Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims filed on 04/12/2022 has been acknowledged. Claims 1-10 and 12-19 are currently pending and have been considered below. Claims 1 and 12 have been amended. Claim 1 and 12 are independent claim. No claims are added new. Claim 11 and 20 have been cancelled.

Remarks and Response 
Applicant’s arguments filed in the amendments on 04/12/2021 have been fully considered but are moot in view of new grounds of rejection.

Response to Arguments
On pages 10-13 of the remarks, applicant argued that Abraham does not teach claim 11. Applicant argued that none of the paragraphs of Abraham, ¶[0026] - ¶[0027], ¶[0033] teaches the limitation.
Examiner respectfully disagrees. The claim recites 
wherein the wireless network comprises:
i) a group owner and a group client (GO/GC) peer-to-peer (P2P) wireless network, 
ii) a Wireless Distribution System (WDS) and Mesh wireless network based on the IEEE 802.11 standard, or
iii) a Protected Management Frames (PMF) Broadcast Integrity Protocol (BIP) wireless network based on the IEEE 802.11 standard.
Here the limitations i, ii and iii are in alternate form. Abraham, ¶[0033] teaches limitation i. The wireless communication system 100 may not have a central AP 104, but rather may function as a peer-to peer network between the STAs 106. Accordingly, the functions of the AP 104 described herein may alternatively be performed by one or more of the STAs 106. Ordinary skill in the art knows that in peer-to-peer network, there is no central server. Instead all the computers in the network have equivalent capabilities. Client–server networking involves a central, powerful computer called a server, and a number of client computers that need to connect to the server to carry out specific tasks. Here AP 104 may be client and one of the STAs can act as server or vice versa.

For the entire above reasons examiner maintains the rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-10, 12-19 are rejected under 35 U.S.C. 103 as being unpatentable over Abraham (US Patent Application Publication No 2014/0351932 A1) in view of Meier (US Patent Application No 2004/0103282 A1). 

Regarding Claim 1, Abraham discloses a method, comprising:
establishing, by a processor of a first network device, a wireless communication with a second network device in a basic service set (BSS) of a wireless network (Abraham, ¶[0043], to send multicast or broadcast frames from the AP to a number of STAs simultaneously. In a classroom setting, it may be desirable for a teacher to send broadcast  packets to all students at once as each student may require the same instructions or materials from the teacher);
detecting, by the processor, a broadcast or multicast attack in the wireless network (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs); 
wherein the wireless network comprises:
i) a group owner and a group client (GO/GC) peer-to-peer (P2P) wireless network (Abraham, ¶[0033], the wireless communication system 100 may not have a central AP 104, but rather may function as a peer-to peer network between the STAs 106. Accordingly, the functions of the AP 104 described herein may alternatively be performed by one or more of the STAs 106. Ordinary skill in the art knows that in peer-to-peer network, there is no central server. Instead all the computers in the network have equivalent capabilities. Here AP 104 may be client and one of the STAs can act as server or vice versa. Also ¶[0026] - ¶[0027]), 
ii) a Wireless Distribution System (WDS) and Mesh wireless network based on the IEEE 802.11 standard (claim is in alternate form), or
iii) a Protected Management Frames (PMF) Broadcast Integrity Protocol (BIP) wireless network based on the IEEE 802.11 standard (claim is in alternate form).
Abraham does not explicitly discuss the following limitation that Meier teaches:
notifying, by the processor, the second network device of the attack with a pairwise key encrypted frame (Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message); and
triggering each network device in the BSS, includinq the second network device, to perform a replay counter renew process such that the broadcast or multicast attack by one of a plurality of network devices in the BSS is detected upon relay detection (Meier, ¶[0102], the counter used to protect PTK key refreshes from replay attacks. ¶[0231], EAPOL key message counter is used to protect from message replays. ¶[0263], the SCM prevents replay of a fast re-association request by caching the last RN used by the client, and rejecting any request for which the RN is less than or equal to the cached last RN. ¶[0884], a replay counter used to keep state of the rekeys for the link between SID and DID). 
Abraham in view of Meier are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “encryption attack and security problems in wireless network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Abraham in view of Meier to include the idea of preventing the key cracking in wireless network to improve the security of the wireless system.

