PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/825,242
Filing Date: 29 Nov 2017
Appellant(s): HOTCHKISS et al.



__________________

Jacob P. Beers, Reg. No. 68,574
&
Lawrence A. Baratta, Jr., Reg. No. 59,553

For Appellant


EXAMINER’S ANSWER





12/16/2021.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 09/15/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Restatement of Rejection 
The following ground(s) of rejection are applicable to the appealed claims:

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim[s] 1, 4, 5, 8, 11, 13, 18 - 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037]
As per claim 1. Lang does teach a Wi-Fi network [Lang, Figure # 1, component 100], comprising:
one or more access point devices [Lang, Figure # 1, component 120 – wireless access point] configured to provide network connectivity [Lang, Figure # 1, component # 105, network, and paragraph: 0002, lines 1 – 3, Wireless networks have become commonplace. For example, wireless access points are used in both home and enterprise environments to provide an internet connection to a variety of Transport Control Protocol/Internet Protocol (TCP/IP) enabled devices.] to one or more user devices [Lang, Figure # 1, components 130 [1], 130[2], 130[3] – mobile devices]; 
wherein the Wi-Fi network is designated by a Service Set Identifier (SSID) [Lang, paragraph 0003, lines 1 – 6, To join a network, a host station typically needs to identify a service set identifier (SSID) broadcast by an access point and then perform a process defined by the 802.11 protocol to join the wireless network represented by that SSID. In some cases, the host station may need to authenticate itself to join a wireless network as part of this process.]; 
wherein each of the one or more user devices [Lang, Figure # 1, components 130 [1], 130[2], 130[3] – mobile devices] accesses the Wi-Fi network using the SSID and one of the plurality of keys, each being a password or certificate for the Wi-Fi network [Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. applicant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. applicant’s SSID].]; and 
wherein each of the plurality of keys is associated with the SSID [Lang, paragraph: 0025, lines 1 – 5, In one embodiment, the WPS client 137.sub.1 receives credentials used to access the secure network hosted by the access point 120. Such credentials may include an SSID and password for accessing the secure network, as well as encryption keys, certificates or any other suitable credentials.], is associated only with one of the plurality of access zones [Lang, paragraph: 0020, lines 1 – 3, access points [i.e. applicant’s plurality of access zones]], and pairs with the SSID to provide access to the one of the plurality of access zones associated therewith, such that the one or more user devices accessing the Wi-Fi network using the SSID and a key associated with a particular access zone is assigned the access privileges associated with the particular access zone [Lang, paragraph: 0036, lines Once complete, the WPS component 220 provides the computing device 200 with a set of credentials used to access the secure network 225. In one embodiment, the WPS component 260 may itself update the wireless network settings using the credentials. For example, the WPS client component 260 may store an SSID, password, and any encryption and/or authentication keys used to access the secure network. [i.e. applicant’s assigned the access privileges associated with the particular access zone]].
Lang does not teach clearly wherein the Wi-Fi network is configured to provide, via any of the one or more access point devices, user level access control to network resources and other devices connected to the one or more access point devices based on which key of a plurality of keys is used to access the SSID by defining a plurality of access zones associated with the SSID, the SSID being a single SSID for the plurality of access zones, each access zone being an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network, via any of the one or more access point devices, the access privileges defining access to the internet and access to the other devices connected to the one or more access point devices on the Wi-Fi network;
wherein each access zone is accessible via any of the one or more access point devices using the SSID.
However, Olshansky does teach wherein the Wi-Fi network is configured to provide, via any of the one or more access point devices, user level access control to network resources [Olshansky,  Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s defining and access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. applicant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. Where at Olshansky, paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. applicant’s the access privileges defining access to the internet], Guest Rooms [i.e. applicant’s the access privileges defining access to the internet] and Meeting Rooms [i.e. applicant’s the access privileges defining access to the internet] without re-authentication, but not in the Business Center.] and other devices connected to the one or more access point devices [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. applicant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. applicant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and  based on which key of a plurality of keys is used to access the SSID [Olshansky, paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. applicant’s key of a plurality of keys] by defining a plurality of access zones associated with the SSID [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. applicant’s plurality of access zones]]. Where at paragraph: 0017, lines 1 – 6, In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID.], the SSID being a single SSID for the plurality of access zones [Olshansky, paragraph: 0017, lines 5 – 6, In an embodiment, , each access zone being an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network, via any of the one or more access point devices [Olshansky, paragraph: 0005, lines 5 – 10, In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points [i.e. applicant’s that the one or more devices are given while connected to the Wi-Fi network] associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network [i.e. applicant’s access privileges] through access points [i.e. applicant’s via any of the one or more access point devices] in different zones or where different zones have different security levels [i.e. applicant’s  user access level control…] associated with them.], the access privileges defining access to the internet [Olshansky, paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. applicant’s the access privileges defining access to the internet], Guest Rooms [i.e. applicant’s the access privileges defining access to the internet] and Meeting Rooms [i.e. applicant’s the access privileges defining access to the internet] without re-authentication, but not in the Business Center.] and access to the other devices connected to the one or more access point devices on the Wi-Fi network various user devices, are connected with, attempting to connect with, or are moving between connections with various access points. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network];
wherein each access zone is accessible via any of the one or more access point devices using the SSID [Olshansky, paragraph: 0017, lines 1 – 6, In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID. In an embodiment, the same SSID is assigned to all access points and zones in a network. Then at paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby, Guest Rooms and Meeting Rooms without re-authentication, but not in the Business Center. Where at paragraph: 0005, lines 6 – 12, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the .
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang and Olshansky in order for the authenticating of the requesting user for network access by SSID and password to an access point of Lang to include authenticating the requesting user by dynamic authentication policies depending on the type of zone the access point guards of Olshansky. This would allow for the access point to vary its authentication policies based on the type of zone the access point is guarding for authenticating the requesting user. See paragraph 0005, lines 1 – 6 of Olshansky. 
As per claim 4. Lang does teach the Wi-Fi network of claim 1, wherein the access zone defines one or more limitations related to traffic amount, access time, traffic prioritization, and time limit for access for the one or more devices accessing the Wi-Fi network with the associated access key [Lang, paragraph 0024, lines 4 – 8, For example, after a user pushes the PBC button 124 on the access point 120, a registration window begins, i.e., limited period of time where new devices may obtain credentials used to access a secure network hosted by the access point 120].
As per claim 5.  Lang does teach the Wi-Fi network of claim 1, wherein the access privileges further define limitations related to physical location in a distributed Wi-Fi system [Lang, paragraph 0003, The present disclosure is directed to providing a system for controlling network access in different physical locations of a network. In an embodiment, the disclosure describes a system for controlling access in a network for .
As per claim 8. Lang as modified does not teach the Wi-Fi network of claim 1, wherein the rules for the access privileges of each of the plurality of access zones [Olshansky, Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s rules for the access privileges] when moving between zones. For example, in an embodiment, anytime a user moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. applicant’s plurality of access zones]] to at least one of the Wi – Fi network [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. ] and the devices connected to the Wi – Fi network [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices, are connected with, attempting to connect with, or are moving between connections with various access points. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] are implemented on each access point in a multi-access point network such that all traffic does not need to be passed through a single AP in order for access control to operate [Olshansky, Figure # 2, components – 201, 203, 205, 207, 209, 221 and paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.].
As per claim 11. Lang as modified does teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to define the plurality of access zones, the access privileges of each of the access zones [Olshansky, paragraph: 0047, lines 4 – 9, This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones [i.e. applicant’s access privileges]], passwords, and certificates [Olshansky, paragraph 0005, lines 4 – 6, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. Then at paragraph 0005, lines 9 – 19, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network.].
As per claim 13. Lang as modified does teach the Wi-Fi network of claim 1, wherein each individual guest user has an access zone defined specifically for them [Olshansky, paragraph 0005, lines 3 – 5, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones.].
As per claim 18. Lang as modified does teach the Wi-Fi network of claim 1, wherein the plurality of access zones are automatically propagated across all of an owner’s networks comprising the Wi-Fi network and one or more additional Wi-Fi networks and any new extensions made to the owner’s network [Olshansky, Figure # 2, and paragraph 0024, lines 1 – 12, FIG. 2 illustrates a cross section of various access points in a hospitality setting. Hotel 201 includes guest rooms 203, conference room 205, restaurant 207 and lobby 209. The guest rooms 203, conference room 205, restaurant 207 and lobby 209 include various access points 221. Although illustrated as having one or more access points in each room, it is to be understood that 
As per method claim 19 that includes the same or similar claim limitations as Wi – Fi network claim 1, and is similarly rejected. 

