of the GW, the GW comprising: a processor connected to a memory, the processor configured to execute instructions stored in the memory; and a communications interface connected to the processor, the communications interface and the processor configured to receive a first public key of a first public-private key pair associated with a first wireless AP, of the one or more new 802.11 APs, that is previously unassociated with the network from a cloud server, receive instructions from the cloud server to encrypt network credentials including a SSID and a password of the GW using the first public key into a first ciphertext, wirelessly broadcast the first ciphertext for securely associating the first wireless AP that has a first private key of the first public-private key pair to the network, and register the first wireless AP into the network of the GW upon receipt of a request from the first AP.









17. The GW of claim 13, wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of 802.11u.








Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2-3, 7-8, 12-13 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Yu US 2017/0366970 in view of Uh et al US 2006/0112269 in view of Benoit et al US 2016/0360404.
 
 	As per claim 2, Yu discloses a method implemented by a gateway for facilitating a secure configuration of one or more new 802.11 access points (APs) in a wireless network of the gateway (abstract,  An extended wireless setup may be initiated at an access point when a predetermined input is received. During the extended wireless setup period, the access point may request updated wireless credentials from a user via a direct message or through a web page interface), the method comprising: 
 	receiving, wirelessly, first wireless AP information including a first public key, of a first public-private key pair associated with a first wireless AP of the one or more new 802.11 APs, from a STA that is registered with the wireless network (par 0033/0062 user-input wireless credentials (e.g., PSK) to be applied at the access point 120, i.e. one or more wireless interface devices (e.g., an 802.11 card), for use in future connections with one or more stations, i.e. STA. and a decodable public encryption algorithm (e.g., base64) i.e., first public –private key pair or a decodable private encryption algorithm, i.e., first public –private key pair, may be used to encrypt the user-input credentials before being output from the station 110 to the access point 120  and User-input credentials may be encrypted before being output from the station 110. For example, a decodable public encryption algorithm (e.g., base64) or a decodable private encryption algorithm may be used to encrypt the user-input credentials before being output from the station 110 to the access point 120 and par 0056-0057 the access point 120 may block the communication targeted at the WAN or LAN, and may output the credential request 605 to the web GUI server 225 of Station 610. [0057] the web GUI server 225 may generate and output a credential web page 610 to the station 110), 
 	 encrypting credentials for the wireless network using the first public key into a first ciphertext, the credentials including a SSID and a password of the wireless network ( par 0033 User-input credentials may be encrypted ,i.e. encrypting before being output, i.e. first ciphertext, from the station 110. For example, a decodable public encryption algorithm (e.g., base64) or a decodable private encryption algorithm may be used to encrypt the user-input credentials before being output from the station 110,i.e. STA, to the access point 120 ); 
 	broadcasting, wirelessly, the first ciphertext to the first wireless AP such that the first wireless AP can decrypt the first ciphertext using a first private key of the first public-private key pair ( par 0046 encrypt the user-input credentials (e.g., PSK) before being output, i.e. first ciphertext broadcasting, from the station 110 to the access point 120. The access point 120 may decode, i.e. decrypt the encrypted credentials received from the station 110); 
 	the STA is communicate with the wireless AP with the wireless network (par 0023 an access point 120, i.e. the wireless AP, may communicate with one or more stations 110, i.e. the STA, over a local network 130 (e.g., a local area network (LAN), a wireless local area network (WLAN), a personal area network (PAN)) and may communicate with an upstream wide area network (WAN), i.e. the wireless network, 140 through a connection to a provider network 150).

