DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/17/2021 has been entered.
 Response to Arguments
Applicant's arguments filed 11/17/2021 have been fully considered but they are not persuasive.  Applicant argues, on page 9 third paragraph, that an “authentication type” is not equivalent to the claimed “authentication identifier”. The examiner respectfully disagrees. The specification [0021] discloses “The authentication device can determine a type of authentication (e.g., by determining an authentication identifier) for authenticating the user device”. Therefore, the broadest reasonable interpretation of the claimed “authentication identifier” in light of the specification includes “authentication type”.
Applicant argues, on page 9 last paragraph, that Though Griot describes that the "attachment" may specify the username/password pair, Griot is devoid of any teaching UE 106 can indicate an authentication type as well” after disclosing in [0051] “the UE 106 can provide the appropriate username/password PIN, etc.”. Therefore, Griot suggests "wherein the request comprises the username, the password, and an authentication identifier."
Applicant argues again, on page 10 first paragraph , that Griot, nor the combination of references, does not teach or suggest, "[a] request [that] comprises [a] username, [a] password, and an authentication identifier.". The examiner respectfully disagrees. as explained above,  Griot suggests "wherein the request comprises the username, the password, and an authentication identifier."
Applicant argues, on page .. paragraph , that Griot necessarily cannot teach, "determining, based on the authentication identifier, one or more services that the user device is authorized to access via the wireless communication device," as is presently claimed. The examiner respectfully disagrees. Griot [0112] teaches determine to perform EAP authentication for hotspot network type, thus disclosing the service by the hotspot network is based on EAP authentication.
Applicant argues, on page 12 third paragraph , that combining the references is merely a restatement of the claim language without supporting rationale. The examiner respectfully disagrees. In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). Rao hash function to enhance the simple authentication of Griot is a knowledge which was within the level of ordinary skill at the time the claimed invention was made. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Griot et al. (US 2015/0282042 A1) in view of Rao et al. (US 2015/0128254 A1).

Regarding claim 1, Griot et al. teach a method comprising:
sending, over a limited access communication channel (Griot [0045] limit external communications to one or more components of the service provider network 104 while obtaining credentials for the UE 106),, to a user device, a connection profile for a wireless communication service (Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component) wherein the connection profile comprises a username and a password (Griot [0038] credentials can include  wherein the username comprises device identifier information associated with the user device (Griot [0038] credentials can include an identifier of the UE (e.g., international mobile subscriber identity (IMSI), security root key (Ki) or other USIM credentials), username/password pairs, and/or similar credentials that present a UE with a challenge to access the network);
receiving a request to access the wireless communication service (Griot [0052] UE 106 can request attachment), wherein the request comprises the username, the password, (Griot [0051] the UE 106 can provide the appropriate username/password PIN, etc. for the service) and an authentication identifier (Griot [0052] UE 106 can indicate an authentication type as well);
determining, based on the authentication identifier, one or more services that the user device is authorized to access via the wireless communication service (Griot [0112] determine that service information received from the network entity 304 indicates an authentication type for network services... service querying component 314 may determine to perform EAP authentication for hotspot network types); and
sending, to the user device, a message (Griot [0116] Once the authentication is performed, authentication component 1314 can communicate an authentication status back to the UE 106) indicating the user device is authorized to access the one or more services of the wireless The AAA server 122 can authenticate the UE 106 to access one or more services on service provider network 104).
Griot et al. do not teach
inputting the username into a predefined function;
determining a result of inputting the username into the predefined function matches the password; and
authenticating, based on determining that the result of inputting the username into the predefined function matches the password, the user device.
In a similar endeavor, Rao teaches
inputting the username into a predefined function (Rao [0059] processor 340 uses username 155, serial number 515, shared secret 525, selected authorization level 565, and current time 315 to (i) generate a string 572, in accordance with hash function 232B,);
determining a result of inputting the username into the predefined function matches the password (Rao Fig. 5 steps 570, 575, and 580, Rao [0059] processor 340 uses username 155, serial number 515, shared secret 525, selected authorization level 565, and current time 315 to (i) generate a string 572, in accordance with hash function 232B, and (ii) determine whether string 572 matches password 140, i.e., whether string 572 and password 140 are identical to one another); and
whether string 572 and password 140 are identical to one another, Fig. 5 step 580 Grant access.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the examined application to have modified Griot et al.by incorporating Rao hash function to arrive at the invention.
The motivation of doing so would have improved the security.

Regarding claim 2, the combination of Griot et al. and  Rao et al. teaches the method of claim 1, wherein the device identifier information comprises one or more of an international mobile subscriber identifier (IMSI) or  an international mobile equipment identifier (IMEI) (Griot [0105] UE 106 may identify itself by using its IMEI).

