Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the original claims filed 1/31/2019.  Claims 1-20 are pending.  Claims 1 (a method), 13 (a method), and 20 (a non-transitory CRM) are independent.

Allowable Subject Matter
Claims 6, 7, 12, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Seetarama in view of UniFi and Eronen are viewed as rendering claim 11 obvious. Seetarama in view of UniFi Eronen and Lee are viewed as rendering claims 4 and 16 obvious.
However, said references do not further disclose the combination of features set forth in claims 6, 7, 12, and 18 and no references were found which would anticipate or reasonably render obvious the further features of claims 6, 7, 12, and 18.  As such, claims 6, 7, 12, and 18 are objected to as depending on a rejected base claim. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further 

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 11 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  
Claim 11 depends on claim 1.
Claim 1 requires: “in response to determining a match between the first token and the second token …”
Claim 11 requires: “wherein the first token comprises a BLE MAC address of the first access point, and wherein the second token comprises a BLE MAC address of the un-provisioned access point.”
The limitations of claim 1 are conditioned on the first and second tokens “matching” whereas the limitations of claim 11 require that the tokens contain data that does not match.  There is no description of what data is matched nor how the matching is accomplished and the plain interpretation of claim 11 would be that it requires that the tokens do not match, thereby broadening claim 1 by omitting actions performed when the tokens match.
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seetarama, “Secure Device Bootstrapping with the Nimble Out of Band Authentication Protocol” (published 2017), in view of “UniFi Enterprise System Controller” (version 5.6.2 published 2018) hereafter referred to as UniFi, and Eronen et al., “Diameter Extensible Authentication Protocol (EAP) Application” (published 2005).

As to claims 1 and 13, Seetarama discloses a method/method comprising: 
receiving a first transmission signal from a first access point, (Seetarama Figure 3 on page 12 showing the EAP encapsulation from an “authenticator” to an AAA server. Note Seetarama § 3.2) the first transmission signal comprises identifying information … that comprises a first token; (EAP encapsulation of “EAP-Response/EAP-NOOB” as shown in Figure 5 on page 24 of Seetarama. The EAP-response comprising the the inputs to the inputs to the HOOB calculation in § 3.4.2)
receiving a second transmission signal from a client device (the OOB device shown in Seetarama Figure 12 on page 36), wherein the second transmission signal user assisted channel, the OOB message will not contain a message type. Instead, the OOB message will always have three parameters: server assigned peer identifier (PeerID), an OOB message nonce (Noob) and a cryptographic finger print (Hoob).” Seetarama § 3.4.2)
in response to determining a match between the first token and the second token, identifying the first access point as the un-provisioned …; (“The Hoob is generated using the parameters from Initial exchange. …The cryptographic hash generating function H is selected based on the negotiated cryptographic algorithm from Initial exchange. The input parameter Dir used for Hoob generation is the negotiated OOB message direction. When the negotiated direction is three, both OOB input and OOB output should be delivered. At the receiver’s end, the integrity of the received OOB message should be verified by computing the Hoob using same inputs, and comparing it with the received value.” Seetarama § 3.4.2.)

Seetarama does not disclose:
identifying information of the first access point
un-provisioned access point
transmitting the identifying information of the first access point and a request to the client device to authorize the un-provisioned access point; and 
receiving a third transmission signal from the client device, wherein the third transmission signal comprises an authorization verification of the un-provisioned access 

UniFi discloses:
un-provisioned access point (see UniFi page 164, the pending adoption of an access point shown on step 5.)
transmitting the identifying information of the first access point (“4.	On the Dashboard screen, tap Devices.” UniFi p. 164) and a request to the client device to authorize the un-provisioned access point; and (“5.	On the Devices screen, tap the device that is pending adoption.” UniFi p. 164)
receiving a third transmission signal from the client device, wherein the third transmission signal comprises an authorization verification of the un-provisioned access point that authorities the un-provisioned access point to connect (“6.	Scroll down and tap Adopt.” UniFi p. 164) to a cloud- managed network and become associated with a customer account (“3.	On the Controller Login screen, enter your username and password as needed. Then tap Log In.” UniFi p. 164) of the cloud-managed network. (see UniFi generally and Chapter 2: UniFi Cloud).

	A person of ordinary skill in the art would have combined Seetarama with UniFi by utilizing the UniFi enterprise controller to control and associate wifi mesh devices into a wifi network that uses the authentication system of Seetarama.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the 

	Seetarama in view of UniFi does not disclose:
identifying information of the first access point

	Eronen discloses:
identifying information of the first access point
	(“The Diameter-EAP-Request (DER) command … NAS-Identifier, NAS-IP-Address…” Eronen pp. 15-16.)