Regarding claim 2, Abraham in view of Meier discloses the method of Claim 1, wherein the wireless communication is Counter Mode Cipher Block Chaining Message Authentication Protocol (CCMP) or Temporal Key Integrity Protocol (TKIP) enabled (Abraham, ¶[0010], determining the message integrity check value may include determining a message integrity check value based on one or more of a frame header of the multicast packet, data in the multicast packet, the indication of one of the plurality of devices and a pairwise transient key and pseudo random noise sequence number in a counter mode cipher block chaining message authentication code protocol header of the multicast packet. ¶[0056], the digital signature may also be based upon a sequence number in the counter mode cipher block chaining message authentication code protocol. Also Meier, ¶[0283]- ¶[0284], PTKs are derived by use of a one way hash function, where Len=384 for WRAP or CCMP , 512 for TKIP).

Regarding claim 3, Abraham in view of Meier discloses the method of Claim 1, wherein the BSS of the wireless network comprises a Wi-Fi BSS based on an Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, wherein the first network device comprises a station in the BSS, and wherein the second network device comprises an access point (AP) associated with the BSS (Abraham, ¶[0033], the AP may act as a base station and provide wireless communication coverage in a basic service area (BSA). The AP along with the STAs associated with the AP and that use the AP for communication may be referred to as a basic service set (BSS). ¶[0043], there is also a number of other settings in which broadcast or multicast packets may be desirable in a WLAN network, such as an IEEE 802.11 protocol network. Also ¶[0026] - ¶[0027]. Meier, ¶[0053], a BSS is the set of 802.11 stations associated with a single 802.11 AP. A logical “BSS port” in an AP is used to access stations in the BSS).

Regarding claim 4, Abraham in view of Meier discloses the method of Claim 1, wherein the BSS of the wireless network comprises a Wi-Fi based on an Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, wherein the first network device comprises an access point (AP) associated with the BSS, and wherein the second network device comprises a station in the BSS (Abraham, ¶[0033], the AP may act as a base station and provide wireless communication coverage in a basic service area (BSA). The AP along with the STAs associated with the AP and that use the AP for communication may be referred to as a basic service set (BSS). ¶[0043], there is also a number of other settings in which broadcast or multicast packets may be desirable in a WLAN network, such as an IEEE 802.11 protocol network. Also ¶[0026] - ¶[0027]. Meier, ¶[0053], a BSS is the set of 802.11 stations associated with a single 802.11 AP. A logical “BSS port” in an AP is used to access stations in the BSS). 

Regarding Claim 5, Abraham in view of Meier discloses the method of Claim 4, further comprising: 
enabling, by the processor, receiving of broadcast or multicast frames in the BSS with a basic service set identifier (BSSID) equal to a media access control (MAC) address of the AP (Meier, Fig-5, WLCCP node identifier: AP’s MAC address (e.g. BSSID). ¶[0252], BSSID is the AP’s MAC address).

Regarding Claim 6, Abraham in view of Meier discloses the method of Claim 4, further comprising: triggering, by the processor, each station in the BSS to perform a group key rekey negotiation such that the broadcast or multicast attack is prevented upon completion of the group key rekey negotiation (Abraham, ¶[0046] - ¶[0047], the frame body may include a CCMP header, a data length, encrypted data, a group temporal key based (GTK-based) MIC and two or more AID or MAC addresses and MICs. Also Meier, ¶[0102], the counter used to protect PTK key refreshes from replay attacks. ¶[0231], EAPOL key message counter is used to protect from message replays. ¶[0263], the SCM prevents replay of a fast re-association request by caching the last RN used by the client, and rejecting any request for which the RN is less than or equal to the cached last RN).

Regarding Claim 7, Abraham in view of Meier discloses the method of Claim 4, further comprising: 
determining, by the processor, which station of a plurality of stations in the BSS as an attacking device that initiated the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message); and 
based on a result of the determining: 
disconnecting, by the processor, the attacking device from the BSS (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message); and 
rejecting, by the processor, the attacking device from the BSS (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message).

Regarding Claim 8, Abraham in view of Meier discloses the method of Claim 7, wherein the determining of which station of the plurality of stations in the BSS as the attacking device that initiated the broadcast or multicast attack comprises determining which station of the plurality of stations in the BSS as the attacking device by using a group key rekey negotiation to uncover one or more stations of the plurality of stations as one or more attacking devices (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message).

