Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/03/2022 has been entered.
 
Response to Amendment 
   This office action is responsive to amendment filed on 01/03/2022. The Examiner has acknowledged the amendments to Claims 1, 10 and 19. claims 9 and 18 have been canceled.
Claims 1-7, 10-16 and 19-20 have been presented for examination and are rejected.

Response to Arguments
Applicant's argument, filed on January 03, 2022, have been entered and carefully considered. 
Applicant's arguments filed on 01/03/2022 with respect to claims 1-7, 10-16 and 19-20 have been considered but are moot in view of the new ground of rejection necessitated by Applicant's amendment.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 1-3, 6-7, 10-12, 15-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable Roth et al. (US 20150341368) in view of King (US 20130007837).

With respect to claims 1, 10 and 19, Roth teaches a method, comprising:
receiving, with a computing system and from a user, a request to access at least one network-accessible resource associated with a customer of a service provider (Roth, see paragraphs [0014-0015, 0028-0034, 0037] resource provider system can utilize a set of delegation profiles that can be created, selected, or applied for one or more accounts of at least one customer, where each customer has at least some level of access to one or more resources managed and/or offered by the system. In operation 303, once the external service receives the reference to the delegation profile, it can submit a request for credentials to perform actions in the account. For example, the external service may submit the request to a security token service and the request may indicate the delegation profile. Paragraphs [0047, 0054-0055] further discloses a request can be received 506 from an end user for access to at least a portion of the customer's resources in the multi-tenant environment. The multi-tenant environment can verify 508 criteria in the received request and use the criteria to obtain 510 identity attributes for the end user from the identity provider), 
the user being unassociated and unrelated with the customer (Roth, see paragraphs [0015, 0054-0055] When a request for access is received from an end user that contains identifying information from a third party identity service, it can be necessary to determine the appropriate customer account to which to provide access for the specific request, it can be necessary to determine which application is associated with the request, and which customer is associated with that application, in order to determine which permissions to provide so the application can only access resources for the respective customer. A request might be received that is not associated (i.e. equivalent 
identifying, with the computing system, at least one of a user identification associated with the user, a company represented by the user, or a class of user associated with the user (Roth, see paragraphs [0015-0016] The determination can include, for example, performing a lookup based at least in part upon one or more aspects of the request and/or based at least in part upon one or more aspects of the end user. In some embodiments, the end user can be identified by a security service or federation provider indicated by the delegation profile.  The delegation profile can include a reference to a security service or other authority that is capable of identifying the users, or types of users, for which that delegation profile should be utilized. Paragraph [0054] requests include an identification of the appropriate delegation profile to use. When the delegation profile is not identified, the system must determine the appropriate profile to use based on other information in, or associated with, the request);
determining, with the computing system, whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource (Roth, see paragraphs [0015-0017, 0020] the permissions can be determined in accordance with one or more rules that map attributes asserted by the security service or other authority to one or more permissions elements. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. A customer 124 of the resource provider environment 102 can obtain an account with the resource provider environment, enabling the customer 124 to access one or more of the secured resources 104 across at least one appropriate network 114. The customer in some embodiments can utilize these resources to support applications and services that might be utilized by one or more external entities 116, such as end users of those applications and services), 
based at least in part on the identified at least one of the user identification associated with the user, the company represented by the user, or the class of user associated with the user (Roth, see based at least in part upon one or more aspects of the request and/or based at least in part upon one or more aspects of the end user. The end user can be identified by a security service or federation provider indicated by the delegation profile. The delegation profile can include a reference to a security service or other authority that is capable of identifying the users, or types of users, for which that delegation profile should be utilized. The permissions can be determined in accordance with one or more rules that map attributes asserted by the security service or other authority to one or more permissions elements);
based on a determination that the at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource (Roth, see paragraph [0015] once a delegation profile has been created and assigned to a customer account, permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s). … an end user can submit a request for credentials to an identity service, such as a security token service, where the request includes a reference to the delegation profile. The security token service can verify whether the end user is one of the security principals that were specified in the validation policy of the delegation profile. If the user was specified as a security principal, the security token service can provide the end user with a set of credentials. These credentials enable requests to be made within the security context of the delegation profile in the account, subject to the permissions that were specified in the authorization policy ), 
providing, with the computing system, the user with access to the at least one network-accessible resource associated with the customer(Roth, see paragraph [0016] a delegation profile can be created or otherwise obtained, and associated with an account for a customer of a service provider environment or system. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. The delegation profile thus encapsulates the grant of permission to a particular entity or set of entities 
based at least in part on configuration settings provided by the customer (Roth, see paragraphs [0014-0015, 0020-0021, 0025] a customer of the resource provider system might specify one or more policies, rules, or other criteria that can be evaluated to determine which delegation profile to apply to a specific principal (I.e. equivalent to  user or customer), or to a request from that principal, etc. Once a delegation profile has been created and assigned to a customer account (i.e. configuration settings created by customer), permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s) (based on configuration settings created by customer access to resource is enabled). Thereafter, the customer can use the delegation profile by providing references to the delegation profile to external entities, such as end users or external services, or the customer can provide policies or rules that can be used to determine that the profile should be used for those end users or services. …one or more delegation profiles can be selected and/or dynamically determined to enable a customer to delegate permissions to one or more end user devices or other external entities); and
based on a determination that the at least one resource record associated with the customer indicates that the user does not have permission to access the at least one network-accessible resource, denying, to the user, access to the at least one network-accessible resource associated with the customer (Roth, see paragraphs [0047] requesting the information from the identity provider or examining a cryptographic token (i.e. equivalent identification) included with the request, among other such options. The attributes can be used to verify that the user identity information is correct and signed by the identity provider. A determination can be made 512 as to whether the information matches. If not, the request can be denied 514. If the information matches or the user is otherwise authenticated, one or more delegation profiles 516 can be determined based at least in part upon the information for the user, the customer account for the resources to be used in providing access, and other such information. One or more access credentials then can be issued 518 to the end user, where those credentials are scoped by the determined delegation policy or other permissions that were previously expressed by the customer to apply to the type of request),

