DETAILED ACTION
1.	Claims 1-6, 8-14, 16-22 and 24 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments
4.1.	Applicant’s arguments filed 11/292021 have been fully considered but they are not persuasive.
4.2.	Applicant’s Response applicant argues, in substance that “..neither Rakshit nor Scewito disclose or suggest “[a] method for preventing a reporting of a compromised connection.” (Claim 1, emphasis added.)….” ; “….Rakshit does not mention captive portal authentication or suggest "suppressing" a report that a connection is compromised…”; “… Rakshit does not suggest the suppression of a report of a certificate mismatch (remark, pages 8-10).
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant’s arguments rely on language solely recited in preamble recitations in claim(s) “method for preventing a reporting of a compromised connection”. When reading the preamble in the context of the entire claim, the recitation “preventing a reporting of a compromised connection” is not limiting because the body of the claim describes a complete invention and the language recited solely in the preamble does not provide any distinct definition of any of the claimed invention’s limitations. (Additionally, last two paragraphs have an optional statement of “or” ). Thus, the preamble of the claim(s) is not considered a limitation and is of no significance to claim construction. See Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305, 51 USPQ2d 1161, 1165 (Fed. Cir. 1999). See MPEP § 2111.02.
 The Examiner respectfully disagrees with Applicant’s arguments; the examiner submits that the combination of Rakshit and Soewito discloses above features. For example, preamble recited a method for preventing a reporting of a compromised connection which is discloses by Rakshit at col 7, lines 20-40 also see .

    PNG
    media_image1.png
    167
    449
    media_image1.png
    Greyscale

Furthermore secondary reference Soewito discloses Captive Portal at  page 5 right col, also see fig.1.


    PNG
    media_image2.png
    183
    342
    media_image2.png
    Greyscale

4.3.	Applicant argues, “…neither Rakshit nor Soewito disclose or suggest “when the security component determines that captive portal authentication is enabled, determining, by the security component, that the report that the connection is compromised is to be suppressed and not prompting the report to be sent,” (remark, pages 10-11).
The Examiner disagrees; the examiner submits that the combination of Rakshit and Soewito discloses above features, for example as describe above Soewito discloses Captive Portal at  page 5 right col, also see fig.1. Furthermore, Rakshit discloses that the report that the connection is compromised is to be suppressed and not prompting the report to be sent (Rakshit at col 7, lines 20-40 also see 2:60-67 to 3:1-10,  6:31-53)

    PNG
    media_image1.png
    167
    449
    media_image1.png
    Greyscale


4.4.	Applicant’s Response applicant argues, in substance that “…Soewito is directed to preventing access, and Rakshit is directed to two- factor validation when acquiring access. Thus, one of skill would not be motivated to combine the teachings of Rakshit and Soewito, and would not have a reasonable expectation of success in any combination”. (remark, pages 11-12).
The Examiner respectfully disagrees with Applicant’s arguments. Rakshit and Soewito both are an analogous arts, it has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention.  See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992).  
Furthermore, The Supreme Court has determined that the conclusion of obviousness can be based on the interrelated teachings of multiple patents, the effects of demands known to the design community or present in the marketplace, and the background knowledge possessed by a person having ordinary skill in the art. KSRInt'l Co. v. TeleflexInc., 550 U.S. 398,416 (2007). The skilled artisan would "be able to fit the teachings of multiple patents together like pieces of a puzzle" since the skilled artisan is "a person of ordinary creativity, not an automaton." Id. at 420-21.  Combining the arts was "uniquely challenging or difficult for one of ordinary skill in the art." Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR at 418). The Examiner's proffered combination of familiar prior art elements according to their established functions (see below) would have conveyed a reasonable expectation 
As suggested by Rakshit, “ In another embodiment, …. that the CA name retrieved from website certificate is not trusted CA 140a, the processing logic would not send any response indicating website's certificate is malicious. ([0047]). Secondary references Soewito discloses Captive Portal Firewalls are used to prevent visitors connect to the internal network. it is blocked by the firewall. When the external user wants to use the Internet, will appear portal with the username and password. So even though visitor can be connected to the internet, but cannot go into internal network, and It would have been obvious to one of ordinary skill in the art at before the effective filing date of the claimed invention, one of ordinary skill will find some teaching “be able to fit the teachings of multiple patents together like pieces of a puzzle" since the skilled artisan is "a person of ordinary creativity, not an automaton” controlling response via captive portal.