 	 Yu does not explicitly disclose wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network; receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and registering the first wireless AP into the wireless network upon receiving -2- 6403177.1the first request.
 	However, Uh discloses receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network (Fig.7, par 0068  When a station gets access to a home network area, and acquires and registers an ID and a password from the AP, i.e. first wireless AP,  to the management web server, or the service manager, i.e. the wireless network,  par 0077 the station 10 transmits an associate-request, i.e. first request, message to the AP 20 in order to make a request for association (S71), and the AP 20 transmits an associate response message to the station 10 (S72). Then, in the case of using the 802.1x standard and then registers, i.e. requesting, its ID and password, or credential information, with the web server 24 located in the AP 20. The ID and password of the station 10 are endowed by the service manager.); and registering the first wireless AP into the wireless network upon receiving -2- 6403177.1the first request (par 0079 the station 10 obtains access to the AP 20 and registers, i.e. registering, the ID and password (S74), the AP 20 allocates the authentication level that is predetermined by the service manager to the corresponding station 10).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh, because doing so would provide the station transmits an associate-request message to the AP in order to make a request for association, and the AP transmits an associate response message to the station.
The combination does not explicitly disclose wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network.
 	However, Benoit discloses wherein the first public key is a computer readable image associated with the first wireless AP (par 0028, the configurator 140 (which may be distinct from the client device 130) may be a smartphone, i.e. STA, that includes an to scan labels and/or images. The client device 130 may include a label imprinted with a QR code 135. The QR code 135 may display the public Root Identity Key or may direct a scanning device to retrieve the public Root Identity Key from a remote device or service. Thus, the QR code 135 may directly or indirectly provide the public Root Identity Key of the client device 130 to the configurator 140, a barcode label may replace the QR code 135); Wherein the first wireless AP is previously unassociated with the wireless network (par 0062 client device 130 dynamically generates the Transient Identity Key pair 138 (602). The Transient Identity Key pair 138 may include a public key and a private key (e.g., a public Transient Identity Key and a private Transient Identity key). Further, the Transient Identity Key pair 138 may be used to authenticate the client device 130 to the AP 110. Next, the client device 130 indirectly provides the public Transient Identity Key to the AP 110 (604)).

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).


 	As per claim 3, Yu in view of Uh in view of Benoit disclose the method of claim 2, Yu discloses wherein the gateway is an access point (par 0023 An access point 120 may include a gateway device).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 7, Yu in view of Uh in view of Benoit disclose the method of claim 2, Benoit discloses wherein the computer readable image is a bar code or a QR code (par 0028, the configurator 140 (which may be distinct from the client device 130) may be a smartphone, i.e. STA, that includes an to scan labels and/or images. The client device 130 may include a label imprinted with a QR code 135. The QR code 135 may display the public Root Identity Key or may direct a scanning device to retrieve the public Root Identity Key from a remote device or service).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 8, Yu in view of Uh in view of Benoit disclose the method of claim 2, Uh disclose  wherein the first wireless AP information further includes a MAC address and serial number of the first wireless AP (par 0009 /0059The IEEE 802.1x standard specifies the overall authentication mechanism between the supplicant, the authenticator and the authentication server, and prescribes that an extendable authentication protocol (EAP) should be used between the supplicant and the authenticator at a medium access control (MAC) layer ).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 12, Yu discloses a gateway (GW) for facilitating the automated configuration of one or more new 802.11 access points (APs) in a wireless network of the GW, the GW comprising: 
 	a processor operatively connected to a memory, the processor configured to execute instructions stored in the memory (par 0059 The hardware configuration 700 can include a processor 710, a memory 720, a storage device 730, and an input/output device 740 ); and a communications interface connected to the processor, the communications interface and the processor configured to ( par 0059The hardware configuration 700 can include a processor 710, a memory 720, a storage device 730, and an input/output device 740 ): configured to execute instructions stored in the memory; and a communications interface connected to the processor, the communications interface and the processor configured to ( par 0059, The hardware configuration 700 can include a processor 710, a memory 720, a storage device 730, and an input/output device 740): 
 	receive, wirelessly, first wireless AP information including a first public key, of a first public-private key pair associated with a first wireless AP of the one or more new 802.11 APs, from a STA that is registered with the wireless network (par 0033/0062 user-input wireless credentials (e.g., PSK) to be applied at the access point 120, i.e. one or more wireless interface devices (e.g., an 802.11 card), for use in future connections with one or more stations, i.e. STA. and a decodable public encryption algorithm (e.g., base64) i.e., first public –private key pair or a decodable private encryption algorithm, i.e., first public –private key pair, may be used to encrypt the user-input credentials before being output from the station 110 to the access point 120  and User-input credentials may be encrypted before being output from the station 110. For example, a decodable public encryption algorithm (e.g., base64) or a decodable private encryption algorithm may be used to encrypt the user-input credentials before being output from the station 110 to the access point 120 and par 0056-0057 the access point 120 may block the communication targeted at the WAN or LAN, and may output the credential request 605 to the web GUI server 225 of Station 610. [0057] the web GUI server 225 may generate and output a credential web page 610 to the station 110), 
 	 encrypt credentials for the wireless network using the first public key into a first ciphertext, the credentials including a SSID and a password of the wireless network ( par 0033 User-input credentials may be encrypted ,i.e. encrypting before being output, i.e. first ciphertext, from the station 110. For example, a decodable public encryption algorithm (e.g., base64) or a decodable private encryption algorithm may be used to encrypt the user-input credentials before being output from the station 110,i.e. STA, to the access point 120 ); 
 	broadcast, wirelessly, the first ciphertext to the first wireless AP such that the first wireless AP can decrypt the first ciphertext using a first private key of the first public-private key pair ( par 0046 encrypt the user-input credentials (e.g., PSK) before being output, i.e. first ciphertext broadcasting, from the station 110 to the access point 120. The access point 120 may decode, i.e. decrypt the encrypted credentials received from the station 110); 
 	the STA is communicate with the wireless AP with the wireless network (par 0023 an access point 120, i.e. the wireless AP, may communicate with one or more stations 110, i.e. the STA, over a local network 130 (e.g., a local area network (LAN), a wireless local area network (WLAN), a personal area network (PAN)) and may communicate with an upstream wide area network (WAN), i.e. the wireless network, 140 through a connection to a provider network 150).

