DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communication filed 09/21/2021. Claims 1, 3-6, 9, 12-15, 17 and 19-20 are amended. Claims 2, 16 and 18 are canceled and claims 21 is newly added. Claims 1, 3-15, 17 and 19-21 are pending. 

Response to Arguments
After further amendments entered below by Examiner’s Amendment, applicant’s arguments, see Remarks: pages 12-13, filed 09/21/2021, with respect to amended claims 1, 9 and 17 have been fully considered and are persuasive.  The 35 U.S.C. 103 rejection of 1, 3-15, 17 and 19-20 has been withdrawn. 

EXAMINER’S AMENDMENT
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Ms. Mellisa E. Patterson (Registration No. 67,455) on 12/02/2021. 

Amendments to the Claims:

Listing of Claims:

1.	(Currently Amended) An access point (AP) including: 
a processing resource; 
a non-transitory computer-readable medium storing instructions executable by the processing resource to: 
store an encryption key on the AP; 
at the AP, receive, from a station (STA), a first management frame over a first firmware connection; 
decrypt the first management frame with the stored encryption key to determine state information of the STA; 
store the state information from the first management frame; 
generate a second management frame at the AP based on the stored state information; 
encrypt the second management frame with the stored encryption key; 
transmit the second management frame to the STA; and 
receive a first data frame over a second firmware connection, wherein the second firmware connection passes through the AP between the STA and an access controller (AC), wherein the AC does not communicate over the first firmware connection, such that communication between the AP and the AC occurs via a first secure tunnel over the first firmware connection, and communication between the STA and the AC occurs via a second secure tunnel over the second firmware connection.

2. (Canceled)

3. (Previously Presented) The AP of claim 1, further comprising instructions to generate a response management frame; and
send the response management frame to the STA.

4. (Previously Presented) The AP of claim 3, wherein the response management frame is encrypted with the stored encryption key.

5. (Previously Presented) The AP of claim 1, wherein the instructions further comprise instructions to encrypt the second management frame with the stored encryption key.

6. (Previously Presented) The AP of claim 5, including instructions to send the second management frame to a second station (second STA) associated with the AP.

7. (Original) The AP of claim 1, further comprising instruction to maintain in the AP a different traffic identifier (TID) for management frames than a TID of data frames.

8. (Original) The AP of claim 1, further comprising instruction to maintain in the AP a different counter for management frames than a counter of data frames.

9. (Currently Amended) A non-transitory computer-readable medium storing instructions executable by a processing resource to: 
store an encryption key on an access point (AP); 
at the AP, receive, from a station (STA), a first management frame over a first firmware connection; 
decrypt the first management frame with the stored encryption key to determine state information of the STA; 
store the state information from the first management frame on the AP; 
generate a second management frame based on the state information stored at the AP; and 
encrypt the second management frame with the stored encryption key; 
transmit the second management frame to the STA; and 
receive a first data frame over a second firmware connection, wherein the second firmware connection passes through the AP between the STA and an access controller (AC), wherein the AC does not communicate over the first firmware connection, such that communication between the AP and the AC occurs via a first secure tunnel over the first firmware connection, and communication between the STA and the AC occurs via a second secure tunnel over the second firmware connection.

10. (Original) The medium of claim 9, wherein the encryption key further comprises a transient key (PTK).

11. (Original) The medium of claim 10, wherein the instructions further comprise instructions to store the PTK on the AP.

12. (Previously Presented) The medium of claim 11, wherein the instructions further comprise instructions to store the PTK on the AP responsive to the STA associating with the AP.

13. (Previously Presented) The medium of claim 9, wherein the instructions further comprise instructions to store an encryption key responsive to a four-way handshake between the AP and the STA.

14. (Previously Presented) The medium of claim 9, wherein the first encrypted management frame is a protected management frame.

15. (Previously Presented) The medium of claim 9, wherein the instruction further comprise instructions to determine the state information of the STA by: 
receiving a response management frame from the STA, wherein the response management frame includes the state information of the STA.

16. (Canceled)

17. (Currently Amended) A method comprising: 
storing an encryption key on an access point (AP); 
at the AP, obtain state information of a station (STA) associated with the AP by: 
receiving, at the AP, a first management frame from the STA over a first firmware connection; 
decrypting, at the AP, the first management frame with the encryption key to obtain state information of the STA included in the first management frame; and 
storing the state information; 
at the AP, generate a second management frame based on the stored state information; 
at the AP. encrypt the second management frame with the stored encryption key; 
at the AP, transmit the second management frame to the STA; and 
receive a first data frame over a second firmware connection, wherein the second firmware connection passes through the AP between the STA and an access controller (AC), wherein the AC does not communicate over the first firmware connection, such that communication between the AP and the AC occurs via a first secure tunnel over the first firmware connection, and communication between the STA and the AC occurs via a second secure tunnel over the second firmware connection.

18. (Canceled)

19. (Previously Presented) The method of claim 17, further comprising encrypting the second management frame.

20. (Previously Presented) The method of claim 17, further comprising sending data frames from the STA to the AC via a secure tunnel to maintain the data frames in an encrypted state without either of decryption or encryption of the data frames at the AP.

21. (Canceled) 

Allowable Subject Matter
The following is Examiner's statement of reasons for allowance: 
An updated search of the claimed invention after all amendments indicates the following as closest prior arts reviewed:

Frei (US2019/0058996A1) discloses controlling access to and/or forwarding of communicated information, e.g. traffic, in a wireless communication system, wherein a key, e.g., PSK, is used to secure data that is transmitted to an access point for communication to a destination device. The decision of whether or not to provide the destination device access to a communication may involve AP deciding whether or not to forward the received data to another device, e.g., another access point, for delivery to the destination device and/or may involve deciding whether or not to transmit the data to the destination device.  If the destination device is not associated with, e.g., does not have access to and/or authorization to use, the key used to secure the received data, the data is not communicated to the destination device.

Zhou (US2016/0183271A1) discloses that Access Point 110 may encrypt data intended for a target STA using an authentication key known only to the target STA (e.g., STA1) and a relay STA (e.g., STA2) may forward the encrypted data directly to the target STA (e.g., without decrypting it first), wherein in some embodiments, additional layers of encryption and/or decryption may be added to the encrypted data for each of the first relay link (e.g., in-band channel) and/or second relay link (e.g., out-band channel).

Gentry (US8595481B1) discloses an Access Point that receives an encrypted data frame from a client device, and determines whether the encrypted data frame is a guest frame.  If it determined that the frame is a guest frame, the Access Point transmits the encrypted data frame to a server for decryption by the server, and determines whether to transmit an ACK to the client device based on the encrypted data frame.  Otherwise, the Access Point decrypts the encrypted data frame, and determines whether to transmit an ACK to the client device.

The closest prior arts reviewed and of record, alone or in combination, fail to disclose the claimed invention as a whole recited in claim 1, similarly stated in each of claims 9 and 17, because, among other features, claim 1 recites:

“…generate a second management frame at the AP based on the stored state information; 
encrypt the second management frame with the stored encryption key; 
transmit the second management frame to the STA; and 
receive a first data frame over a second firmware connection, wherein the second firmware connection passes through the AP between the STA and an access controller (AC), wherein the AC does not communicate over the first firmware connection, such that communication between the AP and the AC occurs via a first secure tunnel over the first firmware connection, and communication between the STA and the AC occurs via a second secure tunnel over the second firmware connection”. 

As such, claims 1, 3-15, 17 and 19-21 are allowed.

Conclusion
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/            Examiner, Art Unit 2434