Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
	

Priority
Acknowledgment is made of applicant's claim for foreign priority based on an application filed in China on January 19, 2017. A certified copy of the CN201710039832.8 application has been received.

Response to Amendment
	This communication is in response to the amendment filed on 11/11/2021. The Examiner acknowledges amended claims 1 and 5-23. Claims 2-4 have been cancelled. No claims have been added. Claims 1 and 5-23 are pending and claims 1 and 5-23 are rejected.  Claims 1, 10, and 17 is/are independent. 
The objection to claim 1 has been withdrawn.

The rejection under 35 U.S.C. 112(b) has been withdrawn.

Applicant's arguments/amendments have been fully considered, but are unpersuasive.		
	
	Response to Arguments
Applicant's arguments filed 11/11/2021 have been fully considered but they are unpersuasive.  

Regarding claim 1, applicant argues on pages 12-13 that:
	
In other words, Metral describes the process as: 
1) the client computing device broadcasts its device identifier when attempting to 
connect to the network, 
2) the access point receives the device identifier of the client computing device, 

the remote server, 
4) the client computing device sends a request to authenticate with the remote 
server, and 
5) the remote server send an executable to the client computing device causing 
the client computing device 102 to send the device identifier of the client 
computing device to the remote server. 
While Metral describes providing the received device identifier to the remote server, Metral does not describe the access point as sending the authentication request that includes the device identifier of client computing device because, in Metral, the client computing device, not the access point, sends the authentication request to the remote server. Therefore, Metral fails to disclose "receiving an authentication request sent by a network device, the authentication request including a unique device identifier of a user, the unique device identifier obtained by the network device in response to the network device detecting the user device accessing the network device" as amended claim 1 recites. 

Examiner respectfully disagrees. Paragraph 43 of Metral et al. U.S. Publication 20150095992 (hereinafter “Metral”) discloses that the remote server receives the device identifier from a client computing device via an access point, as part of an authentication process involving performing a lookup of the device identifier to determine the respective user credential. Receiving the device identifier via the access point in Metral is equivalent to receiving an authentication request as recited in claim 1 since paragraph 43 describes that “If the device identifier is recognized, remote server 104 may automatically authenticate client computing device 102 to remote server 104 based on the received device identifier (506).“  The receiving of the device identifier by the Metral remote server 104 as described in paragraph 43 is indeed receiving a request to authenticate the client computing device 102 because if the device identifier is recognized (paragraph 43, last sentence), then the client computing device is successfully authenticated.
Regarding the newly added limitations of claim 10, obtaining a unique device identifier of  device is disclosed in the Metral reference at para. 38 and 41. 
Regarding the newly added limitations of claim 17:
a sending unit stored in the memory and executable by the one or more processors to:
cause the user client to send  the identity information of the logged-in user and a unique device identifier of the electronic device to a network device in response to the network device detecting the user device accessing the network device, 
cause the network device to send an authentication request to a server of the instant messaging application, the authentication request including the identity information of the logged-in user and the unique device identifier of the electronic device

Authentication request (from the client computing device to remote server 104) is received with the user credential and the device identifier as described in Metral para. 41-43; the receiving of the device identifier plus a user credential by the Metral access point 108 is considered to be disclosing the authentication request of claim 17;  the credential and device identifier are sent from the client computing device via access point 108; the mapping is stored at the server as described at second half of Metral para. 42.
Furthermore, features of a logged-in user and storing/updating mapping of user identity to device identifier are disclosed by Mun et al. U.S. Publication 20150271177 (hereinafter “Mun”) and Pourfallah et al. U.S. Publication 20130218769 (hereinafter “Pourfallah”), respectively. To the extent that the remaining independent claims recite features similar to the features of claim 1, such features are also disclosed by the cited prior art as argued above with respect to claim 1. The arguments for the allowability of the remaining independent claims are therefore not persuasive.
The arguments for the allowability of the dependent claims depending from the respective independent claims are therefore also not persuasive.
Accordingly, Applicant's argument is unpersuasive.	
	
	
	
	

Claim Interpretation
(1) 	Examiner notes that claim 17 is not interpreted as invoking 35 U.S.C. 112(f) since there is sufficient structure recited, e.g., “a determination unit stored in the memory” and “sending unit stored in the memory”.
(2)	Examiner further notes that the claimed computer readable media in claims 10-16 is treated as a statutory type of computer readable media based on the disclosure in para. [0107] of the specification of the instant application.  Specifically, the disclosure at para. [0107] points out that, as used herein, “[0107] The computer readable media may include a volatile or non-volatile type, a removable or non-removable media, which may achieve storage of information using any method or technology. The information may include a computer-readable instruction, a data structure, a program module or other data. Examples of computer storage media include, but not limited to, phase-change memory (PRAM), …..compact disk read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassette tape, magnetic disk storage or other magnetic storage devices, or any other non- transmission media, which may be used to store information that may be accessed by a computing device. As defined herein, the computer readable media does not include transitory media, such as modulated data signals and carrier waves.”



Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claims 1, 5, 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral et al. U.S. Publication 20150095992 (hereinafter “Metral”), in view of Yoshimoto et al. U.S. Publication 20050157722 (hereinafter “Yoshimoto”).
As per claim 1, Metral discloses 
a method, performed by a server, the method comprising:
pre-recording a mapping relationship between a plurality of identity information of associated users of a preset group and a plurality of unique device identifiers;
(See Metral
[Metral paragraph 41 and 42 describes how remote server 104 stores the mapping relationships between the user credential and the device identifiers; paragraph 43 describes figure 5 which is how the remote server may receive the device identifier from the client computing device 102 via access point 108 and authenticate the user based on the device identifier by referring back to the previously stored mapping relationship stored as described in paragraph 42.]
Metral Para. [0026] ‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104 [associated users of a preset group].’
Metral [0037] ‘client computing device 102 may have to provide a credential to remote server 104 for authentication….. Since the device identifier is unique to the device, tying the device identifier to a credential [a mapping relationship ] used to authenticate with remote server 104 could provide a way to automatically authenticate client computing device 102 to remote server 104 when access point 108 associated with remote server 104 receives the device identifier.. Accordingly, authenticating using a device identifier may require matching the device identifier to the credential [pre-recording a mapping relationship]on a first attempt, and then using the device identifier for future authentication’
Metral [0041] ‘Access point 108 may receive ……device identifiers as client computing devices 102 pass within range of access point 108 [plurality of unique device identifiers = device identifiers as client computing devices 102]. Access point 108 may provide these device identifiers[plurality of unique device identifiers] among other information to remote server 104...’[The unique identifiers, including the device identifier for client computing device 102, are stored in the server]
Metral [0042] ‘The matched device identifier and authentication credential may then be stored [pre-recording a mapping relationship] in account information 122 of account database 120. Consequently, the next time client computing device 102 connects to network 106 via access point 108, access point 108 will send the device identifier from the received broadcast packet to remote server 104, and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.’[ plurality of identity information = authentication credential may then be stored in account information 122 (as shown in paragraph 41 there can be multiple client computing devices 102, each of these device 102 provide a credential, these credentials together disclose plurality of identity information) ; mapping relationship between a plurality of identity information of associated users of the preset group and a plurality of unique device identifiers]
Metral [0040] ’ remote server 104 may automatically authenticate[method, performed by a server] client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’)
)



