DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 01/16/2022.
In the instant Amendment, claims 2, 4-5, 7 and 10-16 were cancelled; claims 1, 3, 6 and 8-9 have been amended; and claim 1 is independent claims.  Claims 1, 3, 6 and 8-9 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
The objection to the claims 1-16 is withdrawn as the claims have been amended/canceled.
Claims 9-12 and are no longer interpreted under 35 U.S.C. 112(f) as claims have been amended/canceled.
Applicants’ arguments in the instant Amendment, filed on 01/16/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Bryksa and Hoggan does not disclose receiving the user input command to connect the client device to the communications network at the client device and in response thereto the authentication server apparatus issuing a Change of Authorisation (CoA) signal to a Wireless Local Area Network (WLAN) controller in communication with the authentication server apparatus to disassociate the client device from the network.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Bryksa discloses disclose receiving the user input command to connect the client device to the communications network at the client device and in response thereto the authentication server apparatus issuing a Change of Authorisation (CoA) signal to a Wireless Local Area Network (WLAN) controller in communication with the authentication server apparatus to disassociate the client device from the network (Bryksa: ¶0086 a user follows the instructions to switch to the SSID of the hotel's secure wireless network as provided by an AP 132 at the hotspot. The user disconnects the client device 130 from the SSID for the open wireless network 140 and requests association with the SSID for the secure wireless network 142 as specified in UI screen 300; fig. 1 Open WLAN and Secure WLAN; ¶0054 the login portal 125 [] instructs the user to switch their client device 130 over to the SSID of the hotel's secure wireless network 142). More specifically, Bryksa discloses users are not forced to switch to the SSID of the secure wireless network 142 before being able to browse the Internet. Instead, switching to the SSID of the secure wireless network 142 is an option made available at the hotspot for users that are concerned about security [0115]. Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

Applicant’s arguments: “Bryksa and Hoggan does not disclose wherein the transmitting of the network access credentials includes transmitting from the client device a request to reconnect to the communications network from which the client device had been disassociated by said disassociating the client device from the network.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Bryksa does disclose wherein the transmitting of the network access 2 of 10credentials Bryksa: ¶0110 if the user of a client device 130 that is disconnected from the secure wireless network at this step needs to regain secure access to the hotspot, they must switch their client device 130 to associate with the SSID of the hotspot's open wireless network 140 and perform the login process at the login portal 125 over the open wireless network 140). More specifically, Bryksa discloses at step 704, the login portal 125 performs other tasks while waiting for the predetermined re-login time duration to expire. The purpose of this step is to give the user enough time to re-login [i.e., request to reconnect] at the login portal 125 [0102]. Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

Applicant’s arguments: “Bryksa and Hoggan does not disclose wherein said request to reconnect is made using a same service set identification (SSID) as used to connect the client device to the segregated part of the communications network.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Bryksa does disclose wherein said request to reconnect is made using a same service set identification (SSID) as used to connect the client device to the segregated part of the communications network (Bryksa: fig. 3 step 2 – Secure Internet browsing- UI presented to better secure your internet browsing, please switch your device’s wireless setting to our secure WLAN; SSID: hotel_secure [every time user switches the device’s wireless setting to secure WLAN uses hotel secure SSID]; ¶0071 as illustrated FIG. 3 UI screen 300 generated by the login portal 123 to transmit the user-specific access credential 302 to the client device 130 [] the UI screen 300 is displayed by the client device 130 in a web browser). More specifically, Bryksa discloses when a user follows the instructions to switch to the SSID of the hotel's secure wireless network as provided by an AP 132 at the hotspot. The user disconnects the client device 130 from the SSID for the open wireless network 140 and requests association with the SSID for the secure wireless network 142 as specified in UI screen 300 [0056]. Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

Applicant’s arguments: “Bryksa and Hoggan does not disclose transmitting the network access credentials by the client device to the authentication server apparatus which is responsive thereto to transmit to the client device an access accept message.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Bryksa does disclose transmitting the network access credentials by the client device to the authentication server apparatus which is responsive thereto to transmit to the client device an access accept message (Hoggan: ¶0031 the device may be configured to transmit the credential previously provided by the OSU within the EAP-TLS messaging. The AAA server may compare the received credential with the identifier added by the access point to determine whether any corresponding entry has been created in the relational database, e.g., whether one of the AAA identifiers matches with the identifier included within the EAP-TLS messaging and/or whether one of the credentials in the database matches with the credential included within the EAPTLS messaging. In the event a match occurs, the AAA server may generate a corresponding authentication in Block 90). More specifically, Hoggan discloses that the authority may specific limits or other contains on the granted authentication.  By specifying limits or constraint that acts as an acceptance message based on the credentials being matched, [0031].  Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.  