providing, with a host computing system, the user with access and control of a wireless service set identifier ("SSID") for the at least one network-accessible resource, the wireless SSID having been previously setup by the customer as enabled by the host computing system, wherein the wireless SSID enables the user to access and control the at least one network-accessible resource.
However, King discloses wherein providing, with the computing system, the user with access to the at least one network-accessible resource associated with the customer comprises:
providing, with a host computing system, the user with access and control of a wireless service set identifier ("SSID") for the at least one network-accessible resource(King, see paragraph [0081-0082] the information inputted by the customer can be received by the security server over the Internet (e.g., using protocols such as TCP, HTTP, HTTPS and like). As shown in FIG. 3A, the screen 300 can provide for selecting whether or not authorized WiFi network is present at a particular location in customer premises (301 and 302). If the authorized WiFi is present, the screen can provide for inputting SSID of the authorized WiFi network (303). One or more SSIDs can be inputted. In this embodiment, the screen 320 provides for inputting information associated with settings of APs associated with the authorized SSID, such as for example whether the SSID is for guest connectivity (304) which can then be treated differently from other SSIDs which are for authorized access for users within the organization, wireless security settings protocol (305), wireless authentication framework (306), wireless encryption protocol (307), 802.11 physical layer protocol (308), additional AP capabilities (309), authentication types (310), the networks to which the AP is allowed to connect wireless traffic to (311), vendor information (312) etc.) , 
the wireless SSID having been previously setup by the customer as enabled by the host computing system, wherein the wireless SSID enables the user to access and control the at least one network-accessible resource (King, see paragraph [0081-0082] the information associated with the authorized wireless network provided by the customer can advantageously facilitate detecting authorized and unauthorized wireless activity. It can also help detect certain wireless vulnerabilities. Certain network name called as SSID (Service Set Identifier) is used to identify a WiFi wireless network (i.e. equivalent to The information associated with the authorized wireless network can include a list of SSIDs that are used in the authorized wireless network. When the sniffer detects an AP that is using SSID outside this list, it can identify the AP to be unauthorized AP. FIG. 18 and paragraphs [0156, 0160] further discloses  1810 illustrated in FIG. 18 can facilitate setting up (or modifying previously set up) groups and/or setting up (or modifying previously set up) wireless security policies for the groups. FIG. 18, item 1818 can indicate a wireless security policy comprising blocking wireless connection to non-allowed APs. For example, a list of allowed APs can be provided in window 1818A. An allowed AP can be identified using its MAC address (e.g., wireless MAC address also called as BSSID/Basic Service Set Identifier). Alternatively, a group of APs (e.g., having different BSSIDs) can be identified via their common SSID/Service Set Identifier (i.e. equivalent to the wireless SSID having been previously setup). Yet alternatively, an allowed AP can be identified by specifying both its SSID and its BSSID).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine with the teaching Roth with the teaching of King provides for the security server to be hosted by a service provider entity, which is separate from a customer entity which owns/operates/uses wireless devices for which wireless vulnerability management and also, to provide the method for facilitating a wireless service set identifier ("SSID") for the at least one network-accessible resource by creating Wi-Fi WVNO function and enables the user to access and control. In doing so, can reduce overhead of deployment and operation of the wireless vulnerability management system for the customer entities. By providing for subscription based model for wireless vulnerability management, entry cost is reduced for the customer entities, where the combination of elements according to known methods would yield a predictable result (King, see paragraph [0017). 