As per Wi – Fi claim 20 that includes the same or similar claim limitations as Wi – Fi network claim 1, and is similarly rejected.

***The examiner notes that the prior art does teach applicant’s recited “one or more radio’s,” and “processor,” at Figure # 1, units: 141,143, 145, 147, 149, 151, 153, 155 – one or more radios, then unit : 103 – processor of Olshansky. 


Claim[s] 2, 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Menezes et al. [US PGPUB # 2012/0167185]
As per clam 2. Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the SSID is for both guest users and home users with the guest users having a different password or certificate from the home users.
However, Menezes does teach the Wi-Fi network of claim 1, wherein the SSID is for both guest users and home users with the guest users having a different password or certificate from the home users [paragraph 0021, lines 9 – 11, homes users can provide guest access to friends and relatives based on easily remembered identities, such as email addresses].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Menezes in order for the authenticating the requesting user for network access by SSID and password to an access point of Lang as modified to include encrypting the user credential data of Menezes. This would allow for the credential data to be protected while in transit to the network access point for authentication. See paragraph 0005, lines 1 – 6 of Menezes. 
As per claim 3. Lang as modified does teach the Wi-Fi network of claim 1, wherein the access zones comprise a first access zone with unlimited access and a second access zone for guests [Menezes, paragraph 0001, lines 6 – 9, Typically, a user has different passphrases and keys for home network access, and businesses setup temporary guest accounts for visitor access, or provide open, unsecure networks for guest access.], and wherein the second access zone comprises one or more devices on the Wi-Fi network selectively disallowed for the guests [Menezes, paragraph 0028, lines 2 – 4, a client device and grant Internet access via the network interface device to other designated users, such as the user contacts in an email .