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi with Eronen by utilizing the Diameter-EAP-Request to tunnel the EAP request of Seetarama.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention in order to EAP tunneling as discussed and suggested by Seetarama § 2.6.3. 

	As to claims 2 and 14, Seetarama in view of UniFi and Eronen discloses the method/method of claims 1 and 13 and further discloses:
providing instructions (“the method can also be used to securely configure, monitor and manage all the devices of a user from a single platform.” Seetarama page 
 to the un-provisioned access point to connect to the cloud-managed network. (see UniFi generally and Chapter 2: UniFi Cloud).

As to claims 3 and 15, Seetarama in view of UniFi and Eronen discloses the method/method of claims 1 and 13 and further discloses:
before receiving the first transmission signal from the first access point, receiving a primary transmission signal from the first access point, wherein the primary transmission signal does not include a token; and (“The server need not have to have any prior information about the peer. Instead, the peer will use a generic network access identifier (NAI) string noob@eap-noob.net in its reply with every server.” Seetarama § 3.4.1. the first access point being the authenticator that intermediates all transmissions between the peer and the server, Seetarama § 3.2)
in response to receiving the primary transmission signal, providing a unique token to the first access point. (“The receiving server will allocate a unique identifier, named peerID, for each interacting peer.” Seetarama § 3.4.1).

Claims 4, 5, 16, 17, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seetarama, “Secure Device Bootstrapping with the Nimble Out of Band Authentication Protocol” (published 2017), in view of UniFi (version 5.6.2 published 2018), Eronen et al., “Diameter Extensible Authentication Protocol (EAP) Application” (published 2005), and Lee et al., US 2015/0333965 (filed 2014-05).
As to claims 4 and 16, Seetarama in view of UniFi and Eronen discloses the method/method of claims 1 and 15 and further discloses:
wherein the second transmission signal (the OOB device shown in Seetarama Figure 12 on page 36) and the third transmission signal (“5.	On the Devices screen, tap the device that is pending adoption.” UniFi p. 164) are received from the client device via a management port of a device management system of the cloud-managed network (“HTTPS” communication to the server from the OOB device, see Seetarama Figure 12 on page 36), and wherein the first transmission signal is received by a secondary port of the device management system of the cloud-managed network, the method further comprising: (“In-Band (Wireless)” communication to the peer device to the server, see Seetarama Figure 12 on page 36).
receiving the third transmission signal from the client device, (“5.	On the Devices screen, tap the device that is pending adoption.” UniFi p. 164)

Seetarama in view of UniFi and Eronen does not disclose:
in response to receiving the third transmission signal from the client device…, transmitting, via the secondary port, a first instruction to the un-provisioned access point 

Lee discloses:
in response to receiving the third transmission signal …, (“Once the wireless end device 310 is turned on or boots up, it may automatically begin to attempt to connect to a local wireless network at step 435.” Lee ¶ 63) transmitting, via the secondary port, a first instruction to the un-provisioned access point (“In step 465, the backend system may communicate with the new wireless end device 310 to provide the new wireless end device 310 with the local network information (e.g., home/business SSID, password, etc.)” Lee ¶ 73) to connect to the cloud-managed network via a primary port of the device management system. (“In step 470, the wireless end device 310 may reconnect to the gateway 304 using the local network information (e.g., home SSID) received in step 465. In other words, instead of using the activation SSID to connect to the gateway 304, the wireless end device 310 may use the specific SSID of the local network to connect to the gateway 304.” Lee ¶ 77)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi and Eronen with Lee by providing separate SSID networks for provisioning and final attachment, as is done in Lee.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Seetarama in view of UniFi and Eronen with Lee in order to provide for different service zones based on the user’s 

As to claims 5 and 17, Seetarama in view of UniFi, Eronen, and Lee discloses the method/method of claims 4 and 16 and further discloses:
wherein the first instruction further comprises security credentials for the un-provisioned access point to connect to the cloud-managed network via the primary port of the device management system (“In step 465, the backend system may communicate with the new wireless end device 310 to provide the new wireless end device 310 with the local network information (e.g., home/business SSID, password, etc.)” Lee ¶ 73) and become associated with the customer account (Seetarama § 5.2 and UniFi p. 164), the method further comprises: 
connecting the un-provisioned access point, via the primary port, to the cloud- managed network; and (“In step 470, the wireless end device 310 may reconnect to the gateway 304 using the local network information (e.g., home SSID) received in step 465. In other words, instead of using the activation SSID to connect to the gateway 304, the wireless end device 310 may use the specific SSID of the local network to connect to the gateway 304.” Lee ¶ 77)
creating an association between the un-provisioned access point and the customer account. (“Once the OOB message gets delivered, the device gets authenticated automatically and now it is listed under the personnel’s user account. Thereafter, all the devices can be monitored and controlled from the user account.” 