 receiving an authentication request sent by a network device, the authentication request including a unique device identifier of a user device, the unique device identifier obtained by the network device in response to the network device detecting the user device accessing the network device; 
(See Metral 
[paragraph 43 of Metral discloses the remote server receives the device identifier as part of an authentication process involving performing a lookup of the device identifier to determine the respective user credential. This is after storing the mapping relationship between the user credential and the device identifier as described in Metral para. 42]
[0043]
…. FIG. 5, remote server 104 may receive a device identifier (502). In some embodiments, client computing device 102 may send out one or more broadcast packets that include a device identifier of client computing device 102 when client computing device 102 is attempting to connect to network 106. Access point 108 [network device = Access point 108 ]may receive any number of these broadcast packets and device identifiers [the unique device identifier obtained by the network device in response to the network device detecting the user device accessing the network device] as client computing devices 102 pass within range of access point 108. [The Metral access point detects the client computing device accessing the access point and obtains the device identifier of the client computing device ]Access point 108 may provide these device identifiers amongst other information to remote server 104. Remote server 104 may then determine if the device identifier is recognized (504). For example, remote server 104 may determine if the device identifier is matched to an authentication credential stored in account information 122 of account database 120. If the device identifier is recognized, remote server 104 may automatically authenticate client computing device 102 to remote server 104 based on the received device identifier (506).
[0028] ‘FIG. 2 ….. computing system 200, which may correspond to either of client computing device 102 or remote server 104,’ [user device = computing device 102; server = remote server 104 ]
Metral [0042]
‘access point 108 will send the device identifier from the received broadcast packet to remote server 104, [receiving an authentication request sent by a network device] and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.’
)
[Paragraph 43 of Metral discloses that the remote server receives the device identifier from a client computing device via an access point, as part of an authentication process involving performing a lookup of the device identifier to determine the respective user credential. Receiving the device identifier via the access point in Metral is equivalent to receiving an authentication request as recited in claim 1 since paragraph 43 describes that “If the device identifier is recognized, remote server 104 may automatically authenticate client computing device 102 to remote server 104 based on the received device identifier (506).“  The receiving of the device identifier by the Metral remote server 104 as described in paragraph 43 is indeed receiving a request to authenticate the client computing device 102 because if the device identifier is recognized (paragraph 43, last sentence), then the client computing device is successfully authenticated.]

determining an authentication result of the unique device identifier of the user device based on: 
a preset group having a binding relationship with the network device, 
the pre-recorded mapping relationship between the plurality of identity information of associated users of the preset group Atty/Agent: Shigeharu Furukawaand the plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers, and
a respective network access permission corresponding to each piece of the plurality of identity information; and
(See Metral 
[Metral paragraph 42 describes storing the mapping relationships between the user credential and the device identifiers for future authentication use; Metral paragraph 43 at the bottom describes how if it’s a matching device identifier than the client computing device is automatically authenticated; Metral paragraph 44 describes how if the device identifier is not recognized then the credential is used to complete the authentication process]
[0043]
FIG. 5 ……. authenticating using a device identifier, ……. remote server 104 may receive a device identifier (502). ……… If the device identifier is recognized, remote server 104 may automatically authenticate client computing device 102 to remote server 104 based on the received device identifier (506). ) [determining an authentication result of the unique device identifier of the user device; when the client device is recognized the client computing device is automatically authenticated with no credentials needed from the client device; whether the client computing device is recognized or not depends on whether remote server 104 has stored a mapping relationship between the user credential and the client computing device, the storing as described in Metral paragraph 42]
 [the unique device identifier of the user device being one of the plurality of unique device identifiers is disclosed because the client computing device has a  mapping relationship that have been stored as described in para. 42]
Metral Para. [0026] ‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104 [preset group having a binding relationship with the network device; users authenticating through the access point 108 so there is relationship], such as user 110..’
Metral [0037] ‘client computing device 102 may have to provide a credential to remote server 104 for authentication….. Since the device identifier is unique to the device, tying the device identifier to a credential [a mapping relationship ] used to authenticate with remote server 104 could provide a way to automatically authenticate client computing device 102 to remote server 104 when access point 108 associated with remote server 104 receives the device identifier.. Accordingly, authenticating using a device identifier may require matching the device identifier to the credential [a mapping relationship ]on a first attempt, and then using the device identifier for future authentication’
Metral [0041] ‘Access point 108 may receive any number of these broadcast packets and device identifiers as client computing devices 102 pass within range of access point 108 [ plurality of unique device identifiers = device identifiers as client computing devices 102]. Access point 108 may provide these device identifiers among other information to remote server 104...’[The unique identifiers, including the device identifier for client computing device 102, are stored in the server]
Metral [0042] ‘The matched device identifier and authentication credential may then be stored [the pre-recorded mapping relationship] in account information 122 of account database 120. Consequently, the next time client computing device 102 connects to network 106 via access point 108, access point 108 will send the device identifier from the received broadcast packet to remote server 104, and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.’[ plurality of identity information = authentication credential may then be stored in account information 122 (as shown in paragraph 41 there can be multiple client computing devices 102, each of these device 102 provide a credential, these credentials together disclose plurality of identity information);]
Metral [0040] ’ remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’ [ a respective network access permission corresponding to each piece of identity information.] ) and, 

returning the authentication result to the network device, to instruct the network device to control a network access operation of the user device according to the authentication result.
Metral [0022] ‘…… client computing device 102 may be required to authenticate to access point 108 to connect to network 106[network device  = access point 108;the network device to control a network access operation of the user device]. ….access point 108 may be capable of receiving instructions and rules from remote server 104 [instruct the network device] for analyzing patterns of traffic sent by client computing device 102.’
Metral [0025] ‘authenticating client computing device 102 to remote server 104 may allow applications executing on client computing device 102, such as browser application 112 and/or payment application 114, to access features provided by remote server 104[control a network access operation of the user device according to the authentication result; note the traffic is going through the access point.]..’
Metral [0040] ’ remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’ [this is permission to check in.] 
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account [network access operation ]with remote server 104.’
[Cannot access user account if access point not instructed by remote server 104 to allow access after authentication; authentication failure will result in no access to any user accounts on the remote server; with successful authentication  the sending of such user account values from the server to the access point means  that access point should forward the user account data to the client therefore the access point is controlling the network data flow according to the data presented by the server; if authentication fails there would be no user account data received at the access point and access point does not forward any data with user account information]

However, Metral does not expressly disclose 
A method, performed by a server of an instant messaging application

Yoshimoto discloses  
A method, performed by a server of an instant messaging application
(See Yoshimoto Para. 
Yoshimoto [0035]
‘FIG. 1 …. IM client 503 transmits an authentication request to the IM server 8 ‘	
Yoshimoto [0040] ‘Although the access server 3, IM server 8, authentication server 2 and DHCP server 4 are all discreet as described above, an optional combination  of these servers may be used if it is functionally equivalent similar to conventional examples.’[This teaches the messaging server can also perform authentication functions]
Yoshimoto [0037] ‘After the authentication succeeds [A method, performed by a server of an instant messaging application], the IM server 8 periodically transmits authentication confirmation or existence confirmation to the IM client 503 (S131)’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Metral with the technique for an instant messaging server to perform an authentication method of Yoshimoto to include 
A method, performed by a server of an instant messaging application
One of ordinary skill in the art would have made this modification to improve the ability of the system to authenticate users to facilitate instant messaging communication and/or other activities involving authenticated network access among users. The remote server 104 of the primary reference can be modified to perform instant messaging services and to receive authentication requests in order to login the user. Putting authentication and messaging services onto the same server would improve the efficiency of the server since a reduced number of devices and communications are required.

