DETAILED ACTION
Claims 1-6, 8-13, and 15-20 are allowed.
This office action is in response to appeal brief filled on September 30th, 2021.  Claims 1, 8, and 15 have been amended.  Claims 7 and 14 have been canceled.  No new claims have been added.  Therefore, claims 1-6, 8-13, and 15-20 are presented here.  Claims 1, 8, and 15 are independent.
The prior office actions incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the records appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with attorney Noah D. Kitts Reg. No. 78,081 on 11/3/2021.

The application has been amended as follows:
In the claims:
(Currently Amended) A method comprising:

by program instructions on a computing device,

receiving, by a router, over an out-of-band network, a password for connecting to an in-band network from a guest device, wherein the password is generated on the guest device, wherein the router controls access to the in-band network, wherein the in-band network is a WiFi network, and wherein the out-of-band network is one selected from a group consisting of a Bluetooth connection, a near field communication connection, and an infrared connection;

storing, by the router, the password received over the out-of-band network as an authorized password for connecting to the in-band network;

receiving, by the router, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band network comprises the password previously received from the guest device over the out-of-band network; and

granting, by the router, the guest device access to the in-band network based on a determination that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

(Original) The method of claim 1, further comprising: deauthorizing the authorized password for the in-band network based on one selected from a group consisting of:

a determination that the guest device is out of range of the in-band network;



a determination that a time period has expired; and 

a determination that an amount of data used by the guest device over the in-band network has exceeded a data threshold.

(Previously Presented) The method of claim 1, wherein receiving, by the router, over the out-of-band network, the password for the in-band network from the guest device comprises receiving, by the router, from the guest device over the out-of-band network, a network attributes definition for the in-band network, and

wherein storing, by the router, the password received over the out-of-band network as the authorized password for the in-band network comprises creating, by the router, the in-band network using the network attributes definition for the in-band network received from the guest device over the out-of-band network.

(Original) The method of claim 3, wherein the network attributes definition for the in-band network comprises an identifier of the guest device.

(Original) The method of claim 1, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises sending a password addition to the guest device over the out-of-band network, and

wherein storing the password received over the out-of-band network as the authorized password for the in-band network comprises storing the password and the password addition as the authorized password for the in-band network.

(Original) The method of claim 1, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises:

receiving an encrypted password from the guest device, wherein the encrypted password is generated by the guest device encrypting the password for the in-band network; and

decrypting the encrypted password to obtain the password for the in-band network.

Canceled

(Currently Amended) An apparatus comprising a computing device, a computer processor, and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:

receiving, by a router, over an out-of-band network, a password for connecting to an in-band network from a guest device, wherein the password is generated on the guest device, wherein the router controls access to the in-band network, wherein the in-band network is a WiFi network, and wherein the out-of-band network is one selected from a group consisting of a Bluetooth connection, a near field communication connection, and an infrared connection;

storing, by the router, the password received over the out-of-band network as an authorized password for connecting to the in-band network;

receiving, by the router, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band 

granting, by the router, the guest device access to the in-band network based on a determination, made by the router, that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

(Original) The apparatus of claim 8, wherein the computer program instructions further cause the apparatus to carry out the step of: 

deauthorizing the authorized password for the in-band network based on one selected from a group consisting of:

a determination that the guest device is out of range of the in-band network;

a determination that a pre-determined period of time has elapsed with no communication from the guest device over the in-band network; 

a determination that a time period has expired; and 

a determination that an amount of data used by the guest device over the in-band network has exceeded a data threshold.

(Previously Presented) The apparatus of claim 8, wherein receiving, by the router, over the out-of-band network, the password for the in-band network from the guest device comprises receiving, by the router, from the guest device over the out-of-band network, a network attributes definition for the in-band network, and



(Original) The apparatus of claim 10, wherein the network attributes definition for the in-band network comprises an identifier of the guest device.

(Original) The apparatus of claim 8, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises sending a password addition to the guest device over the out-of-band network, and

wherein storing the password received over the out-of-band network as the authorized password for the in-band network comprises storing the password and the password addition as the authorized password for the in-band network.

(Original) The apparatus of claim 8, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises:

receiving an encrypted password from the guest device, wherein the encrypted password is generated by the guest device encrypting the password for the in-band network; and

decrypting the encrypted password to obtain the password for the in-band network.

