DETAILED ACTION
This Non Final Office Action is in response to Application filed on 03/01/2019.
Claims 1-20 filed on 03/01/2019 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 03/01/2019 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 03/01/2019 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 03/01/2019 are attached to the instant Office action. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3-5, 11-13, 16, 18-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro.

Regarding claim 1, Salgueiro teaches a computer-implemented method (Salgueiro teaches the method for client device 302 roaming between multiple wireless LAN controllers (WLCs) illustrated in Figures 3A-B, [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”), comprising: 
(Salgueiro [0043] “…a device receives data regarding a wireless client attempting to form an association with a particular wireless access point in a network. The device queries a blockchain ledger in a blockchain database for wireless roaming data regarding the wireless client.”, [0073] “client 502 may initiate a probe exchange 512 with AP 504 a in which client 502 sends a probe request to AP 504a and AP 504a returns a probe response.”, [0074] “an authentication exchange 514 may ensue in which client 502 shares authentication information with AP 504a, such as identification information for client 502, etc. After authenticating client 502, an association exchange 528 may ensue between AP 504a and client 502, and this association may be overseen by WLC 506a.”, where the WLC 506a supervising the AP AP504a illustrated in Figures 3A-B, correspond to the first access point); 
creating authentication credentials for the client device based on an identification of the client device 
(Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4”, 
where the information created in the blockchain ledger includes authentication information, keying material, required to perform association and connection between the AP 504a and client 502, as disclosed in [0057], 
consistent with the credentials defined e.g. [0039] and in claim 3 of the instant application, where authentication credentials comprises set of shared keys); 
transmitting the authentication credentials for the client device to a second access point, wherein the first access point and the second access point share a secure block chain application (Salgueiro [0078] “By distributing the header of the root block created in FIG. 5A, WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is queried by WLC 506b transmitted from WLC 506a to the WLC 506b, where the WLC 506b and AP 504b illustrated in Figures 3A-B correspond to the second access point), [0090] “the ledger provides a way to distribute client keying material between WLCs…”); and 
allowing the client device to roam from the first access point to the second access point without requesting new authentication credentials (Salgueiro discloses in [0046-0048] and Figures A-B illustrate client 502 roaming between two access points, [0090] “the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain”, [0095] “in the case in which the client is attempting to re-associate with the AP, the device can use the roaming information from the blockchain ledger to send a re-association response back to the client.…an existing FSR mechanism may also be leveraged in parallel with the blockchain-based roaming mechanism and whichever results in a re-association response faster may be used. In other cases, such as when the device is roaming between APs in separately administered networks (e.g., between different stores in a mall, etc.), the retrieved roaming information can be used to authenticate the client across the networks. Security checks, such as ensuring that the client is not spoofing a MAC address of an existing client, can also be performed using the information from the ledger.”, where the roaming information retrieved from the ledger authentication the client, i.e. no new authentication credential is requested).

Claims 11 and 18 are directed to a system and a non-transitory computer-readable medium, respectively, reciting processor and memory (disclosed by Salgueiro e.g. [0033]) to perform the method in claim 1. The methods in Claims 11 and 18 are similar in scope to claim 1, and are therefore rejected with the same rationale as claim 1 

Regarding claim 3, the computer-implemented method of claim 1, wherein creating authentication credentials for the client device comprises generating a set of shared keys (Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4.”, where the information created in the blockchain ledger includes authentication information, keys, required to perform association and connection between access point and the client AP 504a and client 502, as disclosed in [0057]).

Claims 12 and 19 directed to a system and a non-transitory computer-readable medium, respectively, associated with the method claimed in claim 3. Claims 12 and 19 are similar in scope to claim 3, and are therefore rejected with the same rationale as claim 3. 