Therefore, in view of the above reasons, the rejections are maintained.

Claim Rejections - 35 USC § 103
5.1.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

5.2.	Claims 1-2, 5-6, 9-10, 13-14, 17-18 and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 9077546 issued to Rakshit et al (“Rakshit”) in .

As per claim 1, Rakshit disclose a method for preventing a reporting of a compromised connection, the method comprising: determining, by a security component executing on a processor of a computing device, whether captive portal authentication (3:63-67 to 4:1-11, log-in pages, and in connections utilizing secure protocols, also see 7:30-40).
 	requesting, by the security component, a response from a first server over the connection; determining, by the security component, from the response from the first server that the connection is compromised (5:1-25, communicate with the credential manager 106 that the SSL certificate is malicious… credential manager 106 makes a determination regarding whether the SSL certificate is malicious or not, also see 6:30-45); and
when the security component determines that captive portal authentication is not enabled, prompting, by the security component, a report to be sent that the connection is compromised or when the security component determines that captive portal authentication is enabled, determining, by the security component, that the report that the connection is compromised is to be suppressed and not prompting the report to be sent (2:60-67 to 3:1-10, also see 6:31-53,  7:30-40, If there is a mismatch ( not enable), the SSL certificate is malicious, and the web browser presents an alarm to the user and sends details (report) of such communication to the trusted certificate authority, the 
Rakshit do not explicitly disclose, however in the same field of endeavor, Soewito discloses captive portal authentication is enabled for the computing device for a connection; and a security component (Page 3, left col.  WLAN security used WPA2 enterprise base on PEAP-MS-CHAP and firewall captive portal. Protected Extensible A-uthentication Protocol (PEAP) is a member of the family of Extensible Authentication Protocol (EAP) protocols. Page 5,right col.,  Captive Portal Firewalls are used to prevent visitors connect to the internal network. it is blocked by the firewall. When the external user wants to use the Internet, will appear portal with the username and password. So even though visitor can be connected to the internet, but cannot go into internal network.  also see fig. 1 and associated text, page 1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rakshit with the teaching of Soewito by including the feature of firewall/security, in order for Rakshit’s system to improving  the wireless security, we used two level securities. First we used the integrated firewall with pfSense Captive Portal server as enterprise which requires digital certificates for device recognition process with the authentication server based database together with list of existing accounts in Active Directory (Soewito, page 1).

 As per claim 2, the combination of Rakshit and Soewito discloses the method of claim 1, wherein the indication that the connection is compromised includes: (i) not receiving, by the security component, a response from the first server (Rakshit, 7:33-50, 

As per claim 5, the combination of Rakshit and Soewito discloses the method of claim 1, wherein the determining that the connection is compromised includes determining at least one of: (i)  that services provided by the connection are limited; (ii) that the requesting, by the security component, a response from a known server over the connection was redirected; (iii) that the security component failed to make a pinned network connection to the first server or a second server; (iv) that a self-signed or a host-mismatched certificate was presented to the security component; or (v) that the connection intercepts TLS communications (Rakshit, 4:65-67 to 5:1-20, before trusting an SSL certificate of BankXYZ.com, may communicate with a security manager 150. The security manager 150 interfaces with the CA database 142 to identify the legitimate certificate authority for any particular website. The CA database 142 is configured to maintain entries, as described above, of websites that include certificate attributes (e.g., common name, organization, organizational unit, etc.), certificate is 

As per claim 6, the combination of Rakshit and Soewito discloses the method of claim 1 further comprising: reporting, by the security component, the indication that the connection is compromised to one or more of: a user, an administrator, and a security server (Rakshit 2:60-67 to 3:1-10, also see 6:31-53, ….If there is a mismatch, the SSL certificate is malicious, and the web browser presents an alarm to the user and sends details (report) of such communication to the trusted certificate authority, the website owner…) The motivation regarding the obviousness of claim 1 is also applied to claim 6. 

