DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/14/2021 has been entered.

Response to Amendment
The amendment filed on 12/14/2021 has been entered.
Claims 1, 4, 6 and 9 have been amended.
Claims 1-22 are pending.

Response to Arguments

Applicant's arguments, regarding 35 U.S.C. ⁋ 102 and ⁋ 103 rejection of the pending claims have been fully considered.
Regarding Claims 1 and 6, applicant argues that Je fails to disclose receiving, from a terminal that is separate from the authentication device, a network permission request packet and the authentication device granting, in response to the network permission request packet and before any type of terminal authentication, a first network permission to the terminal. (Applicant Arguments/Remarks, Page 13)
Je teaches the service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed so that they are relatively far apart from each other. For example, the service access device 110 may be built in a user terminal, or in an equipment within user's space, such as a home or office [⁋ 0031]. Since, Je teaches the service access device 110 can be implemented as devices or servers that are independently installed, therefore, it is clear that the service access device 110 is separated from the user terminal 140. However, Je does not teach granting, in response to the network permission request packet and before any type of terminal authentication, a first network permission to the terminal (emphasis added). Examiner relies on Chhabra to teach these limitations, therefore, applicant’s arguments are moot because the arguments do not apply to the reference being used in the current rejection. See the newly crafted rejection, infra.
Regarding Claim 4, applicant argues that Shan fails to disclose a server sending, to the terminal, without passing through the authentication device, before receiving a response message from the authentication device in response to the first authentication success message, and when sending the first authentication success message to the authentication device, an authentication success indication message. (Applicant Arguments/Remarks, Page 16)
However, Examiner relies on Jung to teach these limitations, therefore, applicant’s arguments are moot because the arguments do not apply to the reference being used in the current rejection. See the newly crafted rejection, infra.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Where applicant acts as his or her own lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the written description must clearly redefine the claim term and set forth the uncommon definition so as to put one reasonably skilled in the art on notice that the applicant intended to so redefine that claim term. Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 1029, 1033 (Fed. Cir. 1999). The term “before any type of terminal authentication” in claim 1 and 6 is used by the claim, while the accepted meaning is, either “without any terminal authentication” or “before any terminal authentication”. The term is indefinite because the specification does not clearly redefine the term “type of terminal authentication”.
Regarding claim 3 and 8, the last limitation of the claims recite “…receiving, from the server, a second authentication success message that is based on the MAC address, based on reputation data of the terminal, and instructs the authentication device to grant the first network permission to the terminal.”, which is unclear, because it contradicts with Claims 1 and 6. Since, claims 1 and 6 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Je et al. (US 2011/0131630, hereinafter "Je") in view of Chhabra et al. (US 2015/0223070, hereinafter "Chhabra").

Regarding Claim 1, Je teaches a method implemented  by  an authentication device ([⁋ 0007], a service access method and device, a user authentication device) and comprising: receiving, from a terminal [e.g., Fig. 1, Terminal 140] that is separate from the authentication device [e.g., service access device 110], a network permission request packet ([⁋ 0029], an access request received from the terminal 140. [Fig.2, 0036], In operation S201,...a service access request received from the terminal 140. [Fig. 3, ⁋ 0053], The terminal 140 may transmit a service access request to the service access device 110 [e.g.,  the authentication device] in operation S301. [Fig. 1, ⁋ 0031], Fig 1 illustrates terminal 140 and service access device 110. Je teaches the service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed so that they are relatively far apart from each other. For example, the service access device 110 may be built in an equipment within user's space, such as a home or office. Since, Je teaches the service access device 110 can be implemented as ;
granting,  in response to the network  permission  request packet and before terminal authentication, a first network permission to the terminal ([⁋ 0017], a terminal transmits an access request and authentication information to a service access device, and a service processor performs a temporary access [e.g., a first network permission] in response to a permission of a temporary access request. [⁋ 0030] the service access device 110 may permit a temporary access to the terminal 140 based on a result of the temporary authentication. [⁋ 0040], service access device 110 may perform the temporary authentication based on a validation code. [⁋ 0047], when the terminal 140 is powered on, a user may be provided with a predetermined service through a temporary access. Accordingly, it is possible to provide the user with a simple push service, such as a notification or guidance information, prior to the main authentication);
receiving, from a server [e.g., Fig. 1, user authentication Device 120] and after granting the first network permission to the terminal, a first authentication failure message that is based on authentication failure of the terminal ([⁋ 0042], the result of the main authentication may be received from the user authentication device 120 [e.g., server]. The user authentication device 120 may perform the main authentication using the authentication information and, when the main ; and
withdrawing the first network permission in response to  the first authentication failure message ([⁋ 0013], revoking the temporary access when the main authentication fails. [⁋ 0015], When the main authentication fails, the user authentication device may transmit a request to revoke the temporary access to the service providing device. [⁋ 0041], when the main authentication fails, the service access device 110 may revoke the temporary access. [⁋ 0056], When the main authentication fails, the user authentication device 120 may request the service access device 110 to revoke the temporary access, and the service access device 110 may revoke the temporary access).
While, Je teaches the temporary access [e.g., first network permission],  granted based on some form of authentication ([⁋ 0017], a terminal transmits an access request and authentication information to a service access device, and a service processor performs a temporary access [e.g., a first network permission] in response to a permission of a temporary access request. [⁋ 0030] the service access granting, in response to the network permission request packet and before any type of terminal authentication, a first network permission to the terminal ([⁋ 0008], when the electronic device is connected to the network. Subsequently, the electronic device receives, from the authentication computer, network information that allows the electronic device to access a wireless network associated with the service provider at a remote location that is different from the home location. The network information eliminates a need for the electronic device to provide authentication information when accessing the wireless network [see also, ⁋ 0038]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Je’s teachings of permit temporary access with some form of authentication with Chhabra teaching of grant, an electronic device, access to a wireless network without any authentication, because it would have allowed the user to access the network any difficulties [Chhabra, ⁋ 0006]