As per claim 5, the rejection of claim 1 is incorporated herein. 
The combined teaching of Metral and Yoshimoto discloses wherein the associated users comprise at least one of: an internal member of the preset group, an external contact of the preset group, and an external visitor of the preset group.
(See Metral Para. [0026]
‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104, such as user 110 [an internal member of the preset group].)

As per claim 7, the rejection of claim 1 is incorporated herein. 
The combined teaching of Metral and Yoshimoto discloses wherein the unique device identifier of the user device comprises a serial number of the user device, or a MAC address of the user device.
(See Metral Para. [0036]
‘the device identifier may be a media access control (MAC) address of client computing device 102 for connecting to network 106 via an access point ‘.
)

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral in view of Yoshimoto, further in view of Pourfallah et al. U.S. Publication 20130218769 (hereinafter “Pourfallah”).
As per claim 6, the rejection of claim 1 is incorporated herein. 
Metral discloses receiving a notification message from the user device, the notification message in response to a detection of a login activity of a user on the user device, or an access instruction to the network device from the user.  
(See Metral Para. [0041]
‘FIG. 4 …. computing device 102 may send out one or more broadcast packets that include a device identifier [an access instruction to the network device from the user.] of client computing device 102 when client computing device 102 is attempting to connect to network 106. Access point 108 may receive any number of these broadcast packets and device identifiers as client computing devices 102 pass within range of access point 108. Access point 108 may provide these device identifiers among other information to remote server 104 ….. Client computing device 102 may then send a request to authenticate with remote server 104 to…… request may include a credential used for authenticating with remote server 104. ... advantages of tying a credential used for authenticating with remote server 104 with the device identifier of client computing device 102.’
Metral [0042]
‘To match the device identifier with the credential, remote server 104 may …… send an executable that, when executed by processing component of client computing device 102, sends the device identifier of client computing device 102 to remote server 104 [the notification message from the user device]. Remote server 104 may then authenticate client computing device 102 to remote server 104 and match the credential with the device identifier. The matched device identifier and authentication credential may then be stored in account information 122 of account database 120 [updating the mapping relationship; the identity information = the credential]..’)
	However, the combination of Metral and Yoshimoto does not expressly disclose 
updating the mapping relationship in response to receiving a notification message from the user device
Pourfallah discloses updating the mapping relationship in response to receiving a notification message from the user device
(See Pourfallah Para. 
[0061] ‘store mapping of each PAN to a service provider (MMO/MNO) and a device identifier. …… a service/API to create and update the mapping of device identifiers to PANs under each MMO/MMP.  Each service request can include service provider ID, device identifier, PAN, ‘
Pourfallah [0049] ‘ two factor authentication in wh all ich transactions are authenticated by the consumer and authentication is performed using the consumer's device, ……consumer's device which can be linked to one or more accounts ‘
Pourfallah [0052] ‘  The central registry 318 can 
store mappings of device identifiers to personal account numbers (PANs)’
[0123] ‘consumers can purchase …. through CCPS 304.  ……CCPS 304 can validate and authenticate the request and debit the consumer's account.’ [the updated mapping relationship is used for instructing the server]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral and Yoshimoto with the technique for updating a mapping relationship of Pourfallah to include 
updating the mapping relationship in response to receiving a notification message from the user device, the notification message in response to a detection of a login activity of a user on the user device, or an access instruction to the network device from the user.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to maintain updated mapping entries. The system (remote server 104) of the primary reference can be modified to update mappings in a database of mappings as taught in the Pourfallah reference.

Claims 8-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral in view of Yoshimoto, further in view of Mun et al. U.S. Publication 20150271177 (hereinafter “Mun”).
As per claim 8, the rejection of claim 1 is incorporated herein. 
	However, the combination of Metral and Yoshimoto does not expressly disclose wherein the network access permission comprises one or more permission options.  
Mun discloses wherein the network access permission comprises one or more permission options.  
(See Mun Para. [0071] ‘ attempts to access[network access permission] the service using the user ID.’
[0052] ‘Once the authentication request is approved from authentication 
application 204 on electronic device 108, the user may be authenticated and 
permitted to access data 210 and/or services 212 on target server 104 without 
providing additional authentication factors to authentication server 102.’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral and Yoshimoto with the access permissions of Mun to include
wherein the network access permission comprises one or more permission options.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to grant access permissions according to confirmed user identity. The system (remote server 104) of the primary reference can be modified to determine an authentication result that includes access permissions for accessing a service as taught in the Mun reference. 

]

As per claim 9, the rejection of claim 8 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun discloses discloses wherein the one or more permission options comprise at least one of an existing permission for the user device, a valid period of the network access permission, a number of remaining usages of the network access permission, and a network range that is allowed to access.  
(See Metral Para. [0034]
‘…… merchant may allow user 110 having client computing device 102 to enter their store, find an item for purchase, and allow user to pay for the item using client computing device 102, and then show proof of payment to the merchant before user 110 can exit the store with the item. To allow this[permission options], the merchant may require that user authenticate to remote server 104 and/or check in to perform these actions. As another example, user 110 may be part of a loyalty program of the store, and may be provided with coupons or offers [permission options; users can access these coupons ]when user 110 authenticates to remote server 104 when in the store and/or checks in to the store, with such coupons or offers being provided to client computing device 102 for scanning by the merchant.’ 
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account with remote server 104.‘
 [ permission options comprise at least one of an existing permission for the user device = user can access account on remote server 104]
)

Claims 10-13, 15-19, and 21-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral in view of Yoshimoto, in view of Mun, in view of Pourfallah.
As per claim 10, Metral discloses 
One or more computer readable media storing executable instructions that, when executed by a network device client, cause the network device client to perform acts comprising: 
(See Metral   Para. [0033] ‘access point 108 may be similar to computing system 200 and include similar components to computing system 200.’
Metral [0030] Computing system 200 ……hard-wired circuitry may be used in place of or in combination with software instructions [network device client] to implement the present disclosure. ‘ 
[network device client = software instructions; network device client = processing component 206; network device client = network interface component 202,]
Metral [0030] ‘Computing system 200 may perform specific operations by processing component 206 executing one or more sequences of instructions contained in system memory component 208[One or more computer readable media storing executable instructions that, when executed], internal memory component 210, and/or external or static memory 212. …… the computer readable medium is tangible and non -transitory. In various implementations, non-volatile media include optical or magnetic disk’
Metral [0033] ‘……access point 108 may be similar to computing system 200 and include similar components to computing system 200. For example, access point 108 may include one or more memories 208-212, a processing component 206 including one or more processors, a network interface component 202…...’)

obtaining a unique device identifier of a user device in response to a network device detecting the user device accessing the network device;
(See Metral  [0038] ‘in FIG. 3, client computing device 102 may send out ….a device identifier of client computing device 102 when client computing device 102 is attempting to connect to network 106 [obtaining a unique device identifier of a user device in response to a network device detecting the user device accessing the network device]. …… Access point 108 may be configured to provide these device identifiers[] and the traffic associated with the device identifiers to remote server 104.‘
Metral [0041] ‘FIG. 4 ……. when client computing device 102 is attempting to connect to network 106. Access point 108 may receive any number of these broadcast packets and device identifiers as client computing devices 102 pass within range of access point 108.  [obtaining a unique device identifier of a user device in response to a network device detecting the user device accessing the network device] …….’)