Regarding claim 4, the computer-implemented method of claim 1, wherein creating authentication credentials for the client device comprises forming a distributed ledger accessible by multiple access points including the first access point and the second access point, and storing the authentication credentials in the distributed ledger (Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504a, as detailed above with respect to FIG. 4.”, where the information created in the blockchain ledger includes authentication information, keys, required to perform association and connection between access point and the client AP 504a and client 502, as disclosed in [0057],
 [0078] “By distributing the header of the root block created in FIG. 5A, 
WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is queried by WLC 506b transmitted from WLC 506a to the WLC 506b, [0090] “the ledger provides a way to distribute client keying material between WLCs…”).

Claim 16 is directed to a system associated with the method claimed in claim 4. Claim 16 is similar in scope to claim 4, and are therefore rejected with the same rationale and motivation as claim 4. 

 
Regarding claim 5, the computer-implemented method of claim 1, wherein transmitting the authentication credentials for the client device comprises transmitting the authentication credentials to multiple access points running the secure block chain application in the wireless local area network (Salgueiro [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”,
[0078] “By distributing the header of the root block created in FIG. 5A, WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is transmitted to the WLC 506b, where the WLC 506b supervising AP 504b illustrated in Figures 3A-B correspond to the second access point, where the system accommodates multiple APs as disclosed [0080-0081] illustrated Figures 6A-B, where the blockchain database accommodates the multiple Aps, [0090] “the ledger provides a way to distribute client keying material between WLCs.”).

Claims 13 and 20 directed to a system and a non-transitory computer-readable medium, respectively, associated with the method claimed in claim 5. Claims 13 and 20 are similar in scope to claim 5, and are therefore rejected with the same rationale as claim 5. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, in view of Sather et. al. (US 20080005562 A1), hereinafter Sather.
		
Regarding claim 2, the computer-implemented method of claim 1, 
Salgueiro does not disclose the below limitation.
Sather disclose wherein receiving a request from the client device comprises receiving a user ID and a password from the client device at a first access by the client device, and receiving a self-signed certificate from a public key in the client device at a second, subsequent access by the client device (Sather discloses in the abstract trust between devices is established using a combination of a personal identification number (PIN) delivered out-of-band and self-signed certificates. Figure 4 illustrates (410) receiving by electronic device, corresponding to client device, a PIN, which comprises identifier and password as disclosed in [0003, 0030, 0040], accordingly, [0042] “At block 418, the client 401 and electronic device 402 may create a secure channel, such as secure sockets library (SSL) over an Internet protocol channel, for further communication.”, where the secure channel created corresponds to establishing a first access, and further/subsequent communication [0042] “The electronic device 402 may send, at block 420, a message including a self-signed certificate that includes the UUID of the electronic device 402, for example, in the subject field. When the client 401 receives the certificate at block 422, the client 401 may determine if the certificate is self-signed. If the certificate is self-signed then the client 401 may extract the public key and see if it hashes to the UUID of the electronic device 402. When the values match, in combination with verifying that the electronic device 402 has the PIN at block 416, then the client 401 may grant trusted status to the electronic device 402.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Sather to utilize the above feature, with the motivation of utilizing a more cost effective trust and secure method, as recognized by (Sather [0003]).

Claim 14 is directed to a system associated with the method claimed in claim 2. Claim 14 is similar in scope to claim 2, and are therefore rejected with the same rationale and motivation as claim 2. 


Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, in view of Kalan et. al. (US 20180167221 A1), hereinafter Kalan.
 
 Regarding claim 6, the computer-implemented method of claim 1, 
While Salgueiro discloses the above limitations, Salgueiro further discloses in [0084] timer mechanism for timing out the blockchain ledger for a client, however, Salgueiro does not disclose the below limitation.
Kalan further comprising adding a time to live to a self-signed certificate from a public key in the client device, wherein the time to live is configured to last for a selected period of time ranging from a few minutes to several hours (Kalan discloses in [0083] “…the receiver system receives the self-signed certificate from sender system A. In this example, the self-signed certificate includes a public key A and may also include information indicating a time period during which the self-signed certificate is valid (such as an expiration date or a number of days until the self-signed certificate expires).”, where the time period may include expiration data, which can be the next day, or several days, which are construed as several hours since one day consists of 24 hours).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Kalan to utilize the above feature, with the motivation of setting time period 

Claim 15 is directed to a system associated with the method claimed in claim 6. Claim 15 is similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 

  
Claims 7-9 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, in view of Tiptonet. al. (US 20190394648 A1), hereinafter Tipton.