Claim[s] 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Ilnickl et al. [US PGPUB # 2007/0286195]
As per claim 6. Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
	Further, Olshansky does teach the claim limitation of “for the access privileges to at least one of the Wi - Fi network [Olshansky, Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. applicant’s rules for the access privileges] when moving between zones. For example, in an embodiment, anytime a user moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6.] and the devices connected to the Wi – Fi network [Olshansky,  paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. applicant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone].”
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a traffic forwarding table within the one or more access points is programmed to control rules for the access privileges to at least one of the Wi - Fi network and the devices connected to the Wi – Fi network.
However, IInickl does teach the Wi-Fi network of claim 1, wherein a traffic forwarding table within the one or more access points is programmed to control rules [paragraph 0003, lines 5 – 9, Examples of inspection and processing by switches and routers can include blocking certain traffic based upon an access control list (ACL) by examining the frame/packet headers while performing the forwarding and routing function].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and IInickl in order for the authenticating the requesting user for network access by SSID and password to an access point of Lang as modified to include authentication of the requesting user on the fly IInickl. This would allow for the user to experience no delay in accessing the network during the authentication process. See paragraph 0013 of IInickl.

Claim[s] 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Lee et al. [US PGPUB # 2016/0270101]
  Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the one or more access point devices utilize frame forwarding rules based on Software Defined Networking (SDN) to implement the plurality of access zones.
However, Lee does teach Wi-Fi network of claim 1, wherein the one or more access point devices utilize frame forwarding rules based on Software Defined Networking (SDN) to implement the plurality of access zones [Figure # 1, and paragraph 0010, A network edge may be a combination of hardware and software that includes a number of wireless access points, wireless routers, switches, gateways, and instructions processed to define the forwarding behavior of data packets and extend network policies out to client devices. Further, as used in the present specification and in the appended claims, the term "access point" is meant to be understood broadly as any wireless network edge point within a network and can apply equally to a wireless access point, wireless router, switches, gateway, or any other wireless networking device. Then at paragraph 0012, lines 1 – 20, FIG. 1 is a block diagram of a network that includes wireless and wired communication devices, in accordance with examples of the present disclosure. The network 100 may include a network computing system that utilizes software-defined networking (SDN) infrastructure. For example, the network 100 may be a wireless local area network (WLAN), a wide area network (WAN), an enterprise private network, or a virtual private network (VPN), or combinations thereof. The network 100 can include a network controller 102 configured to support a plurality of network applications 104. The network controller 102 may be a computer, a server, or any sort of hardware or software device that can allow an administrator to control and manage a number of access points and client devices in the network 100 from a centralized location. The network applications 104 supported by the network controller 102 may include forwarding of data packets, establishments of network policies, and creation of time schedules. The network controller 102 can be communicatively coupled to a switch 103, which directs traffic to and from one or more access points 106 that act as network edges.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Lee in order for the administrator that monitors the packet traffic as the user interacts with the network Lang as modified to include monitoring the user by a software defined networking controller of Lee. This would allow for the administrator to dynamically adjust the traffic filtering scheme as needed in a quick and non – disruptive manner to the user interaction with the network. See paragraph 0001 of Lee.

Claim[s] 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Santos et al. [US PAT # 8122251]
As per claim 9.  Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, further comprising:
a captive portal configured to communicate to a user information related to the user’s access based on its access zone.
However, Santos does teach the Wi-Fi network of claim 1, further comprising:
a captive portal configured to communicate to a user information related to the user’s access based on its access zone [col. 21, lines 24 – 31, For example, where the transaction is a request to access a network via a network access point, the dynamic personal attribute may be displayed to the user on the display screen of the computer or other user device by which the user is attempting to access the access network, thereby enabling the user to determine the validity of the remote server prior to entering any authentication information.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Santos in order for the administrator that monitors the authenticating of the requesting user for network access by SSID and password to an access point of Lang as modified to include using a Black lists of IP addresses of Santos. This would allow for the administrator to protect the network from unauthorized access by an unauthorized IP addresses. See col. 1, lines 52 – 64 of Santos.
[s] 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Lee et al. [US PGPUB # 2013/0052992]
As per claim 10. Lang and Olshansky do teach what is taught in the rejection of claim 1 above. 
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a user attempting to access a denied service or device is connected to a web page or captive portal from which they can request access to the desired service or device.
However, Lee does teach Wi-Fi network of claim 1, wherein a user attempting to access a denied service or device is connected to a web page or captive portal from which they can request access to the desired service or device [Figure # 13 and paragraph 0153, lines 1 – 6,  Referring to FIG. 13, if an access request is generated from an application or a service that is determined to have to be blocked by the determining unit 240, the blocking module B may display a pattern lock screen to a user. The blocking module B may allow access if the pattern lock is released.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Lee in order for the user’s requests for access of the network of Lang as modified to include monitoring by the requesting user the application requests for network access from the user’s own device of Lee. This would allow for the prevention . 