 	 Yu does not explicitly disclose wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network; receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and registering the first wireless AP into the wireless network upon receiving -2- 6403177.1the first request.
 	However, Uh discloses receive a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network (Fig.7, par 0068  When a station gets access to a home network area, and acquires and registers an ID and a password from the AP, i.e. first wireless AP,  to the management web server, or the service manager, i.e. the wireless network,  par 0077 the station 10 transmits an associate-request, i.e. first request, message to the AP 20 in order to make a request for association (S71), and the AP 20 transmits an associate response message to the station 10 (S72). Then, in the case of using the 802.1x standard and then registers, i.e. requesting, its ID and password, or credential information, with the web server 24 located in the AP 20. The ID and password of the station 10 are endowed by the service manager.); and registering the first wireless AP into the wireless network upon receiving -2- 6403177.1the first request (par 0079 the station 10 obtains access to the AP 20 and registers, i.e. registering, the ID and password (S74), the AP 20 allocates the authentication level that is predetermined by the service manager to the corresponding station 10).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh, because doing so would provide the station transmits an associate-request message to the AP in order to make a request for association, and the AP transmits an associate response message to the station.
The combination does not explicitly disclose wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network.
 	However, Benoit discloses wherein the first public key is a computer readable image associated with the first wireless AP (par 0028, the configurator 140 (which may be distinct from the client device 130) may be a smartphone, i.e. STA, that includes an to scan labels and/or images. The client device 130 may include a label imprinted with a QR code 135. The QR code 135 may display the public Root Identity Key or may direct a scanning device to retrieve the public Root Identity Key from a remote device or service. Thus, the QR code 135 may directly or indirectly provide the public Root Identity Key of the client device 130 to the configurator 140, a barcode label may replace the QR code 135); Wherein the first wireless AP is previously unassociated with the wireless network (par 0062 client device 130 dynamically generates the Transient Identity Key pair 138 (602). The Transient Identity Key pair 138 may include a public key and a private key (e.g., a public Transient Identity Key and a private Transient Identity key). Further, the Transient Identity Key pair 138 may be used to authenticate the client device 130 to the AP 110. Next, the client device 130 indirectly provides the public Transient Identity Key to the AP 110 (604)).

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 13, Yu in view of Uh in view of Benoit disclose the GW of claim 12, Yu discloses wherein the GW is an access point (par 0023 An access point 120 may include a gateway device).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 17, Yu in view of Uh in view of Benoit disclose the GW of claim 12, Benoit discloses wherein the computer readable image is a bar code or a QR code (par 0028, the configurator 140 (which may be distinct from the client device 130) may be a smartphone, i.e. STA, that includes an to scan labels and/or images. The client device 130 may include a label imprinted with a QR code 135. The QR code 135 may display the public Root Identity Key or may direct a scanning device to retrieve the public Root Identity Key from a remote device or service).  
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).