sending an authentication request including the unique device identifier of the user device to a server of a preset application, wherein the authentication request is used for instructing the server to perform authentication on the unique device identifier of the user device preset based on:
(See Para. Metral [0028] ‘FIG. 2 ….. computing system 200, which may correspond to either of client computing device 102 or remote server 104,’ [user device = computing device 102; server = remote server 104 ]
Metral [0031] ‘…. Computing system 200 may transmit and receive messages’[  a server of a preset application’
Metral [0038]‘….. …… Access point 108 may be configured to provide these device identifiers and the traffic associated with the device identifiers to remote server 104.[ sending an authentication request including the unique device identifier of the user device to a server]  .’
Metral [0041] ‘FIG. 4 …… Access point 108 may provide these device identifiers among other information to remote server 104’
[ sending an authentication request including the unique device identifier of the user device to a server]  
Metral [0042] ‘access point 108 will send the device identifier from the received broadcast packet to remote server 104, [ sending an authentication request including the unique device identifier of the user device to a server]  and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.)

a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers,
(See Metral Para. [0028] ‘FIG. 2 ….. computing system 200, which may correspond to either of client computing device 102 or remote server 104,’ [user device = computing device 102; server = remote server 104 ]
Metral [0041] ‘FIG. 4 …… Access point 108 may provide these device identifiers [plurality of unique device identifiers; the unique device identifier of the user device being one of the plurality of unique device identifiers ] among other information to remote server 104’
Metral [0026]
‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104 [users authenticating through the access point 108 so there is binding relationship], such as user 110. In some embodiments, authentication application 118 may authenticate client computing device 102 to remote server based on information in account information 122 of account database 120.’
Metral [0037]‘client computing device 102 may have to provide a credential to remote server 104 for authentication….. Since the device identifier is unique to the device, tying the device identifier to a credential [a mapping relationship ] used to authenticate with remote server 104 could provide a way to automatically authenticate client computing device 102 to remote server 104 when access point 108 associated with remote server 104 receives the device identifier.. Accordingly, authenticating using a device identifier may require matching the device identifier to the credential [, a mapping relationship ]on a first attempt, and then using the device identifier for future authentication]
Metral [0042]‘The matched device identifier and authentication credential may then be stored [ mapping relationship ] in account information 122 of account database 120. Consequently, the next time client computing device 102 connects to network 106 via access point 108, access point 108 will send the device identifier from the received broadcast packet to remote server 104, and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.’[; plurality of identity information = authentication credential may then be stored in account information 122 (as shown in paragraph 41 there can be multiple client computing devices 102, each of these device 102 provide a credential, these credentials together disclose plurality of identity information;])

a network access permission corresponding to the identity information; and 
(See Metral [0040] ’ remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’ [ network access permission])

receiving an authentication result of the unique device identifier of the user device returned by the server, and 	(See Metral
Metral [0040] ’ remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’[receiving an authentication result]
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account with remote server 104.’
[Cannot access user account if access point not instructed by remote server 104 to allow access after authentication; authentication failure will result in no access to any user accounts on the remote server ; with successful authentication  the sending of such user account values from the server to the access point means  that access point should forward the user account data to the client therefore the access point is controlling the network data flow according to the data presented by the server; if authentication fails there would be no user account data received at the access point and access point does not forward any data with user account information])

controlling a network access operation of the user device according to the authentication result. (See Metral   
Metral [0033] ‘access point 108 may be capable of receiving instructions from remote server 104 that, when executed by one or more processors of remote server 104, may allow access point 108 to facilitate the analysis of information received from one or more client computing devices 102, including analyzing patterns of received network traffic’ [controlling a network access operation of the user device according to the authentication result; there would be network traffic if the device is allowed access and there would be no network traffic if the device is not allowed access]
[0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account [network access operation ]with remote server 104.’
[with successful authentication  the sending of such user account values from the server to the access point means  that access point should forward the user account data to the client therefore the access point is controlling the network data flow according to the data presented by the server; if authentication fails there would be no user account data received at the access point and access point does not forward any data with user account information])

	However, Metral does not expressly disclose 
sending an authentication request to a server of a preset instant messaging application
an updated mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers,
 	wherein the server generates theSerial No.: 16/516,186-4-Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship between the plurality of identity information and the plurality of unique device identifiers stored in the server upon receiving a notification message sent by the user device,
the notification message including identity information that is logged in a user client of the instant messaging application running on the user device and the unique device identifier of the user device, and
 	a network access permission corresponding to the logged-in identity information; and 

Yoshimoto discloses 
sending an authentication request to a server of a preset instant messaging application
(See Yoshimoto 
Yoshimoto [0019] ‘…Instant Messenger ( IM)’
Yoshimoto [0034] ‘an IM client 503 runs on a terminal 5’
Yoshimoto [0034] ‘…. IM is used by way of example as an application [ instant messaging application] which can acquire information of the network connection state of a user terminal.’

Yoshimoto Para. [0035] ‘FIG. 1 …….the IM client 503 [IM server 8= 
server of a preset instant messaging application
] transmits an authentication request to the IM server 8, by using the user name and password (S125).’
Yoshimoto [0037] ‘After the authentication succeeds, the IM server 8 periodically transmits authentication confirmation or existence confirmation to the IM client 503 (S131). In response to this, the IM client returns an authentication request or an existence notice (S132).’ ).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Metral with the technique for an instant messaging server to receive an authentication request of Yoshimoto to include
sending an authentication request including the unique device identifier of the user device to a server of a preset instant messaging application.

	However, the combination of Metral and Yoshimoto does not expressly disclose 
an updated mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers,
 	wherein the server generates the Serial No.: 16/516,186-4- Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship between the plurality of identity information and the plurality of unique device identifiers stored in the server upon receiving a notification message sent by the user device,
the notification message including identity information that is logged in a user client of the instant messaging application running on the user device and the unique device identifier of the user device, and
	a network access permission corresponding to the logged-in identity information; and 

Mun discloses 
the notification message including identity information that is logged in a user client of the instant messaging application running on the user device and the unique device identifier of the user device, and
logged-in identity information 

(See Mun Para. [0088]
‘ other types of user identifiers may be used to verify use of the electronic device by the user. For example, the user may enter a user ID [identity information that is logged in a user client of the instant messaging application running on the user device] and/or phone number that that can be used to send and receive instant messages ‘
Mun [0085]
‘FIG. 8 ….. enabling use of an electronic device in authenticating a user.’
Mun Para. [0046]
‘electronic device 108 may transmit [notification message ]license key 208 and a globally unique device ID 232 for electronic device 108 to license server 234[unique device identifier of the user device included in the notification message] ‘
[0054] ‘authentication server 102, target server 104, license server 234, and authentication repository 202 may be provided by a single physical machine,’
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral and Yoshimoto with the technique for generating a mapping of user ID to device ID based on a user ID that can send and receive instant messages of Mun to include
the notification message including identity information that is logged in a user client of the instant messaging application running on the user device and the unique device identifier of the user device, 
	a network access permission corresponding to the logged-in identity information; and 
One of ordinary skill in the art would have made this modification to improve the ability of the system to transmit a user’s login information to a server. The system (e.g., a user client) of the primary reference can be modified to determine and transmit the login identity data of a user end the unique device identifier as taught in the Mun reference. 