Claim[s] 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Bushman et al. [US PGPUB # 2014/0074896]
As per claim 12.  Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to observe Internet and device access activities on the Wi-Fi network.
However, Bushman does teach the Wi-Fi network of claim 1, further comprising:
a dashboard from which an administrator accesses via a Web page or mobile application to observe Internet and device access activities on the Wi-Fi network [paragraph 0082, lines 1 – 11, Alerts may be displayed on a dashboard such as user interface 200 of FIG. 2 when numbers fall within a certain range (for example, the number of parent activity data fails below 1000), then the administrator is either automatically shown a drop down menu or is displayed a button that when pressed will display the drop down menu; the drop down menu being configured to provide an 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Bushman in order for the administrator that monitors the packet traffic as the user interacts with the network of Lang as modified to include dashboard with alert systems of Bushman. This would allow for the administer to make further exacting effective decision making by using drill down menus that display further details of potential intrusion by the requesting user during authentication of the user for network access. See paragraph 0014 of Bushman. 
Claim[s] 14, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Robinson et al. [US PGPUB # 2007/0288319]
As per claim 14. Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the key defining a password or certificate for a Wi-Fi client device is communicated via a Web page identified via a text or email message.
However, Robinson does teach the Wi-Fi network of claim 1, wherein the key defining a password or certificate for a Wi-Fi client device is communicated via a Web page identified via a text or email message [paragraph 0021, lines 9 – 28, For example, if the second user is enrolled in the biometric redemption rights system, the purchasing user could provide the second user's name or a system identification code via a system website, kiosk, email, and the like. If the second user is not enrolled in the system, the purchasing user could communicate information to the second user to enable the transfer. For example, the redemption rights transfer system could provide the purchasing user with a pass code related to the advance purchase, which could be communicated via email to the second user either by the system or the initial user. The second user could then enroll in the system at an authorization station, such as a kiosk, service desk, website or mobile communication device, by submitting required identification information and their biometric data. The enrolled second user could then submit the pass code received from the system or initial user in order to enable the transfer of redemption authorization for the advance purchase, provided that the transfer meets system and/or operator approval guidelines.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Robinson in order for the authenticating the requesting user for network access by SSID and password to an access point of Lang as modified to include authenticating the user’s biometric attributes for access to the network of Robinson. This would allow for the secure access of the network, based on that user biometric attributes are very difficult to duplicate. See paragraph 0005 of Robinson. 
Lang as modified does teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate, and wherein the Web page has one of instructions for utilizing the password or certificate or a single click mechanism for installing the password or certificate [Olshansky, paragraph 0005, lines 4 – 6, In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. Then at paragraph 0005, lines 9 – 19, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network].

Claim[s] 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Van Zoest et al. [US PGPUB # 2002/0062252]
As per claim 15.   Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate, and wherein the Web page has one or more of a long random Uniform Resource Locator (URL) and an expiry time of 24 hours or less.
However, Van Zoest does teach the Wi-Fi network of claim 1, wherein a Web page communicates the key defining the password or certificate [paragraph 0065, lines 1 – 11, Once the content is acquired or made accessible from a third party, a user can access this content with a personal computer 115, cell phone 116, or any device with Internet access. More specifically, the user accesses the data through the User Interface Server 120. The User Interface Server 120 displays a web page to users that access the system over the network 130. To access the system, the web site preferably requires the user to login before the user is permitted to access the site. FIG. 3 shows an example of a typical login 300, which requires the user to enter a previously assigned user identification and password.], and wherein the Web page has one or more of a long random Uniform Resource Locator (URL) and an expiry time of 24 hours or less [paragraph 0115, lines 7 – 10, For example, a URL may be acquired at 9:00 am and expire twenty four hours later so that any attempt to access that URL after 9:00 am the next day is not validated].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Van Zoest in order for the monitoring the authenticated user that accesses a network by SSID and password to an access point of Lang as modified to include a time limit of accessing the network of Van Zoest. This would allow for the access point .  
Claim[s] 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. [US PGPUB # 2013/0173702] in view of Olshansky et al. [US PGPUB # 2011/0030037] as applied to claim[s] 1 above, and further in view of Verkaik et al. [US PGPUB # 2016/0198501]
As per claim 17. Lang and Olshansky do teach what is taught in the rejection of claim 1 above.
Lang and Olshansky do not clearly teach the Wi-Fi network of claim 1, wherein the plurality of access zones are administered from a cloud to the Wi-Fi network and one or more additional Wi-Fi networks.
However, Verkaik does teach the Wi-Fi network of claim 1, wherein the plurality of access zones are administered from a cloud to the Wi-Fi network and one or more additional Wi-Fi networks [paragraph 0033,  To further illustrate, cloud 150 can provide specific services for client A. For example, cloud 150 can handle traffic, deploy a network or specific network components, configure links or devices, automate services or functions, or provide any other services for client A. Other non-limiting example services by cloud 150 can include network administration services, network monitoring services, content filtering services, application control, WAN optimization, firewall services, gateway services, storage services, protocol configuration services, wireless deployment services, and so forth. Then at paragraph 0036, lines 1 – 7, Cloud 150 can similarly provide one or more services to client B, as previously described with 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Lang as modified and Verkaik in order for the authenticating and accessing by the requesting user for access to a network of Lang as modified to include authenticating the user’s by a cloud controller to a cloud network of resources of Verkaik. This would allow for the user to be authenticated and access a collection of dynamically created resources in the cloud on demand by a cloud management layer. See paragraphs 0026, and 0049 of Verkaik. 
(3) New Grounds of Rejection to be Reviewed on Appeal
--None
(4) Withdrawn Ground of Rejection to be Reviewed on Appeal
--None
(5) Response to Argument
Appellant states on page[s] 7 of the appeal brief as filed: “Thus, the claims require that different permissions are granted to devices connected to the Wi-Fi network, using the same SSID, based on which key is used with the SSID to access the Wi-Fi network.”

the claims require that different permissions are granted to devices connected to the Wi-Fi network, using the same SSID, based on which key is used with the SSID to access the Wi-Fi network…….) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

Appellant states on page[s] 7 of the appeal brief as filed: “The combination of Lang and Olshansky fails to teach or suggest granting access privileges for a Wi-Fi Network based on which of multiple passwords/keys is used with the SSID to access the Wi-Fi network.”