 	As per claim 18, Yu in view of Uh in view of Benoit disclose the GW of claim 12, Uh disclose  wherein the first wireless AP information further includes a MAC address and serial number of the first wireless AP (par 0009 /0059The IEEE 802.1x standard specifies the overall authentication mechanism between the supplicant, the authenticator and the authentication server, and prescribes that an extendable authentication protocol (EAP) should be used between the supplicant and the authenticator at a medium access control (MAC) layer ).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, because doing so would provide a configurator may provide the public Root Identity Key to the AP through a previously established trusted connection and authenticates the client device to the AP( par 0031).


Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Yu US 2017/0366970 in view of Uh et al US 2006/0112269 in view of Benoit et al US 2016/0360404 in view of Kaskoun et al US 2015/0150505.

 	As per claim 4, Yu in view of Uh in view of Benoit disclose the method of claim 2, the combination fails to disclose wherein the first wireless AP registers as a range extender. 
 	However, Kaskoun disclose wherein the first wireless AP registers as a range extender (par 0030 [0030] The term " access point" as used herein refers to any of network wireless access points, wireless routers, wireless access point repeaters, wireless access point range extenders, bridges, combinations of these device or other devices, which may provide access for a client device to a network operating according to a wireless protocol, such as a WiFi protocol (e.g. under various versions of the 802.11 protocol) or other protocol.). 

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of access point that includes range extenders of Kaskoun, because doing so would provide extended coverage for the user(par 0030).

As per claim 14, Yu in view of Uh in view of Benoit disclose the GW of claim 12, the combination fails to disclose wherein the first wireless AP registers as a range extender. 
 	However, Kaskoun disclose wherein the first wireless AP registers as a range extender (par 0030 [0030] The term " access point" as used herein refers to any of network wireless access points, wireless routers, wireless access point repeaters, wireless access point range extenders, bridges, combinations of these device or other devices, which may provide access for a client device to a network operating according to a wireless protocol, such as a WiFi protocol (e.g. under various versions of the 802.11 protocol) or other protocol.). 

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of access point that includes range extenders of Kaskoun, because doing so would provide extended coverage for the user(par 0030).
 


Claims 5-6 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Yu US 2017/0366970 in view of Uh et al US 2006/0112269 in view of Benoit et al US 2016/0360404 in view of  Stephenson US 2018/0063714.

 	As per claim 5, Yu in view of Uh in view of Benoit disclose the method of claim 2,  the combination fails to disclose wherein the wireless network is a mesh wireless network and the first wireless AP registers as a mesh AP.  
 	However Stephenson discloses wherein the wireless network is a mesh wireless network and the first wireless AP registers as a mesh AP ([0075] As shown in FIG. 4, an island access point 312 in factory reset condition performs network discovery (e.g., scans) to find other access points (e.g., as advertised by information elements included in IEEE 802.11 beacon frames) in a mesh network 112,).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of mesh network of access point of Stephenson, because doing so would provide extended service for the user(par 0075).


 	As per claim 6, Yu in view of Uh in view of Benoit disclose the method of claim 2, the combination fails to disclose wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of IEEE 802.11u.  
 	However, Stephenson discloses wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of IEEE 802.11u.(par 0075  Access point 312 may request the manufacturer certificate that includes the public encryption key (in a public-encryption-key/private-encryption-key pair) from root access point 310 using an IEEE 802.11u generic advertising service. Moreover, access point 312 may generate a nonce (such as a random or pseudorandom number) for later user by registrar device 120, and then may optionally encrypt the nonce and its own manufacturer certificate with the public encryption key of root access point 310. The resulting data structure may be sent to root access point 310 using the IEEE 802.11u generic advertising service.).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of mesh network of access point of Stephenson, because doing so would provide extended service for the user(par 0075).