The amended claims 1, 10 and 15 have been addressed in rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


Claims 1, 3, 6 and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Bryksa et al. (“Bryksa,” US 2017/0164196), published on June 8, 2017, in view of Hoggan (US 2015/0264051), published on September 17, 2015.

Regarding claim 1: Bryksa discloses a method for authenticating a client device in a communications network, including:
providing to the client device temporary network access credentials associated with the communications network and comprising a temporary username and password (Bryksa: ¶0054 the login portal 125 then generates a user-specific access credential [i.e., temporary network access credentials] [] the user-specific access credential is a unique username/password combination that is personalized for the specific guest [i.e., temporary] identified by the login process. The login portal 125 further transmits the user-specific access credential to the user via the encrypted connection (e.g., HTTPS); ¶0066 the access credential should be temporally unique to the user);
transmitting by the client device the temporary network access credentials to an authentication server apparatus for the communications network to enter the temporary network access credentials at a registration page of the communications network (Bryksa: ¶0055 the user [] are prompted to enter a username/password during the authentication process with the APs 132 of the secure wireless network 142. The user utilizes the user-specific access credential received from the login portal 125 and this username/password entered by the user for authentication is received by the APs 132; fig. 3; ¶0072 the UI screen 300 may have text or password input fields at the position of the user-specific access credential 302);
in response to receipt of the temporary network access credentials by the authentication server apparatus, connecting the client device to a segregated part of the communications network for encrypted communications therewith (Bryksa: ¶0055 the Aps 132 query the credential database 123 and verify that the received username/password from the client device 130 correspond to a valid access credential in the credential database 123. When it does, the APs 132 allow the client device to associate with the secure wireless network 142 [i.e., segregated part of the communication network], and the user can thereafter securely browse websites on the Internet 102 over the hotel's secure wireless network 142; ¶0054 the firewall 120 blocks the attempt and causes the web browser on the user's client device 130 to instead establish an encrypted (e.g., HTTPS) connection with the hotel's login portal 125);
transmitting user registration data from the client device to the segregated part of the communications network by said encrypted communications (Bryksa: ¶0051 the secure wireless network 142 employs network-level encryption and requires a received access credential from the client device 130 to match a valid access credential stored in the credential database 123 before allowing that client device 130 to associate with the secure wireless network 142; ¶0058 user-specific access credential [] is encrypted when transmitted via the HTTPS connection established between the client device 130 and the login portal 125);
obtaining network access credentials by the client device from said authentication server apparatus by said encrypted communications (Bryksa: ¶0056 the user is automatically provided with a user-specific access credential via an encrypted communication channel such as an HTTPS connection established with the hotspot's login portal 125 over an open wireless network 140);
after the obtaining of the network access credentials, displaying on the client device a user interface arranged for receiving a user input command to connect the client device to the communications network (Bryksa: ¶0061 display a predetermined login portal 125 of the hotel as provided by the web server 124; ¶0055 they are prompted to enter a username/password [] the user utilizes the user-specific access credential received from the login portal 125 and this username/password entered by the user for authentication);
Bryksa: ¶0086 a user follows the instructions to switch to the SSID of the hotel's secure wireless network as provided by an AP 132 at the hotspot. The user disconnects the client device 130 from the SSID for the open wireless network 140 and requests association with the SSID for the secure wireless network 142 as specified in UI screen 300; fig. 1 Open WLAN and Secure WLAN; ¶0054 the login portal 125 [] instructs the user to switch their client device 130 over to the SSID of the hotel's secure wireless network 142);
wherein the transmitting of the network access 2 of 10credentials includes transmitting from the client device a request to reconnect to the communications network from which the client device had been disassociated by said disassociating the client device from the network (Bryksa: ¶0110 if the user of a client device 130 that is disconnected from the secure wireless network at this step needs to regain secure access to the hotspot, they must switch their client device 130 to associate with the SSID of the hotspot's open wireless network 140 and perform the login process at the login portal 125 over the open wireless network 140), and
wherein said request to reconnect is made using a same service set identification (SSID) as used to connect the client device to the segregated part of the communications network (Bryksa: fig. 3 step 2 – Secure Internet browsing- UI presented to better secure your internet browsing, please switch your device’s wireless setting to our secure WLAN; SSID: hotel_secure [every time user switches the device’s wireless setting to secure WLAN uses hotel secure SSID]; ¶0071 as illustrated FIG. 3 UI screen 300 generated by the login portal 123 to transmit the user-specific access credential 302 to the client device 130 [] the UI screen 300 is displayed by the client device 130 in a web browser).
Bryksa does not explicitly disclose transmitting the network access credentials by the client device to the authentication server apparatus which is responsive thereto to transmit to the client device an access accept message.
However, Hoggan discloses transmitting the network access credentials by the client device to the authentication server apparatus which is responsive thereto to transmit to the client device an access accept message (Hoggan: ¶0031 the device may be configured to transmit the credential previously provided by the OSU within the EAP-TLS messaging. The AAA server may compare the received credential with the identifier added by the access point to determine whether any corresponding entry has been created in the relational database, e.g., whether one of the AAA identifiers matches with the identifier included within the EAP-TLS messaging and/or whether one of the credentials in the database matches with the credential included within the EAPTLS messaging. In the event a match occurs, the AAA server may generate a corresponding authentication in Block 90).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hoggan with the system/method of Bryksa to include transmitting the network access credentials by the client device to the authentication server apparatus which is responsive thereto to transmit to the client device an access accept message.

