DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendments filed on February 04, 2022 have been entered.
Claim 20 has been amended.
The previously raised specification objection has been withdrawn for claim 20 in light of the amendment submitted by Applicant on February 04, 2022.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
         Response to Arguments
Applicant’s arguments filed on February 04, 2022 have been fully considered but are moot in view of the new ground(s) of the current rejection.  
















Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 10-13, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Howard et al. (Pub. No. US 2009/0249484), hereinafter Howard, in view of Wyatt et al. (Pub. No. US 2017/0346853), hereinafter Wyatt, and in view of Tewari et al. (Pub. No. US 2016/0315856), hereinafter Tewari.

Claim 1. 	Howard discloses a computer-implemented method of providing a visitor-based communication service via a controller over a wireless communication network, the method comprising:  
		obtaining, via one or more processors, first and second lists of uniform resource identifiers, the first list of uniform resource identifiers to be whitelisted, the first list of uniform resource identifiers corresponding to Hypertext Transfer Protocol (HTTP) requests (Parag. [0006-0007], Parag. [0037], Parag. [0067], Parag. [0070], Parag. [0080], Parag. [0100], and Parag. [0107-0109]; (The art teaches detecting restricted content associated with retrieved content in a sent request (e.g., HTTP request), and contextual information extracted from a URI included in the request used in the detection of restricted content associated with the retrieved content in order to allow or deny access (i.e., using elements within the request to detect access). The art teaches that the network access rules may provide an information store to be accessed by the network access control. The network access rules facility may include databases such as a block list, a black list, an allowed list, a white list, an unacceptable network site database, an acceptable network site database, a network site reputation database, or the like of network access locations that may or may not be accessed by the client facility. Additionally, the network access rules facility may incorporate rule evaluation; the rule evaluation may parse network access requests and apply the parsed information to network access rules. The network access rule facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of websites, controlling instant messenger accesses, or the like. The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))) transmitted by client electronic devices to detect network captivity, and the second list of uniform resource identifiers corresponding to HTTP requests (Parag. [0067], Parag. [0070], Parag. [0080], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI HTTP request should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI.  The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist)));    
receiving, via the one or more processors, via a client electronic device over the wireless communication network (Parag. [0094]), an HTTP request comprising a uniform resource identifier (Parag. [0107], Parag. [0119-0120], and Parag. [0124]; (The art teaches that a client URI request is received; the request is an HTTP request)); 
determining, via the one or more processors, one or more textual characteristics of the received uniform resource identifier (Parag. [0151]; (The art teaches that contextual information are extracted from the URI included in the client request, where the extracted information is a plurality of characters from the URI)); 
		determining, via the one or more processors, whether the received uniform resource identifier is included in the first or the second list of uniform resource identifiers (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI.  The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))); and
based upon the one or more textual characteristics, and further based upon whether the received uniform resource identifier is included in the first or second list of uniform resource identifiers, transmit, via the one or more processors, one or more messages to the client electronic device or to a destination via the Internet, the destination being indicated by the HTTP request received via the client electronic device (Parag. [0108], Parag. [0150], and Parag. [0152]; (The art teaches the contextual information and the retrieved content is provided to a scanning facility to detect restricted content. The art also teaches that if the URI is in the list of restricted URIs with respect to a client request, the client request may be denied. In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI (i.e., destination). The art also teaches that when the access of the URI is blocked, a message is sent to the requesting client)).  
Howard doesn’t explicitly disclose whitelisting by the controller of the visitor-based communication service; the requests are captivity probes, requests are not captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity. 
		However, Wyatt discloses that the requests are captivity probes, requests are not captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity (Parag. [0076]; (The art teaches a probe may be a request or sequence of requests made from AMD 304 (i.e., computing device 200) to a server. In return, AMD 304 receives a response to the probe request. In an embodiment, a Captive Portal probe is performed by AMD 304 by AMD 304 making a network connection from AMD 304 on computing device 200 (the client) to a server to obtain a content response. Probe requests can use various protocols, such as DNS, HTTP, HTTPS, ESMTP, IMAP, POP3, or other protocols. Different protocols may be used to test, or probe, whether there is an active MITM on the network connection. A particular protocol may be used to probe whether there is an active MITM on the network connection that is processing that particular protocol and modifying responses to requests so that the responses differ from what is expected. In the following, a probe operation will be discussed using HTTP or HTTPS, but the method applies to probing using any protocol. Thus, not all probes are Captive Portal probes. The determination of Network Connection State may differ on different platforms. On some platforms, the Network Connection State may be determined by explicit actions taken by AMD 304, or determined by results observed by AMD 304. i.e., it is known in the art that a captive portal is a Web page that the user of a public-access network interacts with before access is granted. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hot spots for Internet users)). 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Wyatt. This would be convenient for detecting and preventing compromise of computing device network connections, including man-in-the-middle attacks (Parag. [0002]). 
		Tewari discloses whitelisting by the controller of the visitor-based communication service (Parag. [0041], Parag. [0047], and Fig. 2; (The art teaches that whitelisting of URLs can be implemented/managed/controlled with a port-based multitenancy router (and/or other router) to allow access to the content behind a set of whitelisted URLs. For example, a Wi-Fi hotspot host device can visit such a whitelisted URL and access its content even when Internet access has not been granted to the host. Walled garden is a term commonly used to describe such a behavior. Whitelisting can be managed and/or controlled with a smart whitelisting proxy (SWP) system. For example, an SWP module (not shown) can be managed and/or controlled in the memory of 310 of routing device 302. The SWP module can analyze a set of URLs. The SWP module can then learn the URLs that a particular URL can itself access. The SWP can then whitelist (and/or otherwise allow access) to all these referenced URLs. For example, SWP module can allow a host device to www.w3c.org even if the rest of the Internet is blocked. Accordingly, can be whitelisted by the SWP module)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard in view of Wyatt to incorporate the teaching of Tewari. This would be convenient  to allow access to the content behind a set of whitelisted URLs (Parag. [0047]).
	