Regarding claim 7, Salgueiro teaches the computer-implemented method of claim 1, 
While Salgueiro discloses the above limitations, where authentication keying information, i.e., credentials, in blockchains are shared among different controllers associated with different access points, where a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], however, Salgueiro does not explicitly disclose validation by the secure block chain in access point application. Emphasis in Italic.
validating the authentication credentials by the secure block chain application in at least the first access point and in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the 
  
Claim 17 is directed to a system associated with the method claimed in claim 7. Claim 17 is similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 8, Salgueiro teaches the computer-implemented method of claim 1, 
further comprising creating a non-invertible cryptographic record of the transaction (Salgueiro discloses creating records of roaming transactions as illustrated in Figures 6A-B, by carting blocks, child blocks and new blocks).
  While Salgueiro discloses the above limitations, where authentication keying information, i.e., credentials, in blockchains are shared among different controllers associated with different access points, where a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], however, Salgueiro does not explicitly disclose validation by the secure block chain in access point application. Emphasis in Italic.
Tipton discloses validating a transaction with the client device by the secure block chain application in at least the first access point and in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Tipton to utilize the above feature, with the motivation of 
 
Regarding claim 9, Salgueiro teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Salgueiro Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another).
While Salgueiro discloses the above limitations for client device roaming, where authentication keying information, i.e., credentials, in blockchains are shared among different controllers associated with different access points, where a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], allowing roaming by distributing keying information by the blockhead ledger that is also locally stored in WLCs, however, Salgueiro does not explicitly disclose validating the authentication credentials for the client device. Emphasis in Italic.

Tipton discloses allowing the client device to roam comprises validating the authentication credentials for the client device in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Tipton to utilize the above feature, with the motivation of managing/controlling/sharing credentials using blockchain fabric, as recognized by (Tipton [0003, 0056]).
 
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, in view of Palojarvi. al. (US 20050198306 A1), hereinafter Palojarvi.

Regarding claim 10, Salgueiro teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another).
Salgueiro does not teach downloading network policy.
Palojarvi discloses the computer-implemented method further comprises downloading to the client device, from one of the first access point or the second access point, a network policy associated with the authentication credentials (Palojarvi discloses in [0011] “the VPN client can download at least one VPN policy from the SPD via the physical access point”, [0079] “the VPN client can receive a selection of a VPN policy to associate with the VPN access point”, [0055] “…the VPN client can be capable of installing VPN policies selected from one or more different types of VPN policies, including user-specific certificate policies, generic certificate policies and generic non-certificate policies.”, where the policies include information and key information required for authentication and establishing secure communication as disclosed in [0056], where the policy defines means for establishing connection over the network).
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Menon (US 20200118124 A1) discloses a public key stored on a blockchain, which can be retrieved by a third-party user to verify a transaction by a user on the blockchain. A mobile device can move and come within range of an access point of a third-party network. The third-party network can access the blockchain to retrieve sensor credentials (e.g., a public key) to verify a user identity. To access blockchain data, a third-party network can initiate a smart contract overlaid on the identity blockchain.
Obaidi (US 20200213305 A1) discloses provisioning a home automation hub, or one or more of IoT devices, with blockchain nodes. Receiving a request from a device to connect to a hub, performing blockchain operation to determine whether the device is authorized, accordingly authorize connection and perform blockchain transaction associated with the authorization.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/BASSAM A NOAMAN/Examiner, Art Unit 2497