With respect to claims 2, 11 and 20, Roth-King teaches the method, wherein the computing system comprises one of a gateway device, an Internet of things ("IoT") gateway device, a host device, a host computing system, a host server system, a customer resource use as a service ("CRUaaS") platform, a server computer over a network, a cloud-based computing system over a network, a cloud infrastructure as a service ("IaaS") platform, or a distributed computing system (Roth, see FIG. 7 and tenant federation gateway is included that can provide a of DNS endpoints, the system can provide full disambiguation. The handling of all requests and responses, as well as the delivery of content between the client device 702 and the application server 708, can be handled by the Web server 706. It should be understood that the Web and application servers are not required and are merely example components, as structured code discussed herein can be executed on any appropriate device or host machine).

With respect to claims 3 and 12, Roth-King teaches the method, wherein the at least one network-accessible resource associated with the customer each comprises one or more of at least one network resource, at least one edge network resource, at least one compute resource, at least one data storage resource, at least one telemetry resource, at least one Internet of things ("IoT") resource, at least one network-accessible household resource, at least one customer premises security resource, at least one wireless device resource, at least one microservice resource, or at least one customer record resource (Roth, see paragraphs [0016, 0019] a delegation profile can be created or otherwise obtained, and associated with an account for a customer of a service provider environment or system. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. The delegation profile thus encapsulates the grant of permission to a particular entity or set of entities (e.g., end users) to perform actions on the resources of the account while operating under the credentials of the delegation profile. This grant may span across multiple accounts of the service provider. In addition, the delegation profile may be used in a single service provider or between multiple service providers. The delegation profile can be used to delegate permissions between a plurality of services that are components of a distributed system). 

With respect to claims 6 and 15 , Roth-King teaches the method, further comprising:
for adding or removing resources to the customer's account 201 depending on demand for compute or storage capacity. When the customer of a service provider needs more computing resources due to an increase in traffic or workload, the automatic scaling service may automatically add compute instances to meet the traffic demand).

With respect to claims 7 and 16, Roth-King teaches the method, further comprising:
providing, with the computing system, a user interface that provides the customer of the service provider with at least one of:
options to set, modify, or update the at least one resource record associated with the customer;
options to set, modify, or update the use permissions for the one or more resources associated with the customer(Roth, see paragraph [0025] an administrator 200 of a customer's account 201 may create a delegation profile named "profile1" with a validation policy that grants access (i.e. permission to resources) to an automatic scaling service (i.e. security principal) to assume the delegation profile. By way of example, the scaling service may be responsible for adding or removing resources to the customer's account 201 depending on demand for compute or storage capacity (i.e. modify or update the resource). When the customer of a service provider needs more computing resources due to an increase in traffic or workload, the automatic scaling service may automatically add compute instances to meet the traffic demand);
options to set, modify, or update privacy settings associated with services provided to the customer;
options to select any information brokers or agents with whom to share information and amount of information to share; 


4-5 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable Roth et al. (US 20150341368) in view of King (US 20130007837) further in view of Bugenhagen et al. (US 20170026472).