Claims 9-10, 13-14, 17-18 and 21-22 are rejected for similar reasons as stated above.

5.3.	Claims 3-4, 11-12, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Rakshit and Soewito as applied to claim above, and in view of US Patent Application No. 20120250658 to Eisl et al (“Eisl”).


It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rakshit and Soewito with the teaching of Eisl by including the feature of detecting a change in the connection, in order for Rakshit’s system to overcome the above mentioned problem of possible changes to a connection of device(s) (preferable mobile devices) to a network caused by for example a malicious user or mobile device. In particular, the present invention provides a method, an apparatus and a related computer program product for detecting changes to a connection of mobile device(s) to a network. If changes to the connection, resulting for example from frequent actions without purpose, are detected measures may be applied in order to for example inhibit such frequent actions or inform the user or network operator about it (Eisl, [0011]).

 	As per claim 4, the combination of Rakshit, Soewito and Eisl discloses the method of claim 3, wherein the change includes one or more of: a making of the connection, a change to a protocol of the connection, and a change to a parameter 

Claims 11-12, and 19-20 are rejected for similar reasons as stated above.

5.4.	Claims 8, 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Rakshit and Soewito as applied to claim above, and in view of US Patent Application No. 20100306432 to Juarez et al (“Juarez”) .

As per claim 8, the combination of Rakshit and Soewito discloses the invention as described above. Rakshit and Soewito do not explicitly disclose, however in the same field of endeavor, Juarez discloses the method of claim 1, wherein the requesting a response from a first server over the connection is repeated by the security component with an arbitrary interval between the repeated requests ([0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Rakshit and Soewito with the teaching of Juarez by including the feature of sending request an arbitrary interval, in order for Rakshit’s system to increasing the like hood that the requested resources are available. 

Claims 16 and 24 are rejected for similar reasons as stated above.
as the prior art discloses many of the claim features (See PTO-form 892). 

a.)  U.S. patent application no. 20130305369 to Karta discloses a method for a wireless network. The network includes at least a server and a plurality of computer devices wirelessly connected to the server. At least one of the computer devices is under attack by an `attacker` device. The method provides for detection and reporting of the attack as to the location of the attack. The method includes detecting an attack by one of the computer devices, using a zCore module and transmitting an `attack report` to the server. The report includes at least the attack location. The method also includes notifying at least one of the plurality of computer devices and an external computer device that the network is compromised.

b.)  U.S. patent application no. 20050157662 to Bingham discloses [0144] The host analysis technique is particularly helpful in eliminating or reducing false positives identified in a session analysis. For example, a session may be identified as interactive even if the interactivity arises from an error or other function in the network not associated with a compromise. Such a case may arise, for example, if an instant messenger port is blocked by a network's firewall, and a client connects to web server port 80, which is typically not interactive, to conduct instant messaging sessions. In that case, the particular instant 

c). U.S. patent application no. 20160212139 to Pike discloses  [0049] Additionally, splitting security into security tiers over time does not necessarily prevent the session/connection manager module 152 from running high security all the time. Different sets of security rules may simply be applied during different security tiers 202, 204, 206 and 208. This prevents false positives while also allowing computing resources to be focused on hacked sessions/connections which typically last longer than non -hacked sessions/connections. For example, security tier B 204 may also include a set of rules that applies deep packet inspection, but only if the IP lookup indicates the IP is a suspicious IP.

Conclusion
8.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497