As to claim 20, Seetarama discloses a non-transitory CRM comprising: (see Seetarama § 4.1.3 detailing machine and software discussion)
receive a first transmission signal from a first access point, (Seetarama Figure 3 on page 12 showing the EAP encapsulation from an “authenticator” to eh AAA server. Note Seetarama § 3.2) the first transmission signal comprises identifying information of … that comprises a first token; (EAP encapsulation of “EAP-Response/EAP-NOOB” as shown in Figure 5 on page 24 of Seetarama. The EAP-response comprising the the inputs to the inputs to the HOOB calculation in § 3.4.2)
receive a second transmission signal from a client device, (the OOB device shown in Seetarama Figure 12 on page 36) wherein the second transmission signal comprises a second token, the second token is received by the client device from a un-provisioned …; (“As the OOB message is transferred over an user assisted channel, the OOB message will not contain a message type. Instead, the OOB message will always have three parameters: server assigned peer identifier (PeerID), an OOB message nonce (Noob) and a cryptographic finger print (Hoob).” Seetarama § 3.4.2)
in response to determining a match between the first token and the second token, identify the first access point as the un-provisioned …; (“The Hoob is generated using the parameters from Initial exchange. …The cryptographic hash generating function H is selected based on the negotiated cryptographic algorithm from Initial exchange. The input parameter Dir used for Hoob generation is the negotiated OOB computing the Hoob using same inputs, and comparing it with the received value.” Seetarama § 3.4.2.)
become associated with a customer account of the cloud-managed network; and (Seetarama § 5.2),

Seetarama does not disclose:
identifying information the first access point
un-provisioned access point 
transmit the identifying information of the first access point and a request to the client device to authorize the un-provisioned access point; 
receive a third transmission signal from the client device, wherein the third transmission signal comprises an authorization verification of the un-provisioned access point; 
in response to receiving the authorization verification, provide security credentials for the un-provisioned access point to connect to the cloud-managed network and …; and 
in response to receiving a connection request from the un-provisioned access point, connect the un-provisioned access point to the cloud-managed network using the security credentials.

UniFi discloses:
access point (see UniFi page 164, the pending adoption of an access point shown on step 5 after the user logging in in step 3.)
transmit the identifying information of the first access point  (“4.	On the Dashboard screen, tap Devices.” UniFi p. 164) and a request to the client device to authorize the un-provisioned access point; (“5.	On the Devices screen, tap the device that is pending adoption.” UniFi p. 164)
receive a third transmission signal from the client device, wherein the third transmission signal comprises an authorization verification of the un-provisioned access point; (“6.	Scroll down and tap Adopt.” UniFi p. 164. “3.	On the Controller Login screen, enter your username and password as needed. Then tap Log In.” UniFi p. 164)

A person of ordinary skill in the art would have combined Seetarama with UniFi by utilizing the UniFi enterprise controller to control and associate wifi mesh devices into a wifi network that uses the authentication system of Seetarama.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Seetarama with UniFi in order to provide a user friendly GUI and management software to control and manage a wireless network (e.g. UniFi), thereby providing ease of use to a user. 

	Seetarama in view of UniFi does not disclose:
identifying information the first access point

in response to receiving a connection request from the un-provisioned access point, connect the un-provisioned access point to the cloud-managed network using the security credentials.

Eronen discloses:
identifying information of the first access point
	(“The Diameter-EAP-Request (DER) command … NAS-Identifier, NAS-IP-Address…” Eronen pp. 15-16.)

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi with Eronen by utilizing the Diameter-EAP-Request to tunnel the EAP request of Seetarama.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention in order to EAP tunneling as discussed and suggested by Seetarama § 2.6.3. 