As per claim 15, Yu in view of Uh in view of Benoit disclose the GW of claim 12,  the combination fails to disclose wherein the wireless network is a mesh wireless network and the first wireless AP registers as a mesh AP.  
 	However Stephenson discloses wherein the wireless network is a mesh wireless network and the first wireless AP registers as a mesh AP ([0075] As shown in FIG. 4, an island access point 312 in factory reset condition performs network discovery (e.g., scans) to find other access points (e.g., as advertised by information elements included in IEEE 802.11 beacon frames) in a mesh network 112,).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of mesh network of access point of Stephenson, because doing so would provide extended service for the user(par 0075).
 

 	As per claim 16, Yu in view of Uh in view of Benoit disclose the GW of claim 12, the combination fails to disclose wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of IEEE 802.11u.  
 	However, Stephenson discloses wherein the first ciphertext is sent using a Generic Advertising Service (GAS) Request/Response and sent in a Public Action Frame of IEEE 802.11u.(par 0075  Access point 312 may request the manufacturer certificate that includes the public encryption key (in a public-encryption-key/private-encryption-key pair) from root access point 310 using an IEEE 802.11u generic advertising service. Moreover, access point 312 may generate a nonce (such as a random or pseudorandom number) for later user by registrar device 120, and then may optionally encrypt the nonce and its own manufacturer certificate with the public encryption key of root access point 310. The resulting data structure may be sent to root access point 310 using the IEEE 802.11u generic advertising service.).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of mesh network of access point of Stephenson, because doing so would provide extended service for the user(par 0075).

 

Claims 9 -10 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yu US 2017/0366970 in view of Uh et al US 2006/0112269 in view of Benoit et al US 2016/0360404 in view of  Koo et al US 2014/0181916.

 	As per claim 9, Yu in view of Uh in view of Benoit disclose the method of claim 2, the combination does not explicitly discloses further comprising sending the first wireless AP information to a cloud server and receiving an indication of authentication of the first wireless AP, wherein the encrypting, broadcasting, and registering is performed on a condition of receiving the indication of authentication.  

 	However, Koo discloses sending the first wireless AP information to a cloud server and receiving an indication of authentication of the first wireless AP, wherein the encrypting ( par 0026  The controller controls the communicator to transmit SSID information and encryption information of an access point currently used by the electronic device to the personal cloud apparatus), broadcasting, and registering is performed on a condition of receiving the indication of authentication (  par 0017 [0017] The registering may include receiving MAC address information from the personal cloud apparatus, receiving user account information from an authentication server when the user account is logged in to the authentication server, transmitting the user account information and the MAC address information to the registration server, to register the personal cloud apparatus when the personal cloud apparatus is registered to the registration server using the user account information and the MAC address information, receiving from the registration server domain information and peer Identification (ID) information of a network server to which the personal cloud apparatus can connect, and transmitting the received domain information and peer ID information to the personal cloud apparatus and par 0024 For the pairing with the personal cloud apparatus via a WiFi interface, the controller receives SSID information via the communicator, when the SSID of the personal cloud apparatus is broadcast via the personal cloud apparatus, generates encryption information with a Hash algorithm using the SSID information and MAC address information of the personal cloud apparatus, and pairs with the personal cloud apparatus based on the SSID information and the encryption information).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of enabling the access point with cloud server of Koo, because doing so would provide pairs with the personal cloud apparatus based on the SSID information and the encryption information(par 0024).

 	As per claim 10, Yu in view of Uh in view of Benoit disclose the method of claim 2, the combination fails to disclose further comprising sending information regarding the STA to a cloud server and receiving an indication of authentication of the STA, wherein the encrypting, broadcasting, and registering is performed on a condition of receiving the indication of -3- 6403177.1authentication.

  	However, Koo discloses sending information regarding the STA to a cloud server and receiving an indication of authentication of the STA, wherein the encrypting, broadcasting ( ( [0088] At operation S365, the electronic device 100,i.e. STA, transmits a pairing request signal to the selected personal cloud apparatus 200. The electronic device 100 may display an instruction 15 to select a button provided on the personal cloud apparatus 200 as the one illustrated in FIG. 15C, to increase security on the connection between the electronic device 100 and the personal cloud apparatus 200).
), and registering is performed on a condition of receiving the indication of -3- 6403177.1authentication  ( [0094] After that, the electronic device 100 may provide the UI, such as the one illustrated in FIG. 15E, while registering the personal cloud apparatus 200 to the registration server 530 and [0107] To register the personal cloud apparatus 200 to the registration server 530, at operation S455, the personal cloud apparatus 200 sends the information about the personal cloud apparatus 200 (e.g., MAC address, device ID, etc.) to the electronic device 100 and 0138 [0138] The registration server 530 registers the personal cloud apparatus 200 at operation S730. The registration server 530 determines whether the personal cloud apparatus 200 is registered on the registration server 530 based on the MAC address information, the unique information of the personal cloud apparatus 200. When the personal cloud apparatus 200 is not registered, the registration server 530 registers the personal cloud apparatus 200 under the log-in user account).

