DETAILED ACTION
This Final Office Action is in response to amendment filed on 01/05/2022.
Claims 1, 11 and 18 have been amended. Claims 2-3, 12, 14 and 19 have been cancelled. Claims 1, 4-11, 13, 15-18 and 20 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 03/01/2019 are accepted.

Response to Arguments 
Applicant stated “The Office Action then cites to the Abstract and paragraphs [0003], [0030], [0040] and [0042] of Sather as disclosing the subject matter of claim 2. Applicant respectfully disagrees.”, where the applicant described the distinction between the amended claims limitations and Sather “As noted above, Sather describes first generating the public key and then deriving the UUID, which is the opposite to the claimed subject matter.
With the respect to the above argument and claim amendments, particularly “wherein receiving the request from the client device comprises receiving a user ID and a password from the client device; responsive to the request from the client device… shared keys including a private key and a public key”, examiner agrees that the a new ground(s) of rejection is made under USC 103 in view of the newly found prior art Ho et. al. (US 20040064690 A1), hereinafter Ho, in addition to the previously cited prior arts Salgueiro and Sather. Please see detailed rejection below.
Applicant further stated “Applicant submits that Salgueiro in view of Sather does not teach or suggest the above identified subject matter as recited in amended claim 1. Firstly, the Sather has nothing to do with roaming between access points, instead being directed to establishing trust between devices. Additionally, the cited sections of Sather do not describe the electronic device 402 sends the self-signed certificate including the UUID to a second client (or other electronic device) in a second access by the client that is subsequent to the first access. That is, Sather merely describe deriving a UUID from a public key and sending a self-signed certificate with the UUID to a client 401. Sather does not describe a second access with a second device that includes sending a self-signed certificate.”
Examiner submits that Salgueiro in view of Sather discloses the above argued limitation. Particularly, Salgueiro is relied upon to disclose roaming between access points and subsequent access between access points, where a client device moves back and forth between access points as disclosed in [047-0051], and as further described in the below rejection. Salgueiro further discloses allowing authentication and access based on receiving roaming information from the ledger, as opposed to self-signed certificate from the public key in the client device, by the second access point as self-signed certificate from the public key in the client device as described in the below rejection, where [0042] of Sather teaches the electronic device 402 sending a self-signed certificate, where the public key is extracted and see if it hashes to the UUID of the electronic device 402, and accordingly establishes trust. Examiner submits that Sather discloses the limitation where the self-singed certification and its corresponding public key is used as a mean to establish authentication, trust and accessing data as disclosed in [0045], therefore Salgueiro in view of Sather disclose the aforementioned argued limitations.
Applicant further stated “Additionally, Applicant submits that Salgueiro also fails to teach or suggest the above identified subject matter at least because Salgueiro does not describe a second access point that receives a self-signed certificate from a client device. Furthermore, as shown in FIG. SB (e.g., message flow for roaming of client 502 to another AP 504b), a authentication exchange 526 and re-association exchange 528 occur for a second, subsequent access by the client 502. Salgueiro uses the block creation to, once authenticated, query the WLC 506a for the FSR method data and credentials for client 502. However, authentication is still shown in FIG. 5B to occur.”
Examiner respectfully disagrees. Examiner asserts that Salgueiro further discloses in [0090] that a ledger provides keying material between WLCs, access points, and further discloses in [0047-0051, 0095] that when the device is roaming between APs, the retrieved roaming information and roaming history can be used to authenticate the client across the networks, where the information can be retrieved from the ledger, i.e. new authentication is not required to occur, as drafted in 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4-5, 11, 13, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro in view of Ho et. al. (US 20040064690 A1), hereinafter Ho, and further in view of Sather et. al. (US 20080005562 A1), hereinafter Sather.
	