In response the examiner isn’t persuaded, the examiner points to appellant’s argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e.,…….granting access privileges for a Wi-Fi Network based on which of multiple passwords/keys is used with the SSID to access the Wi-Fi network…….) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

Appellant states on page[s] 8 of the appeal brief as filed: “Appellant disagrees that the access points of Lang teach the claimed access zones (“an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices”). Individual access points are not the same as the claimed access zones which define access privileges over an entire Wi-Fi network.”

In response the examiner isn’t persuaded, the examiner points out that appellants arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
	The examiner points out that appellants argued clam limitation above was clearly rejected/made obvious over the prior art of Olshansky, and not the prior art of Lang as alleged by appellant in the argument above. See page[s] 11 – 13 of the final rejection dated 09/15/2021. 
	The examiner further point’s appellant attention to the prior art of Olshansky, specifically, at Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. 

same hotel or conference center, two different conferences which are simultaneously
occurring can have custom SSID's corresponding to the access grated to each group.
Conference A2 2009 for example can have a custom SSID entitled "Conference A2
2009" which allows access to access points in the Lobby [i.e. appellant’s the access
privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access
privileges defining access to the internet| and Meeting Rooms [i.e. appellant’s the
access privileges defining access to the internet] without re-authentication, but not in the business center. 
	Further of Olshansky, at Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] 
	Moreover, of Olshansky, at paragraph 0004, lines 1 — 4, In an embodiment, network access is controlled by implementing different authentication rules for different
network access points [i.e. appellant’s access level that defines and manages the user level access control ]. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 — 10 of Olshansky, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.
	Further of Olshansky, at paragraph: 0024, lines 24 — 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]]. 

Appellant states on page[s] 9 of the appeal brief as filed: “Appellant disagrees as having two custom SSIDs corresponding to access granted to each group teaches away from a singular SSID with multiple access zones defining access privileges and requiring re-authentication to access a separate grouping of access points has no bearing as to assigning an access zone defining access privileges based on which key associated with the SSID is used to access the Wi-Fi network.”

	In response the examiner isn’t persuaded, the examiner points to the prior art of Olshansky. Specifically, at paragraph: 0017, lines 5 — 6, In an embodiment, the same SSID is assigned to all access points and zones in a network. This meets appellant’s argument of: “Appellant disagrees as having two custom SSIDs corresponding to access granted to each group teaches away from a singular SSID with multiple access zones defining access privileges and requiring re-authentication to access a separate grouping of access points….etc.” 
	Further in response the examiner points out that appellant’s argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e.,….has no bearing as to assigning an access zone defining access privileges based on which key associated with the SSID is used to access the Wi-Fi network……) are not recited in the rejected claim(s).  Although In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
	The examiner notes that appellant’s argued claim limitation as identified above is not claimed at all or is not claimed clearly in the claimed invention as filed. The examiner is of the observation that the recited “access privileges,” are assigned to the one or more user devices accessing the Wi-Fi network using the SSID and a key might be connected to a particular access zone, and not assigning of an access zone based on a key that is associated with a particular access zone, as argued by appellant. 
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 9 of the appeal brief as filed: “
Grounds For Review
1. The combination of Lang and Olshansky does not teach or suggest a Wi-Fi network/access point that is “configured to provide user level access control to network resources and other devices connected to the Wi-Fi network based on which key of a plurality of keys is used to access the SSID by defining a plurality of access zones associated with the SSID” where the access zones is “an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices” and “each of the one or more user devices accesses the Wi-Fi network using the SSID and one of the plurality of keys.”

	In response the examiner isn’t persuaded, the examiner points to the prior art combination of Lang in view of Olshansky, the prior art discloses the argued claim limitation in the following manner:
“a Wi-Fi network/access point that is “configured to provide user level access control to network resources [Olshansky,  Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s defining and access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. Where at Olshansky, paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. appellant’s the access privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access privileges defining access to the internet] and Meeting Rooms [i.e. appellant’s the access privileges defining access to the internet] without re-authentication, but not in the Business Center.] and other devices connected to the Wi-Fi network [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] based on which key of a plurality of keys is used to access the SSID [Olshansky, paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. appellant’s key of a plurality of keys] by defining a plurality of access zones associated with the SSID [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]]. Where at paragraph: 0017, lines 1 – 6, In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID]” where the access zones is “an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices [Olshansky, paragraph: 0005, lines 5 – 10, In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points [i.e. appellant s that the one or more devices are given while connected to the Wi-Fi network] associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network [i.e. appellant’s access privileges] through access points [i.e. appellant’s via any of the one or more access point devices] in different zones or where different zones have different security levels [i.e. appellant’s  user access level control…] associated with them.]” and “each of the one or more user devices accesses the Wi-Fi network using the SSID and one of the plurality of keys. [Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. ]”
***The examiner’s response above applies equally to the same or similar remarks regarding claim[s] 1 in the appeal brief filed in response to. 

Appellant states on page[s] 9 of the appeal brief as filed: “2. There is no suggestion to modify the combination of Lang and Olshansky to address granting different permissions to devices connected to the Wi-Fi network, using the same SSID, based on which key is used with the SSID to access the Wi-Fi network.”

In response the examiner isn’t persuaded, the examiner points to In response to appellant's argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e., There is no suggestion to modify the combination of Lang and Olshansky to address granting different permissions to devices connected to the Wi-Fi network, using the same SSID, based on which key is used……………etc.) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 9 and 10 of the appeal brief as filed: “Appellant’s subject matter requires “a Wi-Fi network/access point that is “configured to provide user level access control to network resources and other devices connected to the Wi-Fi network based on which key of a plurality of keys is used to access the SSID by defining a plurality of access zones associated with the SSID” (emphasis added).”