 
Regarding claim 3: Bryksa in view of Hoggan discloses the method according to claim 1.
Bryksa further discloses wherein, in response to receipt of the temporary network access credentials by the authentication server apparatus, receiving at the client device an access accept transmitted from the authentication server apparatus permitting said connecting the client device to the segregated part of the communications network (Bryksa: ¶0054 the login portal 125 further transmits the user-specific access credential [temporary network access credentials] to the user via the encrypted connection (e.g., HTTPS) and instructs the user to switch their client device 130 over to the SSID of the hotel's secure wireless network 142 [segregated part of the communications network]; ¶0055 when the user switches to the SSID of the secure wireless network 142, they are prompted to enter a username/password during the authentication process with the APs 132 of the secure wireless network 142).  
 
Regarding claim 6: Bryksa in view of Hoggan discloses the method according to claim 1.
Bryksa further discloses wherein the disassociating the client device from the network includes disconnecting the client device from the segregated part of the communications network (Bryksa: ¶0106 at step 708, the login portal 125 sends command(s) to one or more of the APs 132 at the hotspot to disconnect the client device(s) 130 associated with the expired access credential 302 from the secure wireless network 142). 
 
Regarding claim 8: Bryksa in view of Hoggan discloses the method according to claim 3.
Bryksa further discloses, in which said receiving of the replacement network access credentials includes receiving a personalised username and password for accessing the communications network (Bryksa: ¶0054 the user-specific access credential is a unique username/password combination that is personalized for the specific guest identified by the login process).
  
Regarding claim 9: Bryksa in view of Hoggan discloses the method according to claim 1.
Bryksa further discloses a system adapted to allow a client device to access a communications network, the system comprising an authentication server apparatus configured to execute steps performed by the authentication server apparatus according to the method of claim 1, and wherein the client device is configured to execute steps performed by the client device according to the method of claim 1 (Bryksa: ¶0089 at step 606, the RADIUS server 122 determines whether the received access credential is a valid access credential according to information stored in the credential database 123 [] the RADIUS server 122 replies to the AP 132 certifying that the access credential is valid [] the RADIUS server 122 acts as an authentication server; fig 1 item 130 client device; ¶0045 examples of client devices 130 include mobile phones, laptop computers, netbook computers, tablet computers, digital cameras, and any other electronic device that includes wireless communication circuitry).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439                                                                                                                                                                                                        


/KARI L SCHMIDT/Primary Examiner, Art Unit 2439