Regarding claim 1 (Currently Amended), Salgueiro teaches a computer-implemented method (Salgueiro teaches the method for client device 302 roaming between multiple wireless LAN controllers (WLCs) illustrated in Figures 3A-B, [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”), comprising: 
for a first access to a local area network by a client device, receiving, at a first access point in [[a]] the local area network, a request from [[a]] the client device to access a wireless local area network (Salgueiro [0043] “…a device receives data regarding a wireless client attempting to form an association with a particular wireless access point in a network. The device queries a blockchain ledger in a blockchain database for wireless roaming data regarding the wireless client.”, [0073] “client 502 may initiate a probe exchange 512 with AP 504 a in which client 502 sends a probe request to AP 504a and AP 504a returns a probe response.”, [0074] “an authentication exchange 514 may ensue in which client 502 shares authentication information with AP 504a, such as identification information for client 502, etc. After authenticating client 502, an association exchange 528 may ensue between AP 504a and client 502, and this association may be overseen by WLC 506a.”, where the WLC 506a supervising the AP AP504a illustrated in Figures 3A-B, correspond to the first access point, where the first local area network and first access point correspond to client 302 accessing WLC (306a) illustrated in Figures 3 A-B), 
[wherein receiving the request from the client device comprises receiving a user ID and a password from the client device;]
responsive to the request from the client device, creating authentication credentials for the client device based on an identification of the client device 
(Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4”, 
where the information created in the blockchain ledger includes authentication information, keying material, required to perform association and connection between the AP 504a and client 502, as disclosed in [0057], where the created information illustrated in Figure 5 (520) is in response to the probe request illustrated in Figure 5 (512) and disclosed in [0073],  
consistent with the credentials defined e.g. [0039] and in claim 3 of the instant application, where authentication credentials comprise set of shared keys),
wherein creating authentication credentials for the client device comprises generating a set of shared keys [including a private key and a public key] (Salgueiro [0075] “As would be appreciated, subsequent to the authentication and association exchanges 526-528, AP 504a may initiate an Extensible Authentication Protocol (EAP) exchange 530, to leverage the AAA services of RADIUS server 510. During exchange 530, keying information may be generated and shared with client 502. For example, RADIUS server 510 may send a PMK to AP 504a that can be independently derived by client 502. This PMK can then be used to derive another set of keys, PTKs, which are used to secure traffic over an encrypted link between client 502 and AP 504a. The PTKs are derived and installed via a four-way handshake using EAP key frames. In turn, data traffic 534 may be exchanged between client 502 and AP 504a.” further see [0057, 0076) and keys illustrated in Figure 4); 
transmitting the authentication credentials for the client device to a second access point, wherein the first access point and the second access point share a secure block chain application (Salgueiro [0078] “By distributing the header of the root block created in FIG. 5A, WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is queried by WLC 506b transmitted from WLC 506a to the WLC 506b, where the WLC 506b and AP 504b illustrated in Figures 3A-B correspond to the second access point), [0090] “the ledger provides a way to distribute client keying material between WLCs…”, [0076] “keying information such as the MSK or PMK used, or the like. This information from the root block creation, as well as all subsequent block updates, may be shared across all mobility peers of WLC 506a, making both inter-controller as well as intra-controller client roaming possible.”); and 
allowing the client device to roam from the first access point to the second access point without requesting new authentication credentials (Salgueiro discloses in [0046-0051] and Figures 3A-B illustrate client 502 roaming between two access points, [0090] “the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain”, [0095] “in the case in which the client is attempting to re-associate with the AP, the device can use the roaming information from the blockchain ledger to send a re-association response back to the client.…an existing FSR mechanism may also be leveraged in parallel with the blockchain-based roaming mechanism and whichever results in a re-association response faster may be used. In other cases, such as when the device is roaming between APs in separately administered networks (e.g., between different stores in a mall, etc.), the retrieved roaming information can be used to authenticate the client across the networks. Security checks, such as ensuring that the client is not spoofing a MAC address of an existing client, can also be performed using the information from the ledger.”, where the roaming information retrieved from the ledger authenticate the client, i.e. no new authentication credential is requested),