Seetarama in view of UniFi and Eronen does not disclose:
in response to receiving the authorization verification, provide security credentials for the un-provisioned access point to connect to the cloud-managed network and …; and 


Lee discloses:
in response to receiving the authorization verification, provide security credentials for the un-provisioned access point to connect to the cloud-managed network (“In step 465, the backend system may communicate with the new wireless end device 310 to provide the new wireless end device 310 with the local network information (e.g., home/business SSID, password, etc.)” Lee ¶ 73) and …
in response to receiving a connection request from the un-provisioned access point, connect the un-provisioned access point to the cloud-managed network using the security credentials. (“In step 470, the wireless end device 310 may reconnect to the gateway 304 using the local network information (e.g., home SSID) received in step 465. In other words, instead of using the activation SSID to connect to the gateway 304, the wireless end device 310 may use the specific SSID of the local network to connect to the gateway 304.” Lee ¶ 77)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi and Eronen with Lee by providing separate SSID networks for provisioning and final attachment, as is done in Lee.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Seetarama in view of UniFi and 

Claims 8, 9, 10, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seetarama, “Secure Device Bootstrapping with the Nimble Out of Band Authentication Protocol” (published 2017), in view of UniFi (version 5.6.2 published 2018), Eronen et al., “Diameter Extensible Authentication Protocol (EAP) Application” (published 2005), and Knaappila, US 2018/0176776 (filed 2016-12).
As to claim 8, Seetarama in view of UniFi, and Eronen discloses the method of claim 1 but does not disclose:
wherein a short range beacon of the un-provisioned access point is configured to indicate support for scan requests by the un-provisioned access point, and wherein the client device is configured to receive a short range wireless beacon of the un-provisioned access point. 

Knaappila discloses:
wherein a short range beacon (advertisement packet, see below) of the un-provisioned access point is configured to indicate support for scan requests by the un-provisioned access point, (“the scanner device may also respond with SCAN_REQ, which is a request for further information from the advertiser.” Knaappila ¶ 48. See also Knaappila Figure 6B) and wherein the client device is configured to receive a short 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi and Eronen with Knaappila by making the new access point of Seetarama in view of UniFi and Eronen a Bluetooth low energy beacon device that advertises itself as in Knaappila for detection by the user’s mobile device.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Seetarama in view of UniFi and Eronen with Knaappila in order to allow secure communication between the mobile user device and the new access-point that does not require a display or other specialized NFC hardware, thereby easing integration and cost of production of the access-points (Seetarama § 4.1.1 and Knaappila ¶ 7)

As to claim 9, Seetarama in view of UniFi, Eronen and Knaappila discloses the method of claim 8 and further discloses:
wherein the short range wireless beacon is a Bluetooth low energy (BLE) beacon. (“Beacons are a particular type of BLE advertiser device that transmit advertisement packets with a unique identifier to nearby portable electronic devices such as smart phones.” Knaappila ¶ 4).


wherein the second transmission signal is received from the client device (“As the OOB message is transferred over an user assisted channel, the OOB message will not contain a message type. Instead, the OOB message will always have three parameters: server assigned peer identifier (peerID), an OOB message nonce (Noob) and a cryptographic finger print (Hoob).” Seetarama § 3.4.2)
The second token (“As the OOB message is transferred over an user assisted channel, the OOB message will not contain a message type. Instead, the OOB message will always have three parameters: server assigned peer identifier (peerID), an OOB message nonce (Noob) and a cryptographic finger print (Hoob).” Seetarama § 3.4.2)

Seetarama in view of UniFi, and Eronen does not disclose:
in response to: the client device transmits a scan request to the un-provisioned access point  and, in response, the client device receives a scan response from the un-provisioned access point, wherein a payload of the scan response includes 

Knaappila discloses:
in response to: the client device transmits a scan request to the un-provisioned access point (“the scanner device may also respond with SCAN_REQ, which is a request for further information from the advertiser.” Knaappila ¶ 48) and, in response, the client device receives a scan response from the un-provisioned access point, may contain other data as well or instead.” Knaappila ¶ 49). 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Seetarama in view of UniFi and Eronen with Knaappila by making the new access point of Seetarama in view of UniFi and Eronen a Bluetooth low energy beacon device that advertises itself and includes the other data of Seetarama as described in Knaappila.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Seetarama in view of UniFi and Eronen with Knaappila in order to allow secure communication between the mobile user device and the new access-point that does not require a display or other specialized NFC hardware, thereby easing integration and cost of production of the access-points (Seetarama § 4.1.1 and Knaappila ¶ 7)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Cooppan et al., US 2018/0191565, discloses a wifi AP onboarding system whereby credentials are checked for the onboarding APs. 

Wennemyr et al., US 2017/03339561, discloses an out of band cloud registration system using light emitted codes and a cloud management platform.  
Wiser, US 2017/0318529, discloses bluetooth beacons and the receipt of scan requests.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 






/MICHAEL W CHAO/           Examiner, Art Unit 2492