DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
This communication is in response to the claims filed 7/23/2020. 

Status of Claims
Claims 1-20 are pending; of which claims 1-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Kris Kalidindi, Reg. No. 41,461 on 2/25/2022.
	
The application has been amended as follows:

Claim 1. (currently amended)  A method for processing a denial of service (DOS) attack in a wireless local access network (WLAN), the method comprising:
in response to receiving a de-authentication/disassociation (D/D) frame by an access point (AP): [[;]]
determining, by the AP, a state of security association establishment between the AP and a client device;
maintaining a connection between the AP and the client device if the security association is incomplete; and
sending a probe packet from the AP to the client device if security association is complete and the connection between the AP and the client device is in a non-PMF (protected management frames) setting wherein the connection is:
maintained if the client device responds to the probe packet; and
terminated if the client device does not respond to the probe packet.

Claim 11. (Currently Amended)  A non-transitory computer readable storage medium storing instructions that when executed by a processor of a network device, 
in response to reception of a de-authentication/disassociation (D/D) frame:
determine a state of security association establishment between the network device and a client device connected to the network device; 
maintain a connection between the network device and a client device if the security association is incomplete; 
send a probe packet to the client device if security association is complete and the connection between the network device and the client device is in a non-PMF (protected management frames) setting; 
maintain the connection if the client device responds to the probe packet; and 


Claim 17. (Currently Amended)  A network device comprising a processor configured 
in response to reception of a de-authentication/disassociation (D/D) frame:
determine a state of security association establishment between the network device and a client device connected to the network device; 
maintain the connection if the security association is incomplete; 
send a probe packet to the client device if security association is complete and the connection between the network device and the client device is in a non-PMF (protected management frames) setting; 
maintain the connection if the client device responds to the probe packet; and
terminate the connection if the client device does not respond to the probe packet.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
None of the prior arts of record individually or in combination explicitly teach or fairly suggest each and every claimed limitation of the current invention as amended by the applicant, especially the limitations of “in response to receiving a de-authentication/disassociation (D/D) frame by an access point (AP): determining, by the AP, a state of security association establishment between the AP and a client device” and “maintaining a connection between the AP and the client device if the security association is incomplete”, as in claim 1, as well as corresponding subject matter in claims 11 and 17.
e.g. abstract, paragraph 6), including receiving a de-authentication/disassociation frame by an access point (e.g. paragraph 40-41, Fig. 7, wherein a wireless client receives an unsecured disassociation/de-authentication frame; note that while Calhoun refers to the receiving device as the wireless client, the client/server relationship is a matter of perspective), determining, by the AP, a state of security association establishment between the AP and a client device (e.g. paragraph 41, Fig. 7, wherein the wireless client determines if a security state exists), sending a probe packet from the AP to the client device if security association is complete and the connection between the AP and the client device is in a non-PMF setting (e.g. paragraph 18, wherein unsecured 802.11 de-authentication/disassociation frames are acknowledged, i.e. non-PMF; paragraph 41, Fig. 7, if a security state exists, wireless client sends secured verification message (i.e. “probe packet”) which is secured using existing security association) wherein the connection is maintained if the client device responds to the probe packet (e.g. paragraph 41, Fig. 7, wherein receiving a response to the verification message indicates that the wireless access point is currently maintaining the wireless connection and the disassociation/de-authentication request may not be legitimate), and terminated if the client device does not respond to the probe packet (e.g. paragraph 41, Fig. 7, an absence of a response to the verification message indicates that the access point no longer has the session keys required to decrypt/authenticate and process the verification message, and that the disassociation/de-authentication frame was legitimately from the wireless access point; accordingly, if a response to the verification message times out, wireless client processes the connection-terminating message).
However, Calhoun does not explicitly teach nor fairly suggest maintaining the connection between the AP and the client device if the security association is incomplete; rather, Calhoun teaches 
Tang (PGPUB 2008/0022011) teaches a method for detecting an association status between a client and a server (e.g. abstract), in which a receiving module receives a disassociation/de-authentication frame from an attacking device (e.g. paragraph 30), and in response, determines the state of security association between a client and server (e.g. paragraph 31-35).
However, Tang does not explicitly teach nor fairly suggest maintaining the connection between the AP and the client device if the determination indicates the security association is incomplete, or sending a probe packet if the determination indicates the security association is incomplete.
Koga (PGPUB 2009/0300188) teaches a system and method wherein advance notice of a disconnection/de-authentication frame is sent prior to the disconnection/de-authentication frame (e.g. abstract), in order to prevent spoofing and illegal disconnection (e.g. abstract, paragraph 9).  If the disconnection/de-authentication frame arrives within a standby time t after receiving the disconnection notice frame, the disconnection process is executed (e.g. paragraph 62).  Otherwise, the disconnection frame is ignored (e.g. paragraph 70).
However, Koga does not explicitly teach nor fairly suggest, in response to receiving a de-authentication/disassociation frame by the access point, determining, by the AP, the state of security association establishment between the AP and the client device and maintaining the connection between the AP and the client device if the security association is incomplete.
Shukla (US 10,966,277) teaches a system for preventing insider attacks in a wireless network (e.g. abstract), wherein, in response to receiving a broadcast de-authentication/disassociation frame, wireless endpoint devices confirm the authorization of the disconnection event (e.g. col 10 line 43-col 11 line 14) by replying to the event with a null/data frame (e.g. col 10 line 43-col 11 line 14).  If the received broadcast frame is legitimate, the access point would have no association record for the respective e.g. col 11 line 15-38).  If the received de-authentication/disassociation frame is instead sent by an attacker, the access point would have an association record with the respective endpoint, and reply with an ACK frame and not send a further disconnection frame (e.g. col 12 line 4-17).
However, Shukla does not explicitly teach nor fairly suggest, in response to receiving a de-authentication/disassociation frame by the access point, determining, by the AP, the state of security association establishment between the AP and the client device and maintaining the connection between the AP and the client device if the security association is incomplete.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To 





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491