wherein allowing the client device to roam from the first access point to the second access point comprises receiving, at the second access point [from the client device, a self-signed certificate from the public key in the client device] roaming information for a second, subsequent access by the client device (Salgueiro discloses in [0046-0051] and Figures 3A-B illustrate client 502 roaming, back and forth, between two access points, [0090] “the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain”, [0095] “in the case in which the client is attempting to re-associate with the AP, the device can use the roaming information from the blockchain ledger to send a re-association response back to the client.…an existing FSR mechanism may also be leveraged in parallel with the blockchain-based roaming mechanism and whichever results in a re-association response faster may be used. In other cases, such as when the device is roaming between APs in separately administered networks (e.g., between different stores in a mall, etc.), the retrieved roaming information can be used to authenticate the client across the networks. Security checks, such as ensuring that the client is not spoofing a MAC address of an existing client, can also be performed using the information from the ledger.”, where the roaming information retrieved from the ledger authenticate the client, i.e. no new authentication credential is requested, where the roaming information is received by the second access point from the ledger in order to authenticate the client for a subsequent access, [0048] “In FIG. 3B, when client 302 decides to initiate roaming to AP 304b, WLC 306b (or AP 304b) may perform two operations, which may be done in parallel: [0049] 1.) Execute selected roaming validation to move client 302 to a Run state. This process may be driven by the configuration of the service set identifier (SSID) used by AP 304b. [0050] 2.) In parallel, a query may be performed on blockchain database 308 for the Client-AP roaming history of client 302 in a ledger and potentially within a predefined interval. This process is purely ledger driven based on previous successful authentication history.”).
Salgueiro discloses keys generated and shared used to secure traffic over an encrypted link between client and AP. However, Salgueiro does not disclose the below limitations where responsive to the request, which comprises user name and password, create shared keys, which include public and private keys. Emphasis in italic.
Ho discloses wherein receiving the request from the client device comprises receiving a user ID and a password from the client device; responsive to the request from the client device creating authentication credentials, wherein creating authentication credentials for the client device comprises generating a set of shared keys including a private key and a public key (Ho discloses a system of user client, access point and server, where after receiving a user name and password, the server share a public key and private key with the user client through the access point to enable the user client to authenticate received and sent documents, “[0029] A certificate packet is generated from the first port 78 and delivered to access point 72; (The certificate packet comprises the data related to the name and the password of the user at the first the port 78.) [0030] Step 120: The certificate packet is received by the access point 72; [0031] Step 130: [0032] The content of the certificate packet is verified by the identifying module 74 in the access point 72. If the content is legal, the procedure goes to step 140. If the content is illegal, the procedure goes to step 600; (The identification module 74 in the access point 72 will compare the name data in the certificate packet with the contents of the user list 76 one by one for determining if there exists any name data agreeing with the user list. Then the corresponding password data of the searched name data will be verified if the password data agree with those inside the certificate packet. If these verifications are passed, the user at the first port 78 is verified to be the legally registered consumer of the access port 72.) [0033] Step 140: [0034] A verification signal is generated by the identifying module 74 and transmitted to the certificate server 80; [0035] Step 150: [0036] The certificate server 80 creates a pair of crypto-keys according to the first algorithm; (The certificate server 80 creates a pair of crypto-keys according to the generation of the verification signal.) [0037] Step 160: [0038] The certificate server 80 will transmit the pair of crypto-keys from the access point 72 to the first port 78”…“[0047] After the user at the first port 78 obtains the pair of crypto-keys, the user can make use of the public key 85 and the private key 87 within the pair of crypto-keys to encrypt the transmitted document…”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Ho to utilize the above feature, with the motivation of easily providing registered users with the pair of crypto-keys, and easily encrypting documents without the needing of worrying about the access of the document by others through the network system as recognized by (Ho [0015]).
Salgueiro discloses the aforementioned limitations, where subsequent authentication and access is performed based on previously successful authentication history, where the subsequent access is based on the second access point receiving the roaming information from a ledger. However, Salgueiro in view of Ho do not disclose the below limitations. Emphasis in italic.
Sather discloses receiving from the client device, a self-signed certificate from the public key in the client device for a second for subsequent access by the client device (Sather discloses [0042] “At block 418, the client 401 and electronic device 402 may create a secure channel, such as secure sockets library (SSL) over an Internet protocol channel, for further communication.”, where the secure channel created corresponds to establishing a first access, and further/subsequent communication [0042] “The electronic device 402 may send, at block 420, a message including a self-signed certificate that includes the UUID of the electronic device 402, for example, in the subject field. When the client 401 receives the certificate at block 422, the client 401 may determine if the certificate is self-signed. If the certificate is self-signed then the client 401 may extract the public key and see if it hashes to the UUID of the electronic device 402. When the values match, in combination with verifying that the electronic device 402 has the PIN at block 416, then the client 401 may grant trusted status to the electronic device 402.”, where trust enables authentication and data access as disclosed in [0045]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro in view of Ho to incorporate the teaching of Sather to utilize the above feature, with the motivation of 