Claim 6, Je teaches an authentication device comprising: a memory configured to store instruction; and a processor coupled to the memory and configured to execute the instructions ([⁋ 0031], service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed).
The rest of the limitations of Claim 6 are rejected under the same rationale of Claim 1.

Claims 2  and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of  Belton et al. (US Patent no. 9088891, hereinafter "Belton").

Regarding Claim 2, Je teaches the method of claim 1, wherein after granting the first network permission, the method further comprises: receiving, from the server, a first authentication success message that is based on authentication success of the terminal and that instructs the authentication device to grant a second network permission to the terminal [Fig. 2, ⁋ 0041], In operation S204, the service access device 110 may process a main authentication based on the authentication information. Specifically, the service access device 110 may permit a main access to the terminal 140 based on a result of the main ; and 
granting the second network permission to the terminal in response to the first authentication success message ([⁋ 0043], permit a main access [e.g., the second network permission] to the terminal 140 based on a result of the main authentication. [Fig. 3, ⁋ 0056], the service access device 110 may permit a main access to the terminal 140 in operation S311, and may transmit a main access request for the terminal 140 to the service providing device 130 in operation S312. Additionally, the terminal 140 may perform a main access connection to 
However, Je does not explicitly teach, but, Belton teaches wherein the second permission is broader than the first network permission [C.7:L.21-28], First authentication component 112 only allows traffic within a first walled garden. Upon authentication using first authentication component 112, device 100 is …granted access to a second walled garden representing second authentication component 114. After authenticating with second authentication component 114, device 110 has access beyond both walled gardens [e.g., broader than the first permission], to include network 116).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je with Belton in order to grant broader access after a secure authentication, because it would allow controlling client access limitation to the network resources.

Claim 7 is rejected under the same rationale of Claim 2.

Claims 3, 8, 12  and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of Ardeli et al. (US 2016/0036833, hereinafter "Ardeli").

Regarding Claim 3, Je does not explicitly teach, however, Chhabra teaches the method of claim 1, wherein the network permission request packet is a network access packet ([⁋ 0032] Communication between the electronic device and the authentication computer may include wireless communication. This wireless communication may involve conveying packets that are transmitted and received by radios in the electronic device and the authentication computer in accordance with a communication protocol), wherein a source media access control (MAC) address in the network access packet is a MAC address of the terminal ([⁋ 0037], …the request may include: a unique identifier of electronic device  (such as a media access control or MAC address)), and wherein before granting the first network permission, the method further comprises: sending the MAC address of the terminal to the server before granting the first network permission ([⁋ 0037] authentication computer may provide a request to accounting computer [e.g., server] to allow electronic device to access wireless network. For example, the request may include: a unique identifier of electronic device 112 (such as a media access control or MAC address), the network address and an expiration date of the access); and receiving, from the server, a second authentication success message that is based on the MAC address, based on reputation data [e.g., connection pattern] of the terminal, and instructs the authentication device to grant the first network permission to the terminal ([⁋ 0066], the authentication computer determines the connection pattern of the electronic device based on the received information. …the authentication computer identifies that the electronic device is at the home location based on the connection pattern. ..the authentication computer provides, to the accounting computer, the request to allow the electronic device to access the wireless network associated with the service provider at the remote location that is different from the home location. …the authentication computer communicates, to the electronic device, the network information [e.g., a second authentication success message], where the network information allows the electronic device to access the wireless network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Je’s teachings of permit temporary access with some form of authentication with Chhabra teaching of grant, an electronic device, access to a wireless network based on the MAC address and connection pattern of the device without any authentication, because it would have allowed the user to access the network without requiring any user action.
Although, Chhabra teaches allow network access based on the connection pattern of the network device, however Je in view of Chhabra do not explicitly teach, however, Ardeli teaches  authentication success message that is based on reputation data of the terminal ([⁋ 0067], grants a client device access to a 
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Chhabra in order to incorporate a method as disclosed by Ardeli to grant access of a client device to the network based on the reputation score of the client device. Because it would control client access privileges to the network resources based on client reputation.

Claim 8 is rejected under the same rationale of Claim 3.