Claim 2. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,   
		Howard further discloses wherein determining the one or more textual characteristics comprises at least one of (1) determining that the received uniform resource identifier is a dynamic uniform resource locator (URL) (Parag. [0007], Parag. [0010], and Parag. [0106]; (The art teaches that the contextual information is extracted from the URI, which is a uniform resource locator (URL). The art teaches that the computing resource requested by the client is be a request for a URI, where URI is a set of characters for identifying a resource in a computing environment; the URI is a Uniform Resource Locator (URL).  A URL is a URI that identifies a website address and also identifies the protocol that can be used to access the address.  For example, the URL http://www.abcd.com identifies the web address of an organization "abcd". The URL also identifies the protocol for accessing the website i.e. HTTP)), or (2) determining that the received uniform resource identifier exceeds a predetermined character count threshold.
Howard doesn’t explicitly disclose wherein transmitting the one or more messages comprises transmitting an HTTP redirect message to the client device, the redirect message redirecting an application of the client electronic device to a service portal of the visitor-based communication service.   
		However, Wyatt discloses wherein transmitting the one or more messages comprises transmitting an HTTP redirect message to the client device, the redirect message redirecting an application of the client electronic device to a service portal of the visitor-based communication service (Parag. [0065]; (The art teaches that a Captive Portal is a provider of networking services, often a Wi-Fi Access Point, that provides only limited networking services until an authentication process takes place and allows wider or unrestricted network access. Wi-Fi APs at hotels or coffee shops or airports are common examples of Captive Portals. Networking requests prior to authentication are blocked or redirected by the Captive Portal to a web “landing page” that permits a user of a device to perform an authentication process. Networks that perform authentication via Captive Portals generally attempt to transparently redirect any HTTP connections to the portal in order to prompt the user to login. Some portals also attempt to redirect HTTPS connections, presenting a self-signed or host-mismatched certificate to the client in an ill-advised attempt to redirect the client)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Wyatt. This would be convenient for detecting and preventing compromise of computing device network connections, including man-in-the-middle attacks (Parag. [0002]). 