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of enabling the access point with cloud server of Koo, because doing so would provide pairs with the personal cloud apparatus based on the SSID information and the encryption information(par 0024).

 	As per claim 19, Yu in view of Uh in view of Benoit disclose the GW of claim 12, the combination does not explicitly discloses further comprising sending the first wireless AP information to a cloud server and receiving an indication of authentication of the first wireless AP, wherein the encrypting, broadcasting, and registering is performed on a condition of receiving the indication of authentication.  

 	However, Koo discloses sending the first wireless AP information to a cloud server and receiving an indication of authentication of the first wireless AP, wherein the encrypting ( par 0026  The controller controls the communicator to transmit SSID information and encryption information of an access point currently used by the electronic device to the personal cloud apparatus), broadcasting, and registering is performed on a condition of receiving the indication of authentication ( par 0024 For the pairing with the personal cloud apparatus via a WiFi interface, the controller receives SSID information via the communicator, when the SSID of the personal cloud apparatus is broadcast via the personal cloud apparatus, generates encryption information with a Hash algorithm using the SSID information and MAC address information of the personal cloud apparatus, and pairs with the personal cloud apparatus based on the SSID information and the encryption information).  

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of enabling the access point with cloud server of Koo, because doing so would provide pairs with the personal cloud apparatus based on the SSID information and the encryption information(par 0024).


As per claim 20, Yu in view of Uh in view of Benoit disclose the GW of claim 12,  the combination fails to disclose further comprising sending information regarding the STA to a cloud server and receiving an indication of authentication of the STA, wherein the encrypting, broadcasting, and registering is performed on a condition of receiving the indication of -3- 6403177.1authentication.

  	However, Koo discloses sending information regarding the STA to a cloud server and receiving an indication of authentication of the STA, wherein the encrypting, broadcasting (( [0088] At operation S365, the electronic device 100,i.e. STA, transmits a pairing request signal to the selected personal cloud apparatus 200. The electronic device 100 may display an instruction 15 to select a button provided on the personal cloud apparatus 200 as the one illustrated in FIG. 15C, to increase security on the connection between the electronic device 100 and the personal cloud apparatus 200).
), and registering is performed on a condition of receiving the indication of -3- 6403177.1authentication  ( [0094] After that, the electronic device 100 may provide the UI, such as the one illustrated in FIG. 15E, while registering the personal cloud apparatus 200 to the registration server 530 and [0107] To register the personal cloud apparatus 200 to the registration server 530, at operation S455, the personal cloud apparatus 200 sends the information about the personal cloud apparatus 200 (e.g., MAC address, device ID, etc.) to the electronic device 100 and 0138 [0138] The registration server 530 registers the personal cloud apparatus 200 at operation S730. The registration server 530 determines whether the personal cloud apparatus 200 is registered on the registration server 530 based on the MAC address information, the unique information of the personal cloud apparatus 200. When the personal cloud apparatus 200 is not registered, the registration server 530 registers the personal cloud apparatus 200 under the log-in user account).

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of  the access point decrypting the encrypted password or credential of Yu, based on the teaching of registering  the password from the access point to the web server of Uh,  based on the teaching of  generating the QR code of the Root identity key pair for configuring the client device 130 with the access point 110 of Benoit, based on the teaching of enabling the access point with cloud server of Koo, because doing so would provide pairs with the personal cloud apparatus based on the SSID information and the encryption information(par 0024).