	However, the combination of Metral, Yoshimoto, and Mun does not expressly disclose 
an updated mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers,
 	wherein the server generates theSerial No.: 16/516,186-4- Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship between the plurality of identity information and the plurality of unique device identifiers stored in the server upon receiving a notification message sent by the user device,

Pourfallah discloses 
an updated mapping relationship 
wherein the server generates theSerial No.: 16/516,186-4- Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship between the plurality of identity information and the plurality of unique device identifiers stored in the server upon receiving a notification message sent by the user device,
(See Pourfallah Para. 
Pourfallah [0053] ‘The CCPS 304 can include a gateway services module 306 ‘
Pourfallah [0061] ‘The CCPS 304 can also provide the ability to store mapping of each PAN to a service provider (MMO/MNO) and a device identifier. …… a service/API to create and update the mapping [an updated mapping relationship; generates theSerial No.: 16/516,186-4- Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship ] of device identifiers to PANs under each MMO/MMP.  Each service request [upon receiving a notification message] can include service provider ID, device identifier, PAN, ‘
Pourfallah [0123] ‘consumers can purchase additional airtime for their 
mobile device through CCPS 304.  ……CCPS 304 can validate and authenticate the request and debit the consumer's account for the airtime purchase.’
Pourfallah [0049] ‘authentication is performed using the consumer's device, …… ‘
[0059] ‘ The CCPS 304 can also provide the ability to accept a request (originating at the MMP level) to generate one-time use PAN ‘[receiving a notification message sent by the user device]
Pourfallah [0050] ‘, each client can utilize their own MMP which is configured to communicate with CCP 204 or can utilize a native MMP provided by the MMS.’ [MMP is installed as a native application on the client device which sends the request which is the notification message]
Pourfallah [0052] ‘  The central registry 318 can 
store mappings of device identifiers to personal account numbers (PANs) and can 
be used to look-up PANs corresponding to device identifiers’
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral, Yoshimoto, and Mun with the technique for updating a mapping relationship of Pourfallah to include 
an updated mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers, the unique device identifier of the user device being one of the plurality of unique device identifiers,
 wherein the server generates the Serial No.: 16/516,186-4- Atty Docket No.: AB1-0771USLee&Hayes Atty/Agent: Shigeharu Furukawaupdated mapping relationship by updating a pre-stored mapping relationship between the plurality of identity information and the plurality of unique device identifiers stored in the server upon receiving a notification message sent by the user device,One of ordinary skill in the art would have made this modification to improve the ability of the system to maintain updated mapping entries. The system (remote server 104) of the primary reference can be modified to update mappings in a database of mappings as taught in the Pourfallah reference. 

As per claim 11, the rejection of claim 10 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses 
wherein controlling the network access operation of the user device according to the authentication result comprises: controlling the network access operation according to respective values of one or more permission options included in the authentication result.
 (See Metral Para.  [0024] Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account with remote server 104. 
[values of one or more permission options= user account with remote server 104.; authentication failure will result in no access to any user accounts on the remote server ; with successful authentication  the sending of such user account values from the server to the access point means  that access point should forward the user account data to the client therefore the access point is controlling the network data flow according to the data presented by the server; if authentication fails there would be no user account data received at the access point and access point does not forward any data with user account information]
Metral [0034]
‘…… merchant may allow user 110 having client computing device 102 to enter their store, find an item for purchase, and allow user to pay for the item using client computing device 102, and then show proof of payment to the merchant before user 110 can exit the store with the item. To allow this, the merchant may require that user authenticate to remote server 104 and/or check in to perform these actions. As another example, user 110 may be part of a loyalty program of the store, and may be provided with coupons or offers when user 110 authenticates to remote server 104 when in the store and/or checks in to the store, with such coupons or offers being provided to client computing device 102 for scanning by the merchant.’[respective values of one or more permission options= such coupons or offers being provided to client computing device 102; authentication failure will result in no coupons or offers]
Metral [0023] ‘client computing device 102 includes …… a mobile browser application, which may be used to provide a user interface to permit user 110 to browse information available over network 106, including information hosted by remote server 104. [permission options included in the authentication result =information hosted by remote server 104]……user 110 may …… access user account information or web content. [permission options included in the authentication result = user account information;  properly authenticated user device receives some data which represents permission options through the access point])

As per claim 12, the rejection of claim 11 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses  
wherein the one or more permission options comprise at least one of: whether the permission exists for the user device, a valid period of the permission, and a number of remaining usages of the permission, and a network range allowed to access.  
(See Metral Para. [0034]
‘…… merchant may allow user 110 having client computing device 102 to enter their store, find an item for purchase, and allow user to pay for the item using client computing device 102, and then show proof of payment to the merchant before user 110 can exit the store with the item. To allow this[permission options], the merchant may require that user authenticate to remote server 104 and/or check in to perform these actions. As another example, user 110 may be part of a loyalty program of the store, and may be provided with coupons or offers [permission options; users can access these coupons ]when user 110 authenticates to remote server 104 when in the store and/or checks in to the store, with such coupons or offers being provided to client computing device 102 for scanning by the merchant.’ 
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account with remote server 104.‘
 [ permission options comprise at least one of whether the permission exists for the user device = user account with remote server 104.; When accessing user account data authentication failure will result in no access to any user accounts on the remote server ; with successful authentication  the sending of such user account values from the server to the client through the access point represents permission options])

As per claim 13, the rejection of claim 12 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses wherein the network range allowed to access comprises one or more of an internal network of the preset group, a public network outside the preset group, a domestic range in the public network, and a foreign range in the public network.
(See Metral Para. [0033]
‘access point 108 may have components configured to connect a device, such as client computing device 102 to network 106. ‘
Metral [0022]
‘client computing device 102 may be required to authenticate to access point 108 to connect to network 106. ‘)

As per claim 15, the rejection of claim 10 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses wherein the network device client is run on the network device, and the network device is bound to the preset group.
(See Metral Para. [0026]
‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104, [network device is bound to the preset group ; the  way the users can access the Internet, e.g., user account on server 104, is through the access point so they are bound to access point]’ 
Metral [0033] ‘access point 108 may be similar to computing system 200 and include similar components to computing system 200.’
Metral [0030] Computing system 200 ……hard-wired circuitry may be used in place of or in combination with software instructions [network device client is run on the network device] to i Metral mplement the present disclosure. ‘ 
Metral [0033]‘ access point 108 may include one or more memories 208-212, a processing component 206 [network device client is run on the network device] including one or more processors, a network interface component 202, and a system bus 204 for interconnecting these components. In general, access point 108 may have components [network device client is run on the network device] configured to connect a device, such as client computing device 102 to network 106. …..access point 108 to facilitate the analysis of information received from one or more client computing devices 102,[ network device is bound to the preset group.] including analyzing patterns of received network traffic.’)

As per claim 16, the rejection of claim 10 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses
wherein the unique device identifier of the user device comprises a serial number of the user device, or a MAC address of the user device.
(See Metral Para. [0036]
‘the device identifier may be a media access control (MAC) address of client computing device 102 for connecting to network 106 via an access point ‘.)