Regarding Claim 9, Abraham in view of Meier discloses the method of Claim 4, further comprising: 
notifying, by the processor, a network manager with a specific frame to indicate occurrence of the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs). 

Regarding Claim 10, Abraham in view of Meier discloses the method of Claim 4, further comprising: 
notifying, by the processor, a network manager with a specific frame to indicate (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs): 
one or more stations in the BSS have been uncovered as one or more attacking devices that initiated the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs), and 
that the one or more attacking devices have been disconnected (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs).  

Regarding Claim 12, Abraham discloses an apparatus, comprising: 
a transceiver capable of establishing, as a first network device, a wireless communication with a second network device in a wireless network (Abraham, ¶[0043], to send multicast or broadcast frames from the AP to a number of STAs simultaneously. In a classroom setting, it may be desirable for a teacher to send broadcast packets to all students at once as each student may require the same instructions or materials from the teacher); and 
a processor coupled to the transceiver, the processor capable of:
detecting a broadcast or multicast attack in the wireless network (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs);
wherein the wireless network comprises:
i) a group owner and a group client (GO/GC) peer-to-peer (P2P) wireless network (Abraham, ¶[0033], the wireless communication system 100 may not have a central AP 104, but rather may function as a peer-to peer network between the STAs 106. Accordingly, the functions of the AP 104 described herein may alternatively be performed by one or more of the STAs 106. Ordinary skill in the art knows that in peer-to-peer network, there is no central server. Instead all the computers in the network have equivalent capabilities. Here AP 104 may be client and one of the STAs can act as server or vice versa. Also ¶[0026] - ¶[0027]), 
ii) a Wireless Distribution System (WDS) and Mesh wireless network based on the IEEE 802.11 standard (claim is in alternate form), or
iii) a Protected Management Frames (PMF) Broadcast Integrity Protocol (BIP) wireless network based on the IEEE 802.11 standard (claim is in alternate form).
Abraham does not explicitly discuss the following limitation that Meier teaches:
notifying the second network device of the attack with a pairwise key encrypted frame (Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message).
triggering each network device in the BSS, includinq the second network device, to perform a replay counter renew process such that the broadcast or multicast attack by one of a plurality of network devices in the BSS is detected upon relay detection (Meier, ¶[0102], the counter used to protect PTK key refreshes from replay attacks. ¶[0231], EAPOL key message counter is used to protect from message replays. ¶[0263], the SCM prevents replay of a fast re-association request by caching the last RN used by the client, and rejecting any request for which the RN is less than or equal to the cached last RN. ¶[0884], a replay counter used to keep state of the rekeys for the link between SID and DID); or 
Abraham in view of Meier are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “encryption attack and security problems in wireless network”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Abraham in view of Meier to include the idea of preventing the key cracking in wireless network to improve the security of the wireless system.

Regarding Claim 13, Abraham in view of Meier discloses the apparatus of Claim 12, wherein the wireless communication is Counter Mode Cipher Block Chaining Message Authentication Protocol (CCMP) or Temporal Key Integrity Protocol (TKIP) enabled (Abraham, ¶[0010], determining the message integrity check value may include determining a message integrity check value based on one or more of a frame header of the multicast packet, data in the multicast packet, the indication of one of the plurality of devices and a pairwise transient key and pseudo random noise sequence number in a counter mode cipher block chaining message authentication code protocol header of the multicast packet. ¶[0056], the digital signature may also be based upon a sequence number in the counter mode cipher block chaining message authentication code protocol. Also Meier, ¶[0283]- ¶[0284], PTKs are derived by use of a one way hash function, where Len=384 for WRAP or CCMP, 512 for TKIP). 

Regarding Claim 14, Abraham in view of Meier discloses the apparatus of Claim 12, wherein the BSS of the wireless network comprises a Wi-Fi (BSS) based on an Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, wherein the first network device comprises a station in the BSS, and wherein the second network device comprises an access point (AP) associated with the BSS (Abraham, ¶[0033], the AP may act as a base station and provide wireless communication coverage in a basic service area (BSA). The AP along with the STAs associated with the AP and that use the AP for communication may be referred to as a basic service set (BSS). ¶[0043], there is also a number of other settings in which broadcast or multicast packets may be desirable in a WLAN network, such as an IEEE 802.11 protocol network. Also ¶[0026] - ¶[0027]. Meier, ¶[0053], a BSS is the set of 802.11 stations associated with a single 802.11 AP. A logical “BSS port” in an AP is used to access stations in the BSS).