Regarding claim 3, , the combination of Griot et al. and  Rao et al. teaches the method of claim 1, wherein the request to access the wireless communication service further comprises an extensible authentication protocol tunneled transport layer security request (Griot [0115] authentication requesting component 1310 can determine the type of EAP authentication.. the EAP authentication type can include at least one of EAP-transport layer security (EAP-TLS), EAP-tunneled TLS) having an inner identifier and an outer identifier, wherein the inner identifier comprises the username and the outer identifier comprises a new IE indicating EAP authentication, a specific IMSI or other UE identifier. Note: authentication identifier is interpreted as the IE indicating EAP authentication and the username is interpreted as the UE identifier since Griot [0038] teaches the username as the UE identifier).

Regarding claim 4, the combination of Griot et al. and Rao et al. teaches the method of claim 1 further comprising generating, based on inputting at least a portion of the device identifier information into the predefined function (Rao [0044] password 140 is a hash value generated from a data set of username 155, serial number 420..)
The motivation of doing so would have improved the security.

Regarding claim 5, the combination of Griot et al. and Rao et al. teaches the method of claim 1, further comprising:
receiving, from the user device, a request for the connection profile (Griot [0092] transmitting a request to establish a connection with the network), wherein the request comprises one or more of an international mobile equipment identifier (IMEI) or an international mobile subscribe identifier (IMSI) (Griot [0092] the request may include an IMSI or other substantially unique identifier of the UE 106. In one example, credential requesting component 810 may use an International Mobile Station Equipment Identity (IMEI) in the request); and 
the credentials expected are USIM credentials that can be validated by an AAA server at an HPLMN of the UE 106, Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component).

Regarding claim 6, the combination of Griot et al. and Rao et al. teaches the method of claim 1, further comprising 
determining a type of authentication based on the authentication identifier (Griot
[0052] UE 106 can indicate an authentication type as well. MME 112 can provide the credentials (and/or requested authentication type) to AAA server 122); and
switching, based on the type of authentication, from a first authentication procedure to a second authentication procedure, wherein the first authentication procedure is based on user provided credentials (Griot [0038] credentials can include ..username/password pairs) and the second authentication procedure is based on generated credentials, wherein the generated credentials are based on the device identifier information (Griot [0038] credentials can include an identifier of the UE (e.g., international mobile subscriber identity (IMSI)).

Regarding claim 7, the combination of Griot et al. and  Rao et al. teaches the method of claim 1, wherein the connection profile comprises the authentication identifier and an encryption key (Griot [0072] credentials stored for a plurality of subscription providers, which may include username/password or PIN values, security keys).

Regarding claim 8, Griot et al. teach a method comprising:
receiving device identifier information associated with a wireless communication service and a user device (Griot [0038] a UE .. can provide the appropriate credentials; . .  credentials can include an identifier of the UE),
determining, based on the device identifier information, a service identifier for the wireless communication service (Griot [0045] provide network identification information and service identification information to one or more UEs); 
storing, a username and a password (Griot [0038] credentials can include ..username/password pairs) wherein the username is based on at least portion of the device identifier information (Griot [0038] credentials can include an identifier of the UE (e.g., international mobile subscriber identity(IMSI), security root key (Ki) or other USIM credentials), username/password pairs, and/or similar credentials that present a UE with a challenge to access the network) ; 
The service identification information can include one or more identifiers relating to a network service offered by a network node ) with the username and the password (Griot [0038] credentials can include ..username/password pairs); 
sending, based on a request from the user device (Griot [0052] MME 112 can provide the credentials (and/or requested authentication type) to AAA server 122. The AAA server 122 can authenticate the UE 106 to access one or more services on service provider network 104... the credentials for a particular usage or service indicated by eNB 108 for UE 106 based on one or more policies for the UE 106 in policy server 126),  the connection profile (Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component), wherein the request comprises the device identifier information (Griot [0038] a UE .. can provide the appropriate credentials; . . credentials can include an identifier of the UE), and an authentication identifier (Griot [0052] UE 106 can indicate an authentication type as well); 
receiving an authentication request for accessing the wireless communication service via an access point associated with the service identifier, wherein the authentication request comprises the username and the password (Griot [0051] eNB 108 may request a username/password, personal identification ; 
determining, based on the authentication identifier, one or more services that the user device is authorized to access via the wireless communication service (Griot [0112] determine that service information received from the network entity 304 indicates an authentication type for network services... service querying component 314 may determine to perform EAP authentication for hotspot network types); and
sending, over a limited access communication channel (Griot [0045] limit external communications to one or more components of the service provider network 104 while obtaining credentials for the UE 106),  an authorization to access the one or more services of wireless communication service (Griot [0116] Once the authentication is performed, authentication component 1314 can communicate an authentication status back to the UE 106).
Griot et al. do not teach
wherein the password is based on the result of inputting the at least a portion of the device identifier information into a predefined function;
comparing another result of inputting the username into the predefined function of the password; and
sending, based on the another result of inputting the username into the predefined function matching the password, an authorization to access the one or more services of wireless communication service.