As per claim 17, Metral discloses 
an electronic device comprising: 
one or more processors;
 memory; a determination unit stored in the memory and executable by the one or more processors to cause a user client of a preset application running on the electronic device to determine identity information of a user; and 
(See Metral 
[0028] ‘FIG. 2 ….. computing system 200, which may correspond to either of client computing device 102 or remote server 104,’ [electronic device = computing device 102; server = remote server 104 ]
Metral [0023] ‘Client computing device 102 may include any appropriate combination of hardware and/or software [determination unit; user client of a preset application] having one or more processors and capable of reading instructions stored on a tangible non-transitory machine-readable medium for execution by the one or more processors[running on the electronic device]. ……, client computing device 102 includes a machine-readable medium, such as a memory (not shown) that includes instructions for execution by one or more processors (not shown) for causing client computing device 102 to perform specific tasks.’
Metral [0031] ‘…. Computing system 200 may transmit and receive messages’[   preset application’
Metral [0029] ‘…..allowing for a user 120 of computing system 200 to input ….authentication information such as a credential, or identification information [determine identity information].’

a sending unit stored in the memory and executable by the one or more processors to:
 cause the user client to send the identity information of the user and a unique device identifier of the electronic device to a network device in response to the network device detecting the user device accessing the network device, and 
cause the network device to send an authentication request to a server of the instant messaging application, the authentication request including the identity information of the logged-in user and the unique device identifier of the electronic device, and
cause the server, in response to receiving the authentication request, to store a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, 
the user being one of the associated users,
the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
(See Metral
[authentication request ( from the client computing device to remote server 104) is received with the user credential and the device identifier as described in Metral para. 41 and 42; the receiving of the device identifier plus a user credential by the Metral access point 108 is considered to be disclosing the authentication request of claim 17;  the credential and device identifier are forwarded from the client computing device via access point 108; the mapping is stored at the server as described at 2nd half of Metral para. 42]
Metral [0041] ‘FIG. 4 …… Access point 108 may provide these device identifiers [plurality of unique device identifiers; the unique device identifier of the user device being one of the plurality of unique device identifiers ] among other information to remote server 104’
Metral Para. [0042]
 ‘To match the device identifier with the credential, remote server 104 may …… send an executable that, when executed by processing component of client computing device 102, sends the device identifier of client computing device 102 to remote server 104 [and a unique device identifier of the electronic device]. Remote server 104 may then authenticate client computing device 102 to remote server 104 and match the credential with the device identifier. The matched device identifier and authentication credential may then be stored in account information 122 of account database 120 [the identity information = the credential ; store a mapping relationship between the identity information and the electronic device]..’ [ plurality of identity information = authentication credential may then be stored in account information 122 (as shown in paragraph 41 there can be multiple client computing devices 102, each of these device 102 provide a credential, these credentials together disclose plurality of identity information;]
Metral 
[0023] ‘Client computing device 102 may include ….hardware and/or software [a sending unit; the user client] having one or more processors and capable of reading instructions stored on a tangible non-transitory machine-readable medium for execution by the one or more processors[running on the electronic device]. …. client computing device 102 includes a machine-readable medium, such as a memory (not shown) that includes instructions for execution by one or more processors [a sending unit stored in the memory and executable by the one or more processors; the user client]
Metral [0028] ‘FIG. 2 ….. computing system 200, which may correspond to either of client computing device 102 or remote server 104,’ [electronic device = computing device 102; server = remote server 104 ]
Metral [0031] ‘…. Computing system 200 may transmit and receive messages’[   application]’
Metral [0023] ’ ……browser application 112 … to permit user 110 to browse information available over network 106, including information hosted by remote server 104. …… allow user 110 to interface and communicate with remote server 104 ….. access websites to find and purchase items, as well as access user account information or web content’ [ application = Browser application 112;]. 
Metral [0026]
‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104 [users authenticating through the access point 108 so there is binding relationship],
Metral [0037] ’…… client computing device 102 may have to provide a credential to remote server 104 for authentication[send a authentication request ; authentication request including identity information; identity information= credential]. …… Since the device identifier is unique to the device, tying the device identifier to a credential used to authenticate with remote server 104 could provide a way to automatically authenticate client computing device 102 to remote server 104 when access point 108 associated with remote server 104 receives the device identifier…[ the user being one of the associated users; authentication request includes the identity information and a unique device identifier ]…, authenticating using a device identifier may require matching the device identifier to the credential on a first attempt[a mapping relationship], and then using the device identifier for future authentication.’
)

wherein the mapping relationship is used for instructing the server to apply a network access permission of the identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.
(See Metral 
Para. [0042] ‘access point 108 will send the device identifier from the received broadcast packet to remote server 104, and remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier.[ wherein the mapping relationship is used for instructing the server]
Metral [0040] ’ remote server 104 may automatically authenticate client computing device 102 using the authentication credential matched to the device identifier which may be used, in some embodiments, to check user 110 into a merchant or location associated with access point 108.’ [ apply a network access permission of the identity information; control the electronic device to implement a network access operation.]
Metral   [0024] Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account [network access operation ]with remote server 104. 
Metral [0033] ‘access point 108 may be capable of receiving instructions from remote server 104 that, when executed by one or more processors of remote server 104, may allow access point 108 to facilitate the analysis of information received from one or more client computing devices 102, including analyzing patterns of received network traffic.’
Metral [0026] ‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104, such as user 110.[ preset group = users having an account on remote server 104; the identity information in a preset group] In some embodiments, autentication application 118 may authenticate client computing device 102 to remote server based on information in account information 122 of account database 120.’

However, Metral does not expressly disclose 
[Metral does not disclose the instant messaging application, the logged-in user, or updating the mapping relationship, as indicated below]
a determination unit stored in the memory and executable by the one or more processors to cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user; and 
a sending unit stored in the memory and executable by the one or more processors to:
cause the user client to send  the identity information of the logged-in user and a unique device identifier of the electronic device to a network device in response to the network device detecting the user device accessing the network device, 
cause the network device to send an authentication request to a server of the instant messaging application, the authentication request including the identity information of the logged-in user and the unique device identifier of the electronic device, and 
cause the server, in response to receiving the authentication request, to update a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, the logged-in user being one of the associated users, the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
and wherein the updated mapping relationship is used for instructing the server to apply a network access permission of the logged-in identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.  

Yoshimoto discloses 
cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a user
cause the user client to send a notification message to a server of the instant messaging application
(See Yoshimoto 
Yoshimoto [0019] ‘…Instant Messenger ( IM)’
Yoshimoto [0034] ‘an IM client 503 runs on a terminal 5’
Yoshimoto [0034] ‘…. IM is used by way of example as an application [ instant messaging application] which can acquire information of the network connection state of a user terminal.’
Yoshimoto Para. [0035] ‘FIG. 1 …….the IM client 503 [IM client 503 = user client of the instant messaging application ] transmits an authentication request to the IM server 8, by using the user name and password (S125).’
Yoshimoto [0037] ‘After the authentication succeeds, the IM server 8 periodically transmits authentication confirmation or existence confirmation to the IM client 503 (S131). In response to this, the IM client returns an authentication request [determine identity information of a logged-in user; cause the user client to send a notification message to a server of the instant messaging application] or an existence notice (S132).’
[Yoshimoto paragraph 35 already describes the contents of the authentication request, and the client already has the user logged in by the time the client receives an authentication confirmation. Therefore the authentication request that the client “returns” includes identity information that is logged in. ]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Metral with the technique for an instant messaging server to receive an authentication request of Yoshimoto to include 
cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user
cause the network device to send an authentication request to a server of the instant messaging application
One of ordinary skill in the art would have made this modification to improve the ability of the system to authenticate users to facilitate instant messaging communication and/or other activities involving authenticated network access among users. The remote server 104 of the primary reference can be modified to perform instant messaging services and to receive authentication requests in order to login the user. Putting authentication and messaging services onto the same server would improve the efficiency of the server since a reduced number of devices and communications are required.