Regarding Claim 15, Abraham in view of Meier discloses the apparatus of Claim 12, wherein the BSS of the wireless network comprises a Wi-Fi (BSS) based on an Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, wherein the first network device comprises an access point (AP) associated with the BSS, and wherein the second network device comprises a station in the BSS (Abraham, ¶[0033], the AP may act as a base station and provide wireless communication coverage in a basic service area (BSA). The AP along with the STAs associated with the AP and that use the AP for communication may be referred to as a basic service set (BSS). ¶[0043], there is also a number of other settings in which broadcast or multicast packets may be desirable in a WLAN network, such as an IEEE 802.11 protocol network. Also ¶[0026] - ¶[0027]. Meier, ¶[0053], a BSS is the set of 802.11 stations associated with a single 802.11 AP. A logical “BSS port” in an AP is used to access stations in the BSS).

Regarding claim 16, Abraham in view of Meier discloses the apparatus of Claim 15, wherein the processor is further capable of:
enabling receiving of broadcast or multicast frames in the BSS with a basic service set identifier (BSSID) equal to a media access control (MAC) address of the AP (Meier, Fig-5, WLCCP node identifier: AP’s MAC address (e.g. BSSID). ¶[0252], BSSID is the AP’s MAC address).

Regarding Claim 17, Abraham in view of Meier discloses the apparatus of Claim 15, wherein the processor is further capable of: triggering each station in the BSS to perform a group key rekey negotiation such that the broadcast or multicast attack is prevented upon completion of the group key rekey negotiation (Abraham, ¶[0046] - ¶[0047], the frame body may include a CCMP header, a data length, encrypted data, a group temporal key based (GTK-based) MIC and two or more AID or MAC addresses and MICs. Also Meier, ¶[0102], the counter used to protect PTK key refreshes from replay attacks. ¶[0231], EAPOL key message counter is used to protect from message replays. ¶[0263], the SCM prevents replay of a fast re-association request by caching the last RN used by the client, and rejecting any request for which the RN is less than or equal to the cached last RN).

Regarding Claim 18, Abraham in view of Meier discloses the apparatus of Claim 15, wherein the processor is further capable of:
determining which station of a plurality of stations in the BSS as an attacking device that initiated the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message); and
based on a result of the determining: 
disconnecting the attacking device from the BSS (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message); and 
rejecting the attacking device from the BSS (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message), 
wherein, in determining which station of the plurality of stations in the BSS as the attacking device that initiated the broadcast or multicast attack, the processor is capable of determining which station of the plurality of stations in the BSS as the attacking device by using a group key rekey negotiation to uncover one or more stations of the plurality of stations as one or more attacking devices (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs. Also Meier, ¶[0100], pairwise transient key is used to protect data packets between a mobile node and AP. ¶[0191], the mobile node may derive the pairwise transient key for the new AP once it determines the new BSSID it is roaming to and before the reassociation request is transmitted. ¶[0222], two way handshake is used to rekey the multicast/broadcast keys. The two message handshake is initiated by the AP to deliver the multicast/broadcast keys over the encrypted EAPOL key message. The current pairwise transient key is used to protect these EAPOL key message).

Regarding Claim 19, Abraham in view of Meier discloses the apparatus of Claim 15, wherein the processor is further capable of either or both of: 
notifying a network manager with a first frame to indicate occurrence of the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs); and 
notifying the network manager with a second frame to indicate: 
one or more stations in the BSS have been uncovered as one or more attacking devices that initiated the broadcast or multicast attack (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs),
and that the one or more attacking devices have been disconnected (Abraham, ¶[0044], a STA may masquerade as the AP and send a multicast frame. Such vulnerabilities may exist because a symmetric key is used in current multicast frames which means that STAs that are part of the network may be able to masquerade as the AP in sending a multicast frame and other STAs will not be able to tell the differences between a multicast frame sent by the AP or sent by a STA masquerading as the AP. Such a masquerading STA may be used for Address Resolution Protocol (ARP) poisoning in which a masquerading STA associates its own MAC address with that of the AP in order to intercept data frames from other STAs).

Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433