wherein the password is based on the result of inputting the at least a portion of the device identifier information into a predefined function ((Rao [0044] password 140 is a hash value generated from a data set of username 155, serial number 420..);
comparing another result of inputting the username into the predefined function of the password (Rao Fig. 5 steps 570, 575, and 580, [0059] processor 340 uses username 155, serial number 515, shared secret 525, selected authorization level 565, and current time 315 to (i) generate a string 572, in accordance with hash function 232B, and (ii) determine whether string 572 matches password 140, i.e., whether string 572 and password 140 are identical to one another); and
sending, based on the another result of inputting the username into the predefined function matching the password, an authorization to access the  one or more services of wireless communication service (Rao [0059] determine whether string 572 matches password 140, i.e., whether string 572 and password 140 are identical to one another, and Rao Fig. 5 step 580 Grant access).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the examined application to have modified Griot et al.by incorporating Rao hash function to arrive at transmitting the authorization if the password is matched, thus arriving at the invention.
The motivation of doing so would have improved the security.

Regarding claim 9, the combination of Griot et al. and  Rao et al. teaches the method of claim 8, wherein the device identifier information further comprises one or more of an international mobile subscriber identifier (IMSI) or  an international mobile equipment identifier (IMEI) associated with the user device (Griot [0105] UE 106 may identify itself by using its IMEI) 

Regarding claim 10, the combination of Griot et al. and  Rao et al. teaches the method of claim 8, wherein the authentication request comprises an extensible authentication protocol tunneled transport layer security request (Griot [0115] authentication requesting component 1310 can determine the type of EAP authentication.. the EAP authentication type can include at least one of EAP-transport layer security (EAP-TLS), EAP-tunneled TLS) having an inner identifier and an outer identifier, wherein the inner identifier comprises the username and the outer identifier comprises an authentication identifier. (Griot [0113] a new IE indicating EAP authentication, a specific IMSI or other UE identifier. Note: authentication identifier is interpreted as the IE indicating EAP authentication and the username is interpreted as the UE identifier since Griot [0038] teaches the username as the UE identifier).
The motivation of doing so would have the same stored login credentials for many applications used on the device for automatic login.

Regarding claim 11, the combination of Griot et al. and  Rao et al.  teaches the method of claim 10, further comprising authenticating the user device based on a type of authentication indicated by the authentication identifier (Griot [0112] determine to perform EAP authentication, Griot [0115] authentication requesting component 1310 can determine the type of EAP authentication), wherein the type of authentication is associated with the wireless communication service (Griot [0070] establishing an authenticated connection with the one or more UEs based at least in part on the service information).

Regarding claim 12, the combination of Griot et al. and  Rao et al. teaches the method of claim 10, wherein the connection profile comprises the authentication identifier and an encryption key (Griot [0072] credentials stored for a plurality of subscription providers, which may include username/password or PIN values, security keys).

Regarding claim 13, the combination of Griot et al. and  Rao et al. teaches the method of claim 8, further comprising:
receiving, from the user device, a request for the connection profile (Griot [0092] transmitting a request to establish a connection with the network), wherein the request for the connection profile comprises one or more of an international mobile equipment identifier (IMEI) or an international mobile subscriber identifier (IMSI) (Griot [0092] the request may include an IMSI or other and 
validating, based on one or more of the IMEI or the IMSI, the request, wherein the connection profile is sent in response to validating the request (Griot [0072] the credentials expected are USIM credentials that can be validated by an AAA server at an HPLMN of the UE 106, Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component)).

Regarding claim 14, the combination of Griot et al. and  Rao et al. teaches the method of claim 8, wherein the predefined function comprises a one way hash function (Rao [0021] Hashing is a non-reversible, or one-way, operation with no complementary operation).
The motivation of doing so would have improved the authentication process