Allowable Subject Matter

The following is an examiner's statement of reasons for allowance: In interpreting the claims, in light of the Specification and the applicant's amendments filed on 08/11/2020, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
 	The present relates to a method of facilitating the automated configuration of one or more new 802.11 access points (APs) are disclosed herein. A cloud server may receive a message associated with a customer account for one or more new APs. The cloud server may associate a first AP of the one or more new APs based on the message. The cloud server may then retrieve a public key associated with the first AP which has a reciprocal private key. The cloud server may send the public key to a gateway (GW) associated with the customer account. The GW may encrypt the GW credentials, such as a password and SSID, into a ciphertext using the public key and then broadcast this information. When the first AP has been powered on it may decrypt the ciphertext using the private key and use the credentials to act as a node in the GW's network.

	Independent claims 2 and 12, recite the uniquely distinct features “ receiving, wirelessly, first wireless AP information including a first public key, of a first public-private key pair associated with a first wireless AP of the one or more new 802.11 APs, from a STA that is registered with the wireless network, wherein the first public key is a computer readable image associated with the first wireless AP, wherein the first wireless AP is previously unassociated with the wireless network; encrypting credentials for the wireless network using the first public key into a first ciphertext, the credentials including a SSID and a password of the wireless network; broadcasting, wirelessly, the first ciphertext to the first wireless AP such that the first wireless AP can decrypt the first ciphertext using a first private key of the first public-private key pair; receiving a first request to register to the wireless network from the first wireless AP, the request including the password of the wireless network; and registering the first wireless AP into the wireless network upon receiving the first request  “ with limitation “ AP includes range extender” the combination of all the limitations clams 11 and 21 “ receiving, wirelessly, second wireless AP information including a first public key, of a second public-private key pair associated with a second wireless AP of the one or more new 802.11 APs, from the STA that is registered with the wireless network, wherein the second public key is a computer readable image associated with the second wireless AP, wherein the second wireless AP is previously unassociated with the wireless network; encrypting credentials for the wireless network using the second public key into a second ciphertext, the credentials including the SSID and the password of the wireless network; broadcasting, wirelessly, the second ciphertext to the second wireless AP such that the second wireless AP can decrypt the first ciphertext using a second private key of the second public-private key pair; receiving a second request to register to the wireless network from the second wireless AP, the request including the password of the wireless network; and registering the second wireless AP into the wireless network upon receiving the second request. “  Respectively.

The closest prior art, Yu US 2017/0366970 discloses An extended wireless setup may be initiated at an access point when a predetermined input is received. During the extended wireless setup period, the access point may request updated wireless credentials from a user via a direct message or through a web page interface. The access point may overwrite currently used wireless credentials with the updated wireless credentials received from user input, and the access point may use the updated wireless credentials for establishing future wireless connections with one or more stations.
The closest prior art  Uh et al US 2006/0112269  discloses endowing any one of a plurality of authentication levels to each of a plurality of user stations obtaining access to an access point, and to each of a plurality of services provided by a plurality of service servers, the authentication levels being divided into a plurality of steps; and, when a given user station obtains access to the access point to make a request for the specified service, comparing the authentication level endowed to the given user station with the authentication level of the service requested by the given user station, and allowing the given user station the requested service according to a result of the comparison.
The closest prior art  Benoit et al US 2016/0360404 discloses configuring a wireless station for use within a wireless local area network are disclosed. In at least one exemplary embodiment, a pairwise master key is generated by the wireless station and an access point within the wireless local area network. The pairwise master key may be based, at least in part, on a transient identity key pair of the wireless station. The transient identity key pair may be generated by the wireless station in response to receiving a message from the access point. In some embodiments, a public transient identity key of the transient identity key pair may be provided to additional access points to enable the wireless station to authenticate with the additional access points.
 
	
However, the prior art of record, either individually or in a reasonable combination, fails to disclose or suggest the underline limitations when in combination with the remaining limitations currently recited in the independent claims 2  and 12, In addition, updated search also did not yield any new applicable prior art with respect to the underlined limitations.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. McCann et al US 2018/0302219 discloses  [0040] The AP generates (at 202) a public-private key pair, where the public key is denoted as P.sub.ap, and the corresponding private key is denoted as p.sub.ap. A public key is a cryptographic key that is distributed by the sender to a select group of devices.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495