With respect to claims 4 and 13, Roth-King teaches the method, yet fails to explicitly disclose wherein the at least one edge network resource comprises one or more of at least one agricultural device, at least one healthcare device, at least one vehicle, at least one home appliance, at least one office device, at least one entertainment device, at least one surveillance device, at least one lighting device, at least one gas-operated device, at least one solar-powered device, at least one battery-powered device, or at least one building system.
However, Bugenhagen discloses wherein the at least one edge network resource comprises one or more of at least one agricultural device, at least one healthcare device, at least one vehicle, at least one home appliance, at least one office device, at least one entertainment device, at least one surveillance device, at least one lighting device, at least one gas-operated device, at least one solar-powered device, at least one battery-powered device, or at least one building system (Bugenhagen, paragraph [0044] the plurality of user devices might comprise one or more of a desktop computer, a laptop computer, a tablet computer, a smart phone, a mobile phone, a personal digital assistant, a printer, a scanner, a data storage device, a network access point (“NAP”), a television, a set-top box, an image capture device, an image projection device, a video capture device, a video projection device, a watch, a clock, a gaming console, a thermostat, a kitchen appliance, a medical device, a vehicle, a speaker, an audio headset, a telephone system, a media recording device, a media playback device, a lighting system, a sensing device, a door locking system, a customer premises security control system, a window locking system, a window covering system, or a sprinkler system, and/or the like. The customer premises might comprise at least one of an Internet of things (“IoT”) local 
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine with the teaching Roth-King with the teaching of Bugenhagen to provide the method for implementing customer-based Internet of Things (IoT)-transparent privacy functionality on a user device. The method enables providing robust and scalable solutions for implementing IoT functionality, where the combination of elements according to known methods would yield a predictable result (Bugenhagen, see paragraphs [0008-0009).

With respect to claims 5 and 14, Roth-	King-Bugenhagen teaches the method, wherein one or more of the at least one telemetry resource or the at least one customer record resource comprises one or more of at least one datastore containing state information associated with the at least one network-accessible resource, at least one datastore containing metrics data associated with the at least one network-accessible resource, or at least one datastore containing one or more attributes associated with the at least one network-accessible resource (Roth, see paragraphs [0051, 0059] The rules engine might also be operable to manipulate other resources in the course of making that determination, such as reading or writing information to a data store for purposes such as quota maintenance or mapping updates, etc. In some embodiments a new identifier can be associated with an entity that has not previously been encountered, and the identifier can be an additional output of an example mapping process. The output thus can include at least a credential that allows the end user to access at least a portion of the customer allocated resources, the permissions that define what the end user can do with that access, and optionally some metadata that goes back to the customer or is stored by the resources. At least one application server 708 and a data store 710. It should be understood that there can be several application servers, layers or other elements, processes or components, which may be chained or otherwise configured, which can interact to perform tasks such as obtaining data from an appropriate data store. As used herein the term "data store" refers to any device or combination of devices capable of storing, accessing and retrieving data, which may include any combination and data storage devices and data storage media, in any standard, distributed or clustered environment).
Claims 8 and 17 (Canceled).
Claims 9 and 18 (Canceled).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. This includes: 
PG. Pub. US 20160180345 Wireless Device I.e. Communication Device, For Various Business, Has Transceiver For Receiving Venue Response In Response To Transmitted Venue Query, Where Response Comprises Access Network Query Protocol Providing Transceiver. 
PG. Pub. US 2008/0316982 Method For Managing Wireless Access Point (AP) Infrastructure In Wireless Local Area Network (WLAN), Involves Selecting Wireless AP Associated With Client Device To Provide Client Device With Wireless Connection To WLAN.
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH KASSA whose telephone number is (571)270-0567.  The examiner can normally be reached on Monday -Friday 9 AM -6 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 517-272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 




01/22/2022

/ELIZABETH KASSA/Examiner, Art Unit 2457 
                                                                                                                                                                                                       /YVES DALENCOURT/Primary Examiner, Art Unit 2457