Regarding Claim 12, Je in view of Ardeli do not explicitly teach, however, Chhabra teaches the method of claim 3, wherein the network access packet is an Internet Protocol (IP) packet ([⁋ 0032] Communication between the electronic device and the authentication computer may include wireless communication. 
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Ardeli with Chhabra in order to issue an IP request packet to access network resources, because it would have been a predictable variation of sending a request to access resources on a wireless communication network accordance with a communication protocol.

Claim 17 is rejected under the same rationale of Claim 12.

Claims 4 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Jung et al. (WO 2017/116016, hereinafter “Jung”).

Claim 4, Je teaches a method implemented by a server and comprising: receiving a first authentication request requesting to authenticate terminal ([⁋ ;
sending, to an authentication device in response to the first authentication request, a first authentication success message ([⁋ 0043], the user authentication device 120 may perform the main authentication using authentication information of the terminal 140 that is received from the service access device 110, and may transmit a result of the main authentication to the service access device 110. [⁋ 0056], when the main authentication succeeds, the user authentication device 120 may transmit a result of the main authentication to the service access device 110); 
However, Je does not explicitly teach, but Jung teaches sending, to the terminal, without passing through the authentication device, before receiving  a  response  message  from  the  authentication device  in response  to the first authentication success message, and when sending the first authentication success message to the authentication device, an  authentication success indication message ([2. User Authentication Process, Page 4.], …The Application  together with the user ID. Then, the beacon terminal 200 transmits the encrypted authentication data and the user ID together with the authentication data generated to the cloud server 300 [e.g. server]. If the authentication is successful, the cloud server 300 may transmit the authentication success message through the beacon terminal 200 or directly to the application 150 to inform the user of the authentication success. Since, Jung teaches the cloud server 300 may transmit the authentication success message…directly to the application 150 to inform the user of the authentication success, therefore, given the broadest reasonable interpretation, Examiner interprets the cloud server inform the user of the authentication success, without passing through the beacon terminal [e.g., authentication device], before receiving  a  response  message  from  the  beacon terminal).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je in order to incorporate a method as disclosed by Jung in order to transmit the authentication success message directly to the application to inform the user of the authentication success,   because it would allow the system to accelerate the authentication process.

Claim 9, Je teaches a server comprising: a memory configured to store instruction; and a processor coupled to the memory and configured to execute the instruction ([⁋ 0031], service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed). 
The rest of the limitations of Claim 9 are rejected under the same rational of Claim 4.

Claims 5  and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Jung further in view of Chhabra and Ardeli.

Claims 5 and 10 are rejected under the same rationale of Claim 3.

Claims 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra and Ardeli, further in view of Dowling et al. (US Patent no. 6522875, hereinafter "Dowling").

Regarding Claim 11, Je in view of Chhabra and  Ardeli do not explicitly teach, however, Dowling teaches the method of claim 3, wherein the network access packet is a Hypertext Transfer Protocol (HTTP) packet or a HTTP Secure (HTTPS) packet ([C.14:L.36-38], transmit one or more hypertext transfer protocol ( HTTP) request packets via the first network connection).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify references in order to incorporate a method as disclosed by Dowling to send a HTTP request packet to access the website. Because it would allow to establish a connection with a webserver and get access HTML pages.

Claim 16 is rejected under the same rationale of Claim 11.

Claims 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra and Ardeli, further in view of Belton.

Regarding Claim 13.  Je in view of Begley and Ardeli do not explicitly teach, however, Belton teaches the method of claim 3, wherein the second authentication success message comprises an identifier of the first network permission ([C.12:L.38-42], after the device is authenticated the device can be assigned an internet protocol (IP) address [e.g., an identifier of the first network permission] on the network. …this IP address can be a "production" (normal .
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify references in order to incorporate teachings of Belton to assign an identifier after authenticate a device. Because it would allow to identify device authentication based on the identifier.

Claim 18 is rejected under the same rationale of Claim 13.

Claims 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of Walsh et al. (US 2014/0053243, hereinafter "Walsh").

Regarding Claim 14,  Je teaches  the method of claim 1, wherein the first network permission is a temporary network permission ([⁋ 0007] may permit a temporary access based on a temporary authentication), however, Je in view of Chhabra does not explicitly teach, but, Walsh teaches a temporary network permission comprising a time limit ([⁋⁋ 0007, 0013], Restricted LAN Internet Access System grant the user a temporary Internet session…the temporary session could be limited by controlling the allowed time).


Claim 19 is rejected under the same rationale of Claim 14.

Claims 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over  Je in view of Jung, Chhabra and Ardeli further in view of Walsh.

Claims 15 and 20 are rejected under the same rationale of Claim 14.

Claims 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Jung and further in view of Shan (CN 101009910, hereinafter “Shan”).

Regarding Claim 21, Je in view of Jung do not explicitly teach, however Shan teaches the method of claim 4, wherein the authentication success indication message is an Extensible Authentication Protocol (EAP) success packet ([Page 6], …authentication device directly sends EAP success EAP-Success message to user terminal).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Jung with Shan in order to send EAP Success message to the terminal, because it would allow the terminal to access resources in a secure way using EAP.

Claim 22 is rejected under the same rationale of Claim 21.

Conclusion 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 9am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER-ANTHONY PAPPAS can be reached on 571-272-
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2448