Claims 11 (Currently Amended) and 18 (Currently Amended) are directed to a system and a non-transitory computer-readable medium, respectively, reciting processor and memory (disclosed by Salgueiro e.g. [0033]) to perform the method in claim 1. The methods in Claims 11 and 18 are similar in scope to claim 1, and are therefore rejected with the same rationale as claim 1 

Regarding claim 4 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, wherein creating authentication credentials for the client device comprises forming a distributed ledger accessible by multiple access points including the first access point and the second access point, and storing the authentication credentials in the distributed ledger (Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504a, as detailed above with respect to FIG. 4.”, where the information created in the blockchain ledger includes authentication information, keys, required to perform association and connection between access point and the client AP 504a and client 502, as disclosed in [0057],
 [0078] “By distributing the header of the root block created in FIG. 5A, 
WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is queried by WLC 506b transmitted from WLC 506a to the WLC 506b, [0090] “the ledger provides a way to distribute client keying material between WLCs…”).

Claim 16 (Original) is directed to a system associated with the method claimed in claim 4. Claim 16 is similar in scope to claim 4, and are therefore rejected with the same rationale and motivation as claim 4. 

 Regarding claim 5 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, wherein transmitting the authentication credentials for the client device comprises transmitting the authentication credentials to multiple access points running the secure block chain application in the wireless local area network (Salgueiro [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”,
[0078] “By distributing the header of the root block created in FIG. 5A, WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is transmitted to the WLC 506b, where the WLC 506b supervising AP 504b illustrated in Figures 3A-B correspond to the second access point, where the system accommodates multiple APs as disclosed [0080-0081] illustrated Figures 6A-B, where the blockchain database accommodates the multiple Aps, [0090] “the ledger provides a way to distribute client keying material between WLCs.”).

Claims 13 (Original) and 20 (Original) directed to a system and a non-transitory computer-readable medium, respectively, associated with the method claimed in claim 5. Claims 13 and 20 are similar in scope to claim 5, and are therefore rejected with the same rationale as claim 5. 
	  
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, Ho et. al. (US 20040064690 A1), hereinafter Ho, Sather et. al. (US 20080005562 A1), hereinafter Sather, and further in view of Kalan et. al. (US 20180167221 A1), hereinafter Kalan.
 
 Regarding claim 6 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, 
While Salgueiro discloses the above limitations, Salgueiro further discloses in [0084] timer mechanism for timing out the blockchain ledger for a client, however, Salgueiro does not disclose the below limitation.
(Kalan discloses in [0083] “…the receiver system receives the self-signed certificate from sender system A. In this example, the self-signed certificate includes a public key A and may also include information indicating a time period during which the self-signed certificate is valid (such as an expiration date or a number of days until the self-signed certificate expires).”, where the time period may include expiration data, which can be the next day, or several days, which are construed as several hours since one day consists of 24 hours).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Kalan to utilize the above feature, with the motivation of setting time period for authentication and encrypting generated secret message using the public key, as recognized by (Kalan [0083-0084]), which enhances security.

Claim 15 (Original) is directed to a system associated with the method claimed in claim 6. Claim 15 is similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 
  
Claims 7-9 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, Ho et. al. (US 20040064690 A1), hereinafter Ho, Sather et. al. (US 20080005562 A1), hereinafter .