…….wherein the Wi-Fi network is configured to provide, via any of the one or more access point devices, user level access control to network resources [Olshansky,  Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s defining and access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. Where at Olshansky, paragraph: 0017, lines 11 - 18,  For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled "Conference A2 2009" which allows access to access points in the Lobby [i.e. appellant’s the access privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access privileges defining access to the internet] and Meeting Rooms [i.e. appellant’s the access privileges defining access to the internet] without re-authentication, but not in the Business Center.] and other devices connected to the one or more access point devices [Olshansky, Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] based on which key of a plurality of keys is used to access the SSID [Olshansky, paragraph: 0005, lines 9 – 17, However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user [i.e. appellant’s key of a plurality of keys] by defining a plurality of access zones associated with the SSID [Olshansky, paragraph 0004, lines 1 – 4, In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 – 10, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. Where at paragraph: 0024, lines 24 – 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]]. access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID.
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 10 of the appeal brief as filed: “The first few lines of paragraph [0020] of Lang state “Note, the following description uses the push button configuration features of the WiFi Protected Setup standard as an example of PBC based association and authentication for network infrastructures that include multiple access points.” Thus, it appears that the Office is defining the multiple access points as being the claimed access zones. However, the access points of Lang do not fit the claimed definition of an access zone, which is “an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices” where “each of the one or more user devices accesses the Wi-Fi network using the SSID and one of the plurality of keys.” Thus, the access points of Lang do not suggest the claimed access zones that are all associated with the SSID.”

In response the examiner isn’t persuaded, the examiner points out that appellants arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

	The examiner further point’s appellant attention to the prior art of Olshansky, specifically, at Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. 
	Further of Olshansky, at paragraph: 0017, lines 11 - 18, For example, at the
same hotel or conference center, two different conferences which are simultaneously
occurring can have custom SSID's corresponding to the access grated to each group.
Conference A2 2009 for example can have a custom SSID entitled "Conference A2
2009" which allows access to access points in the Lobby [i.e. appellant’s the access
privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access
privileges defining access to the internet| and Meeting Rooms [i.e. appellant’s the
access privileges defining access to the internet] without re-authentication, but not in the business center. 
	Further of Olshansky, at Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] 
	Moreover, of Olshansky, at paragraph 0004, lines 1 — 4, In an embodiment, network access is controlled by implementing different authentication rules for different
network access points [i.e. appellant’s access level that defines and manages the user level access control ]. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 — 10 of Olshansky, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.
	Further of Olshansky, at paragraph: 0024, lines 24 — 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]].
Now combining the identified teachings of Olshansky above, and turning to the prior art of Lang [emphasis added….], at Figure # 1, components 130 [1], 130[2], 130[3] – mobile devices. Where at Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. 
Therefore when combining the identified portions of Olshansky, and Lang, we arrive at the conclusion that appellant’s claimed invention is an obvious varying of the combination of Olshansky and Lang. The prior art combination yields a device that accesses a network based on an SSID and network (password or key), where the network allows the authorized device to access some areas of a conference, and not other areas of conference thru an access point[s] of an access zone[s] (i.e. appellants an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices). 
The combination of Lang in view of Olshansky as articulated above meets appellant’s argument of: “Thus, it appears that the Office is defining the multiple access points as being the claimed access zones. However, the access points of Lang do not fit the claimed definition of an access zone, which is “an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices” where “each of the one or more user devices accesses the Wi-Fi network using the SSID and one of the plurality of keys.” Thus, the access points of Lang do not suggest the claimed access zones that are all associated with the SSID.””
 ***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 10 of the appeal brief as filed: “Further, Lang, in paragraphs [0025] and [0036] thereof (cited in the Office Action), merely disclose that user credentials (SSID, password, and encryption/authentication keys) provided by a
WPS component are used to access a secure network and that a WPS client component might store that information for accessing the secure network. There is no suggestion by such general description of authentication in Lang of the use of an SSID and password that the password itself is associated with user level access control, let alone the password being associated with an access zone that provides the user level access by granting access permissions to devices connecting to the Wi-Fi network based on the password used and the access zone (which defines those access permissions) associated with the password used.”

In response the examiner isn’t persuaded, the examiner points out that appellant’s argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e.,……There is no suggestion by such general description of authentication in Lang of the use of an SSID and password that the password itself is associated with user level access control…….) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. This meets appellant’s argument of: “There is no suggestion by such general description of authentication in Lang of the use of an SSID and password…etc.”
Further in response, the examiner points to the prior art of Olshansky, at Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. 
	Further of Olshansky, at paragraph: 0017, lines 11 - 18, For example, at the
same hotel or conference center, two different conferences which are simultaneously
occurring can have custom SSID's corresponding to the access grated to each group.
Conference A2 2009 for example can have a custom SSID entitled "Conference A2
2009" which allows access to access points in the Lobby [i.e. appellant’s the access
privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access
privileges defining access to the internet| and Meeting Rooms [i.e. appellant’s the
access privileges defining access to the internet] without re-authentication, but not in the business center. 
	Further of Olshansky, at Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] 
	Moreover, of Olshansky, at paragraph 0004, lines 1 — 4, In an embodiment, network access is controlled by implementing different authentication rules for different
network access points [i.e. appellant’s access level that defines and manages the user level access control]. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 — 10 of Olshansky, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.
	Further of Olshansky, at paragraph: 0024, lines 24 — 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]].
Now combining the identified teachings of Olshansky above, and turning to the prior art of Lang [emphasis added….], at Figure # 1, components 130 [1], 130[2], 130[3] . Where at Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. 
Therefore when combining the identified portions of Olshansky, and Lang, we arrive at the conclusion that appellant’s claimed invention is an obvious varying of the combination of Olshansky and Lang. The prior art combination yields a device that accesses a network based on an SSID and network (password or key), where the network allows the authorized device to access some areas of a conference, and not other areas of conference thru an access point[s] of an access zone[s] (i.e. appellants an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices). 
This meets appellant’s argument of: “…..let alone the password being associated with an access zone that provides the user level access by granting access permissions to devices connecting to the Wi-Fi network based on the password used and the access zone (which defines those access permissions) associated with the password used.”
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 10 of the appeal brief as filed: “Thus, the authentication in Lang does not suggest providing “user level access control to network 