Canceled

(Currently Amended) A computer program product including a non-transitory computer readable medium, the computer program product comprising computer 

receiving, by a router, over an out-of-band network, a password for connecting to an in-band network from a guest device, wherein the password is generated on the guest device, wherein the router controls access to the in-band network, wherein the in-band network is a WiFi network, and wherein the out-of-band network is one selected from a group consisting of a Bluetooth connection, a near field communication connection, and an infrared connection;

storing, by the router, the password received over the out-of-band network as an authorized password for connecting to the in-band network;

receiving, by the router, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band network comprises the password previously received from the guest device over the out-of-band network; and

granting, by the router, the guest device access to the in-band network based on a determination, made by the router, that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

(Original) The computer program product of claim 15, wherein the computer program instructions further cause the computer to carry out the step of: deauthorizing the authorized password for the in-band network based on one selected from a group consisting of:

a determination that the guest device is out of range of the in-band network;



a determination that a time period has expired; and 

a determination that an amount of data used by the guest device over the in-band network has exceeded a data threshold.

(Previously Presented) The computer program product of claim 15, wherein receiving, by the router, over the out-of-band network, the password for the in-band network from the guest device comprises receiving, by the router, from the guest device over the out-of-band network, a network attributes definition for the in-band network, and

wherein storing, by the router, the password received over the out-of-band network as the authorized password for the in-band network comprises creating, by the router, the in-band network using the network attributes definition for the in-band network received from the guest device over the out-of-band network.

(Original) The computer program product of claim 17, wherein the network attributes definition for the in-band network comprises an identifier of the guest device.

(Original) The computer program product of claim 15, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises sending a password addition to the guest device over the out-of-band network, and

wherein storing the password received over the out-of-band network as the authorized password for the in-band network comprises storing the password and the password addition as the authorized password for the in-band network.

(Original) The computer program product of claim 15, wherein receiving, over the out-of-band network, the password for the in-band network from the guest device comprises:

receiving an encrypted password from the guest device, wherein the encrypted password is generated by the guest device encrypting the password for the in-band network; and

decrypting the encrypted password to obtain the password for the in-band network.

Allowable Subject Matter
Claims 1-6, 8-13, and 15-20 are allowed over prior art of record.

Examiner’s Statement of Reason for Allowance
The following is an examiner’s statement of reason for allowance: Independent claims 1, 8, and 15 are allowed in view of prior art.
The closest prior art of Pemmaraju et al. (US PGPUB No. 2006/0041755) disclose, a multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A 
The prior art of Prasad et al. (US PGPUB No. 2017/0244760) disclose, a JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to DevOps personnel who meeting the screening criteria. Screening information for the DevOps personnel is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
The prior art of Enrique Salpico et al. (US PGPUB No. 2017/0187703) disclose, the present invention proposes a method and network element which allows increasing, in different aspects, communications network protection in a single network element. This element will have the ability to manage and provide 
The prior art of Cholas et al. (US PGPUB No. 2009/0210912) disclose, apparatus and methods for enhanced tuner efficiency, wherein tuner resources function to permit multiple content streams to be demultiplexed and thus made available for subsequent display. In one embodiment, Customer Premises Equipment (CPE) comprises a resource manager on which a guide application is run to control the tuning of an available tuner resource. This approach obviate reliance on OCAP or other proprietary vendor architecture applications. In another variant, the CPE is adapted to receive RF source data from a wideband tuner, or multiple tuners. The CPE may also be utilized in conjunction with other system configurations designed to enforce a security or other policies within a premises network. The CPE may also employ `look ahead` capabilities to anticipate a QAM stream content before it is received.
The prior art of Agrawal et al. (US PGPUB No. 2014/0040451) disclose, methods for inserting a middlebox into a network connection include monitoring network state information in a connection between a client and a server. When the connection is idle, a connection entry is created for each device and is initialized using state information gathered by monitoring the network connection. 
The prior art of Faccin et al. (US PGPUB No. 2016/0072823) disclose, the disclosure relates in some aspects to establishing connectivity with a network using a first set of credentials and determining whether additional connectivity needs to be established (e.g., using a second set of credentials) to communicate data. The disclosure relates in some aspects to the use of multiple credentials for access and service connectivity. For example, traffic generated by a device may be authorized based on a different set of credentials than the set of credentials used to access the network (e.g., to connect to an LTE network for a PDN connection). In this way, traffic belonging to a specific service or application can be charged and policed based on service specific needs. The disclosure thus relates in some aspects to the use of access credentials and service credentials. These different types of credentials can be used to enable traffic differentiation and policing based on the credentials in use.


None of the prior arts record either taken by itself or in any combination, would have anticipated of made obvious the invention of the present application at or before the time it was filed.  Therefore, independent claims 1, 8, and 15 are allowed.


Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB’s Customer Service if any questions at (703) 305-8497.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S SHAMS whose telephone number is (571)272-3406. The examiner can normally be reached Monday-Friday 8:00 AM-5:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 





/MOHAMMAD S SHAMS/Examiner, Art Unit 2434     

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498