Regarding claim 15, Griot et al. teach A method comprising:
receiving a connection profile (Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component) comprising a service identifier of a wireless communication service (Griot [0036] The service identification information can include one or more identifiers relating to a network service offered by a network node), and a username and a password (Griot [0038] credentials can  for accessing the wireless communication service (Griot [0038] to provide a hotspot for long term evolution (LTE) or other wireless communication service), wherein the username comprises device identifier information associated with the wireless communication service (Griot [0038] credentials can include an identifier of the UE (e.g., international mobile subscriber identity(IMSI), security root key (Ki) or other USIM credentials), username/password pairs, and/or similar credentials that present a UE with a challenge to access the network);
sending, to an access point associated with the service identifier, (Griot [0036] The service identification information can include one or more identifiers relating to a network service offered by a network node) over a limited access communication channel (Griot [0045] limit external communications to one or more components of the service provider network 104 while obtaining credentials for the UE 106),an authentication request for accessing the wireless communication service (Griot [0052]  UE 106 can request attachment.. by specifying the credentials received from the service provider network 104), wherein the authentication request comprises the username, the password (Griot [0051] the UE 106 can provide the appropriate username/password PIN, etc. for the service), and an authentication identifier indicating a type of authentication associated with the wireless communication device  (Griot [0052] UE 106 can indicate an authentication type as well) and one or more services that the determine that service information received from the network entity 304 indicates an authentication type for network services... service querying component 314 may determine to perform EAP authentication for hotspot network types);
receiving authorization to access the one or more services of the wireless communication service (Griot [0116] Once the authentication is performed, authentication component 1314 can communicate an authentication status back to the UE 106); and 
accessing the wireless communication service (Griot [00116] determine whether to communicate with the network).
Griot et al. do not teach
the password comprises a result of inputting at least a portion of the device identifier information into a predefined function..
In a similar endeavor Rao et al. teach
The password comprises a result of inputting at least a portion of the device identifier information into a predefined function (Rao [0044] password 140 is a hash value generated from a data set of username 155, serial number 420).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the examined application to have modified Griot et al. comparison by incorporating Rao hash function generating the password from an identifier to arrive at the invention.


Regarding claim 16, the combination of Griot et al. and  Rao et al. teaches the method of claim 15, wherein the device identifier information comprises one or more of an international mobile subscriber identifier (IMSI) or  an international mobile equipment identifier (IMEI) (Griot [0105] UE 106 may identify itself by using its IMEI).

Regarding claim 17, , the combination of Griot et al. and  Rao et al. teaches the method of claim 15, wherein the connection profile comprises the authentication identifier and an encryption key (Griot [0072] credentials stored for a plurality of subscription providers, which may include username/password or PIN values, security keys).

Regarding claim 18, the combination of Griot et al. and  Rao et al. teaches the method of claim 15, wherein the authentication request comprises an extensible authentication protocol tunneled transport layer security request (Griot [0115] authentication requesting component 1310 can determine the type of EAP authentication.. the EAP authentication type can include at least one of EAP-transport layer security (EAP-TLS), EAP-tunneled TLS) having an inner identifier and an outer identifier, wherein the inner identifier comprises the username and the outer identifier comprises the authentication identifier. (Griot [0113] a new IE indicating EAP authentication, a specific IMSI Note: authentication identifier is interpreted as the IE indicating EAP authentication and the username is interpreted as the UE identifier since Griot [0038] teaches the username as the UE identifier).

Regarding claim 19, the combination of Griot et al. and  Rao et al. teaches the method of claim 15, further comprising sending a request for the connection profile (Griot [0092] transmitting a request to establish a connection with the network), wherein the request for the connection profile comprises one or more of an international mobile equipment identifier (IMEI) or an international mobile subscriber identity (IMSI) or  an international mobile subscriber identifier (IMSI) (Griot [0092] the request may include an IMSI or other substantially unique identifier of the UE 106. In one example, credential requesting component 810 may use an International Mobile Station Equipment Identity (IMEI) in the request) wherein the connection profile is received in response to validation of the request based on one or more of the IMEI or the IMSI (Griot [0072] the credentials expected are USIM credentials that can be validated by an AAA server at an HPLMN of the UE 106, Griot [0038] credentials for the service can be provisioned to the UE by the eNB or other network component).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Griot et al., in view of Rao , and in further view of Lee et al. (US 2009/0125945 A1)

Regarding claim 20, the combination of Griot et al. and Rao et al. teaches the method of claim 19, but does not teach
 wherein sending the request for the connection profile is performed in response to booting up a user device.
In a similar endeavor, Lee et al. teach
wherein sending the request for the connection profile is performed in response to booting up a user device (Lee [0288] If the receiving device 1360 is booted, the application/UI manager 806 accesses the SD&S server 1320 and then makes a request for connection information).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the examined application to have modified the combination of Griot et al. and Rao et al. by incorporating Lee et al. to arrive at the invention.
The motivation of doing so would have started establishing a connection upon the user booting up the device.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAID M ELNOUBI whose telephone number is (571)272-9732. The examiner can normally be reached Monday-Friday 9:30AM to 6:00PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kathy Wang-Hurst can be reached on 571-270-5371. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SAID M ELNOUBI/Examiner, Art Unit 2644