	In response the examiner isn’t persuaded, the examiner points to the prior art combination of Lang in view of Olshansky. 
Further, in response the examiner is persuaded, the examiner points out that appellants arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
	The examiner points out that appellants argued clam limitation above was clearly rejected/made obvious over the prior art of Olshansky, and not the prior art of Lang as alleged by appellant in the argument above. See page[s] 11 – 13 of the final rejection dated 09/15/2021. 
	The examiner further point’s appellant attention to the prior art of Olshansky, specifically, at Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. 
	Further of Olshansky, at paragraph: 0017, lines 11 - 18, For example, at the
same hotel or conference center, two different conferences which are simultaneously
occurring can have custom SSID's corresponding to the access grated to each group.
Conference A2 2009 for example can have a custom SSID entitled "Conference A2
2009" which allows access to access points in the Lobby [i.e. appellant’s the access
privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access
privileges defining access to the internet| and Meeting Rooms [i.e. appellant’s the
access privileges defining access to the internet] without re-authentication, but not in the business center. 
	Further of Olshansky, at Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] 
	Moreover, of Olshansky, at paragraph 0004, lines 1 — 4, In an embodiment, network access is controlled by implementing different authentication rules for different
network access points [i.e. appellant’s access level that defines and manages the user level access control ]. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 — 10 of Olshansky, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.
	Further of Olshansky, at paragraph: 0024, lines 24 — 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]].
Now combining the identified teachings of Olshansky above, and turning to the prior art of Lang [emphasis added….], at Figure # 1, components 130 [1], 130[2], 130[3] – mobile devices. Where at Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. 
Therefore when combining the identified portions of Olshansky, and Lang, we arrive at the conclusion that appellant’s claimed invention is an obvious varying of the combination of Olshansky and Lang. The prior art combination yields a device that accesses a network based on an SSID and network (password or key), where the network allows the authorized device to access some areas of a conference, and not other areas of conference thru an access point[s] of an access zone[s] (i.e. appellants an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices). 
The combination of Lang in view of Olshansky as articulated above meets appellant’s argument of: “Thus, it appears that the Office is defining the multiple access points as being the claimed access zones. However, the access points of Lang do not fit the claimed definition of an access zone, which is “an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices” where “each of the one or more user devices accesses the Wi-Fi network using the SSID and one of the plurality of keys.” Thus, the access points of Lang do not suggest the claimed access zones that are all associated with the SSID.””
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 10 and 11 of the appeal brief as filed: “Olshansky does not cure the defects of Lang. First, Olshansky, in paragraph [0017] discloses the
use of custom SSIDs provided to different groups that correspond to the access granted to each group. Thus, the access control suggested in Olshansky is that of using multiple SSIDs. However, the use of multiple SSIDs for access control does not suggest the use of multiple passwords/keys with a singular SSID, where each password/key is utilized to control and grant access privileges based on the use thereof. Further, the only “zones” defined in Olshansky are defined as access points grouped together (and thus suffer from the same defect of Lang and are not the same as the claimed access zones). Further, Olshansky merely discloses that an administrator can configure rules for 


[0005] In an embodiment, access points are grouped into zones. In an embodiment, a zone includes one or more access points. In an embodiment, a network includes at least a plurality of zones. In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network.


[0017] In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID. In an embodiment, the same SSID is assigned to all access points and zones in a network. In an embodiment, a different SSID is assigned to each zone or to a group of zones. In an
embodiment, multiple SSID's can be assigned to the same zone or same set of access points. In this respect virtual SSID's can be set up corresponding to different groupings of zones or access points. For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled “Conference A2 2009” which allows access to access points in the Lobby, Guest Rooms and Meeting Rooms without re-authentication, but not in the Business Center. A second conference, Conference B1 2009, can also have a custom SSID entitled “Conference BI 2009” which allows access to the Lobby, Meeting Rooms, Guest Rooms and the Business Center without re-authentication. Similarly, network providers can also have various levels of SSIDs allowing access to different groups of access points where multiple SSIDs correspond to the same access point or zone. Different SSIDs can correspond to different payment levels. For example, an 

Nowhere in these paragraphs (or anywhere else in Olshansky) is it suggested that a password is in anyway associated with user level permissions granted to a device, but rather, as can be seen highlighted above, such authentication in Olshansky is merely disclosed as granting permission to use the network. The Office appears to focus on the re-authentication in Olshansky as somehow associating a key, password, etc. with access permissions. However, no such associations are made in Olshansky, let alone the association of a key with user level access controls. Indeed, the mere re-authentication means that the same SSID and password are used to access a different “zone” (i.e. grouping of access points). This is in contrast to what is claimed where access permissions are granted based on which key is used to access the Wi-Fi network via the SSID.”