However, the combination of Metral and Yoshimoto does not expressly disclose 
 [the combination of Metral and Yoshimoto does not disclose the logged-in user, or updating the mapping relationship, as indicated below]
a determination unit stored in the memory and executable by the one or more processors to cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user; and 
a sending unit stored in the memory and executable by the one or more processors to:
cause the user client to send  the identity information of the logged-in user and a unique device identifier of the electronic device to a network device in response to the network device detecting the user device accessing the network device, 
cause the network device to send an authentication request to a server of the instant messaging application, the authentication request including the identity information of the logged-in user and the unique device identifier of the electronic device, and 
cause the server, in response to receiving the authentication request, to update a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, the logged-in user being one of the associated users, the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
and wherein the updated mapping relationship is used for instructing the server to apply a network access permission of the logged-in identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.  

Mun discloses
cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user
send  the identity information of the logged-in user and a unique device identifier of the electronic device 
logged-in user,
logged-in identity information 
(See 
Mun Para. [0046]
‘electronic device 108 may transmit [send  the identity information]license key 208 and a globally unique device ID 232 [unique device identifier ]for electronic device 108 to license server 234 ‘ [the identity information of the logged-in user and a unique device identifier of the electronic device ][both Mun paragraph 46 and 88 discuss verifying that the user has the electronic device and the user’s device provides both the user ID and device ID]
Mun Para. [0088]
‘ other types of user identifiers may be used to verify use of the electronic device by the user. For example, the user may enter a user ID [cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user; authentication request includes the identity information of the logged-in user ] ….. to send and receive instant messages[logged-in identity information; if user can send and receive instant messages he is logged in] ‘
Mun [0085]
‘FIG. 8 ….. enabling use of an electronic device in authenticating a user.’
Mun [0054] ‘authentication server 102, target server 104, license server 234, and authentication repository 202 may be provided by a single physical machine,’
Mun [0045] ‘To secure data 210 and/or services 212 against unauthorized access, 
an authentication module 218 on authentication server 102 may use electronic 
device 108 to authenticate the user prior to granting access [to apply a network access permission of the logged-in identity information]’
)
For the reasons discussed with respect to claim 10, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral and Yoshimoto with the technique for generating a mapping of user ID to device ID based on a user ID that can send and receive instant messages of Mun to include
a determination unit stored in the memory and executable by the one or more processors to cause a user client of a preset instant messaging application running on the electronic device to determine identity information of a logged-in user; and 
a sending unit stored in the memory and executable by the one or more processors to:
cause the user client to send  the identity information of the logged-in user and a unique device identifier of the electronic device to a network device in response to the network device detecting the user device accessing the network device, 

cause the network device to send an authentication request to a server of the instant messaging application, the authentication request including the identity information of the logged-in user and the unique device identifier of the electronic device, and 
cause the server, in response to receiving the authentication request, to store a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, the logged-in user being one of the associated users, the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
wherein the mapping relationship is used for instructing the server to apply a network access permission of the logged-in identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.


However, the combination of Metral, Yoshimoto, and Mun does not expressly disclose 
cause the server, in response to receiving the authentication request, to update a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, the logged-in user being one of the associated users, the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
and wherein the updated mapping relationship is used for instructing the server to apply a network access permission of the logged-in identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.  

Pourfallah discloses
cause the server, in response to receiving the authentication request, to update a mapping relationship
	the updated mapping relationship is used for instructing the server
(See Pourfallah Para. 
[0061] ‘store mapping of each PAN to a service provider (MMO/MNO) and a device identifier. …… a service/API to create and update the mapping of device identifiers to PANs under each MMO/MMP.  Each service request can include service provider ID, device identifier, PAN, ‘
Pourfallah [0049] ‘ two factor authentication in which transactions are authenticated by the consumer and authentication is performed using the consumer's device, ……consumer's device which can be linked to one or more accounts ‘
Pourfallah [0052] ‘  The central registry 318 can 
store mappings of device identifiers to personal account numbers (PANs)’
[0123] ‘consumers can purchase …. through CCPS 304.  ……CCPS 304 can validate and authenticate the request and debit the consumer's account.’ [the updated mapping relationship is used for instructing the server]
).
For the reasons discussed with respect to claim 10, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral, Yoshimoto, and Mun with the technique for updating a mapping relationship of Pourfallah to include 
cause the server, in response to receiving the authentication request, to update a mapping relationship between a plurality of identity information of associated users of a preset group having a binding relationship with the network device and a plurality of unique device identifiers that is pre-recorded in the server, the logged-in user being one of the associated users, the unique device identifier of the electronic device being one of the plurality of unique device identifiers, and
and wherein the updated mapping relationship is used for instructing the server to apply a network access permission of the logged-in identity information in the preset group to the electronic device to control the electronic device to implement a network access operation based on one or more network devices under the preset group.  


As per claim 18, the rejection of claim 17 is incorporated herein. 
Metral discloses wherein the sending unit is further configured to cause the user client to send a notification message to the server of the application when the user client detects a user login activity, or when the user client detects an access instruction for any network device, the notification message including the identity information of the logged-in user and the unique device identifier of the electronic device.
(See Metral Para. [0041]
‘FIG. 4 is a diagram illustrating a flow of authenticating using a device identifier, …… client computing device 102 may send out one or more broadcast packets that include a device identifier [when the user client detects an access instruction for any network device] of client computing device 102 when client computing device 102 is attempting to connect to network 106. Access point 108 may receive any number of these broadcast packets and device identifiers as client computing devices 102 pass within range of access point 108. Access point 108 may provide these device identifiers among other information to remote server 104 based on rules provided to access point 108 from remote server 104. Client computing device 102 may then send a request to authenticate with remote server 104 to, for example, check in to a location or merchant associated with access point 108 and/or to access features provided by remote server 104, such as those discussed previously. The request may include a credential [unique device identifier ]used for authenticating with remote server 104. In some embodiments, a merchant may have a notification, sign, placard, alert, e-mail message, and the like, that informs user 110 of the benefits of authenticating with remote server 104 when visiting the merchant's store. User 110 may also be provided with information regarding benefits and advantages of tying a credential used for authenticating with remote server 104 with the device identifier of client computing device 102.’
 [0042]
‘To match the device identifier with the credential, remote server 104 may …… send an executable that, when executed by processing component of client computing device 102, sends the device identifier of client computing device 102 to remote server 104 [send the notification message to the server]. Remote server 104 may then authenticate client computing device 102 to remote server 104 and match the credential with the device identifier. The matched device identifier and authentication credential may then be stored in account information 122 of account database 120 [the identity information = the credential]..’
)
However, Metral does not expressly disclose cause the user client to send the notification message to the server of the instant messaging application
the identity information of the logged-in user
Yoshimoto discloses cause the user client to send the notification message to the server of the instant messaging application

(See Yoshimoto 
Yoshimoto [0019] ‘…Instant Messenger ( IM)’
Yoshimoto [0034] ‘an IM client 503 runs on a terminal 5’
Yoshimoto [0034] ‘…. IM is used by way of example as an application [ instant messaging application] which can acquire information of the network connection state of a user terminal.’