Regarding claim 7 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, 
While Salgueiro discloses the above limitations, where authentication keying information, i.e., credentials, in blockchains are shared among different controllers associated with different access points, where a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], however, Salgueiro does not explicitly disclose validation by the secure block chain in access point application. Emphasis in Italic.
Tipton discloses further comprising validating the authentication credentials by the secure block chain application in at least the first access point and in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Tipton to utilize the above feature, with the motivation of managing/controlling/sharing credentials using blockchain fabric, as recognized by (Tipton [0003, 0056]).
  
Claim 17 (Original) is directed to a system associated with the method claimed in claim 7. Claim 17 is similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 8 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, 
(Salgueiro discloses creating records of roaming transactions as illustrated in Figures 6A-B, by carting blocks, child blocks and new blocks).
  While Salgueiro discloses the above limitations, where authentication keying information, i.e., credentials, in blockchains are shared among different controllers associated with different access points, where a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], however, Salgueiro does not explicitly disclose validation by the secure block chain in access point application. Emphasis in Italic.
Tipton discloses validating a transaction with the client device by the secure block chain application in at least the first access point and in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Tipton to utilize the above feature, with the motivation of managing/controlling/sharing credentials using blockchain fabric, as recognized by (Tipton [0003, 0056]).
 
Regarding claim 9 (Original), Salgueiro in view of Ho and Sather teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Salgueiro Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another).
While Salgueiro discloses the above limitations for client device roaming, where authentication keying information, i.e., credentials, in blockchains are shared among a blockchain ledger in the database can be stored on one or more wireless LAN controllers (WLCs) and by external service reachable by the WLCs, where querying keying information from blockchain is subsequent to authentication, as disclosed [0075-0076], allowing roaming by distributing keying information by the blockhead ledger that is also locally stored in WLCs, however, Salgueiro does not explicitly disclose validating the authentication credentials for the client device. Emphasis in Italic.
Tipton discloses allowing the client device to roam comprises validating the authentication credentials for the client device in the second access point (Tipton discloses [0060] “At block 714, the node checks the blockchain ledger using the unique identifier for the WAP, to determine if the owner WAP is in the blockchain ledger. If the owner WAP is not found, access to the WAP is denied and the request fails to return a password (block 716). On the other hand, if owner WAP is found in blockchain, then at block 718, the requester is identified using the provided user ID. If the user ID does not match a user ID stored in the blockchain fabric for access to the requested WAP, then access is denied and the request fails to return a password (block 716). However, if the user ID does match a transaction stored for the WAP, then at block 720, the smart contract is executed between the owner and the requester. The smart contract may check for several conditions, such as social membership of user, location of user, device type of user, trustworthiness of the user, payment from the user, etc. At block 722, if the smart contract is unsuccessful, then access is denied and the request fails to return a password (block 716). However, if the contract execution is successful, at block 724, the node releases the login credentials (e.g., password) in encrypted form to the requester”, where the credentials are validated by the blockchain by performing the above process, where the validation process is performed on all wireless access points (WAPs) submitted for sharing in step 704 of Figure 7).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Tipton to utilize the above feature, with the motivation of managing/controlling/sharing credentials using blockchain fabric, as recognized by (Tipton [0003, 0056]).
 
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, Ho et. al. (US 20040064690 A1), hereinafter Ho, Sather et. al. (US 20080005562 A1), hereinafter Sather, and further in view of, and further in view of Palojarvi. al. (US 20050198306 A1), hereinafter Palojarvi.

Regarding claim 10 (Original), Salgueiro in view of Sather and Ho teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another).
Salgueiro does not teach downloading network policy.
(Palojarvi discloses in [0011] “the VPN client can download at least one VPN policy from the SPD via the physical access point”, [0079] “the VPN client can receive a selection of a VPN policy to associate with the VPN access point”, [0055] “…the VPN client can be capable of installing VPN policies selected from one or more different types of VPN policies, including user-specific certificate policies, generic certificate policies and generic non-certificate policies.”, where the policies include information and key information required for authentication and establishing secure communication as disclosed in [0056], where the policy defines means for establishing connection over the network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Palojarvi to utilize the above feature, with the motivation of defining rules in establishing data connection from applications, as recognized by (Palojarvi [0012]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 





/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497