	In response the examiner isn’t persuaded, the examiner points to the prior art combination of Lang in view of Olshansky. 

	The examiner further point’s appellant attention to the prior art of Olshansky, specifically, at Figure # 6 and paragraph: 0047, In an embodiment, an administrator can separately define different access rights [i.e. appellant’s access privileges] when moving between zones. For example, in an embodiment, anytime a user [i.e. appellant’s one or more devices] moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. 
at the
same hotel or conference center, two different conferences which are simultaneously
occurring can have custom SSID's corresponding to the access grated to each group.
Conference A2 2009 for example can have a custom SSID entitled "Conference A2
2009" which allows access to access points in the Lobby [i.e. appellant’s the access
privileges defining access to the internet], Guest Rooms [i.e. appellant’s the access
privileges defining access to the internet| and Meeting Rooms [i.e. appellant’s the
access privileges defining access to the internet] without re-authentication, but not in the business center. 
	Further of Olshansky, at Figure # 3 and paragraph: 0025, FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices [i.e. appellant’s other devices], are connected with, attempting to connect with, or are moving between connections with various access points [i.e. appellant’s access points]. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network] 
	Moreover, of Olshansky, at paragraph 0004, lines 1 — 4, In an embodiment, network access is controlled by implementing different authentication rules for different
network access points [i.e. appellant’s access level that defines and manages the user level access control ]. A network access point is any wired or wireless connection point to a network [i.e. appellant’s Wi-Fi network]. Then at paragraph 0016, lines 7 — 10 of Olshansky, This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like.
	Further of Olshansky, at paragraph: 0024, lines 24 — 25, Also, zones do not need to be restricted to a particular building, but can include multiple buildings. [i.e. appellant’s plurality of access zones]].
Now combining the identified teachings of Olshansky above, and turning to the prior art of Lang [emphasis added….], at Figure # 1, components 130 [1], 130[2], 130[3] – mobile devices. Where at Lang, paragraph 0003, lines 6 – 12, For example, to provide security, a wireless network may comply with established security standards such as WPA (Wifi Protected Access) or its predecessor WEP (wired equivalent privacy). In such cases, a device may authenticate itself to the wireless network by providing a password or key [i.e. appellant’s one of the plurality of keys] along with a service set identifier (SSID) [i.e. appellant’s SSID]. 
Therefore when combining the identified portions of Olshansky, and Lang, we arrive at the conclusion that appellant’s claimed invention is an obvious varying of the combination of Olshansky and Lang. The prior art combination yields a device that accesses a network based on an SSID and network (password or key), where the network allows the authorized device to access some areas of a conference, and not other areas of conference thru an access point[s] of an access zone[s] (i.e. appellants an access level that defines and manages the user level access control including access privileges that the one or more devices are given while connected to the Wi-Fi network via any of the one or more access point devices). 

Nowhere in these paragraphs (or anywhere else in Olshansky) is it suggested that a password is in anyway associated with user level permissions granted to a device………………….etc.,……… The Office appears to focus on the re-authentication in Olshansky as somehow associating a key, password, etc. with access permissions. However, no such associations are made in Olshansky……..”
Further in response the examiner points out that appellant’s argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e., This is in contrast to what is claimed where access permissions are granted based on which key is used to access the Wi-Fi network via the SSID.”) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 12, 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

Appellant states on page[s] 13 of the appeal brief as filed: “
2. There is no suggestion to modify the combination of Lang and Olshansky to address granting different permissions to devices connected to the Wi-Fi network, using the same SSID, based on which key is used with the SSID to access the Wi-Fi network.

The Office’s conclusion in the Office Action does not even address the concept of granting different permissions to devices connected to the Wi-Fi network based on which of multiple passwords/keys associated with the SSID is used to access the Wi-Fi network. Rather, the Office states Lang and Olshansky are combined “in order for the authenticating of the requesting user for network access by SSID and password to an 
user.” This completely misses the concept of utilizing multiple passwords/keys with a single SSID to define and control access privileges, but rather suggests that access privileges are controlled based on the access point a device authenticates with. As such, Appellant respectfully submits the only suggestion to grant different permissions to devices connected to the Wi-Fi network based on which of multiple passwords/keys associated with the SSID is used to access the Wi-Fi network is found in Appellant’s Specification.”

In response the examiner isn’t persuaded, the examiner points out that appellants  argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e., The Office’s conclusion in the Office Action does not even address the concept of granting different permissions to devices connected to the Wi-Fi network based on which of multiple passwords/keys associated with the SSID is used to access the Wi-Fi network.) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Further in response the examiner isn’t persuaded, the examiner points out that appellants argument that the references fail to show certain features of appellant’s invention, it is noted that the features upon which appellant relies (i.e.,……… This the concept of utilizing multiple passwords/keys with a single SSID to define and control access privileges……..etc.) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 13 regarding claim[s] 1, 19, 20 of the appeal brief as filed. 

(6) Conclusion of Examiner Answer
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434 
                                                                                                                                                                                                       Conferees:

/NOURA ZOUBAIR/        Primary Examiner, Art Unit 2434                                                                                                                                                                                                
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
Requirement to pay appeal forwarding fee. In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.