Yoshimoto Para. [0035] ‘FIG. 1 …….the IM client 503 [IM client 503 = user client of the instant messaging application ] transmits an authentication request to the IM server 8, by using the user name and password (S125).’
Yoshimoto [0037] ‘After the authentication succeeds, the IM server 8 periodically transmits authentication confirmation or existence confirmation to the IM client 503 (S131). In response to this, the IM client returns an authentication request [cause the user client to send the notification message to the server of the instant messaging application] or an existence notice (S132).’
[Yoshimoto paragraph 35 already describes the contents of the authentication request, and the client already has the user logged in by the time the client receives an authentication confirmation. Therefore the authentication request that the client “returns” includes identity information that is logged in. ] ).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Metral with the technique for an instant messaging server to receive an authentication request of Yoshimoto to include
cause the user client to send the notification message to the server of the instant messaging application.

	However, the combination of Metral and Yoshimoto does not expressly disclose 
the identity information of the logged-in user 

Mun discloses 
(See Mun Para. [0088]
‘ other types of user identifiers may be used to verify use of the electronic device by the user. For example, the user may enter a user ID [identity information that is logged in a user client of the instant messaging application running on the user device] and/or phone number that that can be used to send and receive instant messages ‘
Mun [0085]
‘FIG. 8 ….. enabling use of an electronic device in authenticating a user.’
Mun Para. [0046]
‘electronic device 108 may transmit [notification message ]license key 208 and a globally unique device ID 232 for electronic device 108 to license server 234[unique device identifier of the user device included in the notification message] ‘
[0054] ‘authentication server 102, target server 104, license server 234, and authentication repository 202 may be provided by a single physical machine,’
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral and Yoshimoto with the technique for transmitting a user ID of Mun to include 
the notification message including the identity information of the logged-in user and the unique device identifier of the electronic device.
One of ordinary skill in the art would have made this modification to improve the ability of the system to transmit logged in identity of a user. The system of the primary reference (e.g. client device) can be modified to determine and transmit the logged in identity of the user as taught in the Mun reference.


As per claim 19, the rejection of claim 17 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses wherein the unique device identifier of the electronic device comprises a serial number of the electronic device, or a MAC address of the electronic device.
(See Metral Para. [0036]
‘the device identifier may be a media access control (MAC) address of client computing device 102 for connecting to network 106 via an access point ‘.
)

As per claim 21, the rejection of claim 17 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses wherein the associated users comprise at least one of: an internal member of the preset group, an external contact of the preset group, and an external visitor of the preset group.
(See Metral Para. 
[0026]
‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104 [at least one of: an internal member of the preset group = user having an account on remote server 104;], such as user 110..’)

As per claim 22, the rejection of claim 17 is incorporated herein. 
The combined teaching of Metral, Yoshimoto, Mun and Pourfallah discloses , wherein the network access permission comprises at least one of an existing permission for the user device, a valid period of the network access permission, a number of remaining usages of the network access permission, and a network range that is allowed to access.
(See Metral Para. [0034]
‘…… merchant may allow user 110 having client computing device 102 to enter their store, find an item for purchase, and allow user to pay for the item using client computing device 102, and then show proof of payment to the merchant before user 110 can exit the store with the item. To allow this[permission], the merchant may require that user authenticate to remote server 104 and/or check in to perform these actions. As another example, user 110 may be part of a loyalty program of the store, and may be provided with coupons or offers [permission options; users can access these coupons ]when user 110 authenticates to remote server 104 when in the store and/or checks in to the store, with such coupons or offers being provided to client computing device 102 for scanning by the merchant.’ 
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account with remote server 104.‘
 [ network access permission comprises at least one of an existing permission for the user device = user can access account on remote server 104]
)

As per claim 23, the claim(s) is/are directed to a computer readable media with limitations which correspond to limitations of claim 21, and is/are rejected for the reasons detailed with respect to claim 21.  

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral in view of Yoshimoto, in view of Mun, in view of Pourfallah, in view of Mullins et al. U.S. Publication 20030163741 (hereinafter “Mullins”).
As per claim 14, the rejection of claim 12 is incorporated herein. 
Metral discloses the user device accesses the network device and implements the network access operation once.
(See Metral Para. [0022]
‘…… client computing device 102 may be required to authenticate to access point 108 to connect to network 106
Metral [0024] ‘Client computing device 102 may include other applications 116 ….. to provide ….accessing a user account [accesses the network device]with remote server 104.’)
	However, the combination of Metral, Yoshimoto, Mun, and Pourfallah does not expressly disclose wherein the number of remaining usages of the permission is decremented by one after the user device accesses the network device and implements the network access operation once.
Mullins discloses wherein the number of remaining usages of the permission is decremented by one after the user device accesses the computer program and implements the usage operation once.
(See Mullins Para. [0045] ‘Preferably the user purchases usage units in advance of use of the computer program, the usage unit total being reduced by each charge, use being authorised only while there are a positive number of usage units left.’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral, Yoshimoto, Mun and Pourfallah with the technique for maintaining count of and documenting the count of usage permissions of Mullins to include wherein the number of remaining usages of the permission is decremented by one after the user device accesses the network device and implements the network access operation once.
One of ordinary skill in the art would have made this modification to improve the ability of the system to track the usage of the authorization rights. Either the client or server of the primary reference may be modified according to the usage tracking technique of the Mullins reference to ensure that the client has not used more of the access rights than authorized.

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Metral in view of Yoshimoto, in view of Mun, in view of Pourfallah, in view of Kaal et al. U.S. Publication 20120266217 (hereinafter “Kaal”).
As per claim 20, the rejection of claim 17 is incorporated herein. 
Metral discloses the one or more network devices under the preset group
[0026] ‘Remote server 104 may also include an account database 120 that includes account information 122 for users having an account on remote server 104, such as user 110.’ 
Metral [0033] ‘access point 108 may be capable of receiving instructions from remote server 104 that, when executed by one or more processors of remote server 104, may allow access point 108 to facilitate the analysis of information received from one or more client computing devices 102,[ the one or more network devices under the preset group]
	However, the combination of Metral, Yoshimoto, Mun, and Pourfallah does not expressly disclose wherein the electronic device is configured to scan and find the one or more network devices under the preset group through active scanning or passive scanning.
Kaal discloses wherein the electronic device is configured to scan and find the one or more network devices under the preset group through active scanning or passive scanning.

 (See Kaal Para. [0044] ‘FIG. 3 ……… a method of permitting access to the network 120 ….. …. the client 108 of the first user 102 scans for wireless network access points …. ‘
[0036] ‘FIG. 1 …... The user terminals 104 and 112 can access the network 120 by communicating wirelessly with the access point 122, as shown by the dotted lines in FIG. 1. The wireless communication between the access point 122 and the user terminals 104 and 112 may use a WiFi connection’).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Metral, Yoshimoto, Mun and Pourfallah with the technique to scan for an access point of Kaal to include wherein the electronic device is configured to scan and find the one or more network devices under the preset group through active scanning or passive scanning.
One of ordinary skill in the art would have made this modification to improve the ability of the client devices to search for the access point to connect to the network. The client device of the primary reference can be modified to scan for access points according to the technique taught in the Kaal reference.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HOWARD H. LOUIE/Examiner, Art Unit 2494   

/SHANTO ABEDIN/Primary Examiner, Art Unit 2494