Claim 3. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,    
Howard further discloses the computer-implemented method comprising, in response to determining that the received uniform resource identifier is included in the first list of uniform resource identifiers, transmitting the one or more messages to the destination indicated by the received HTTP request (Parag. [0079], Parag. [107-0109], Parag. [0150], and Parag. [0152]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The art teaches that it is decided whether the client request for access to a URI should be allowed or denied based on the restrictions in the policy management facility; if the URI is in the list of restricted URIs with respect to a client request, the client request may be denied. In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI (i.e., destination) (i.e., the request is transmitted to the destination if the request is allowed (e.g., whitelisted)))). 

 Claim 4. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,      
Howard further discloses the computer-implemented method comprising, in response to determining that the received uniform resource identifier is included in the second list of uniform resource identifiers, transmitting the one or more messages to the client electronic device (Para. [0108], Parag. [0150], and Parag. [0152]; (The art also teaches that if the URI is in the list of restricted URIs with respect to a client request, the client request may be denied. The art also teaches that when the access of the URI is blocked (i.e., denied), a message is sent to the requesting client)).  
Howard doesn’t explicitly disclose the one or more messages comprising an HTTP redirection message redirecting an application of the client electronic device to a service portal of the visitor-based communication service. 
		However, Wyatt discloses the one or more messages comprising an HTTP redirection message redirecting an application of the client electronic device to a service portal of the visitor-based communication service (Parag. [0065]; (The art teaches that a Captive Portal is a provider of networking services, often a Wi-Fi Access Point, that provides only limited networking services until an authentication process takes place and allows wider or unrestricted network access. Wi-Fi APs at hotels or coffee shops or airports are common examples of Captive Portals. Networking requests prior to authentication are blocked or redirected by the Captive Portal to a web “landing page” that permits a user of a device to perform an authentication process. Networks that perform authentication via Captive Portals generally attempt to transparently redirect any HTTP connections to the portal in order to prompt the user to login. Some portals also attempt to redirect HTTPS connections, presenting a self-signed or host-mismatched certificate to the client in an ill-advised attempt to redirect the client)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Wyatt. This would be convenient for detecting and preventing compromise of computing device network connections, including man-in-the-middle attacks (Parag. [0002]). 

Claim 10. 	Howard discloses a controller device configured to provide a visitor-based communication service in a wireless communication network, the controller device comprising: 
one or more processors; and one or more memories storing non-transitory computer executable instructions (Parag. [0174]) that, when executed via the one or more processors, cause the controller device to: 
obtain first and second lists of uniform resource identifiers, the first list of uniform resource identifiers to be whitelisted, the first list of uniform resource identifiers corresponding to Hypertext Transfer Protocol (HTTP) requests (Parag. [0006-0007], Parag. [0037], Parag. [0067], Parag. [0070], Parag. [0080], Parag. [0100], and Parag. [0107-0109]; (The art teaches detecting restricted content associated with retrieved content in a sent request (e.g., HTTP request), and contextual information extracted from a URI included in the request used in the detection of restricted content associated with the retrieved content in order to allow or deny access (i.e., using elements within the request to detect access). The art teaches that the network access rules may provide an information store to be accessed by the network access control. The network access rules facility may include databases such as a block list, a black list, an allowed list, a white list, an unacceptable network site database, an acceptable network site database, a network site reputation database, or the like of network access locations that may or may not be accessed by the client facility. Additionally, the network access rules facility may incorporate rule evaluation; the rule evaluation may parse network access requests and apply the parsed information to network access rules. The network access rule facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of websites, controlling instant messenger accesses, or the like. The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))) transmitted by client electronic devices to detect network captivity, and the second list of uniform resource identifiers corresponding to HTTP requests (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI HTTP request should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI.  The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))); 
receive, via a client electronic device over the wireless communication network, an HTTP request comprising a uniform resource identifier (Parag. [0107], Parag. [0119-0120], and Parag. [0124]; (The art teaches that a client URI request is received; the request is an HTTP request));  
determine one or more textual characteristics of the received uniform resource identifier (Parag. [0151]; (The art teaches that contextual information are extracted from the URI included in the client request, where the extracted information is a plurality of characters from the URI));   
determine whether the received uniform resource identifier is included in the first or the second list of uniform resource identifiers (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI. The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))); and  32Attorney Docket No. 32045/54014 
based upon the one or more textual characteristics, and further based upon whether the received uniform resource identifier is included in the first or second list of uniform resource identifiers, transmit one or more messages to the client electronic device or to a destination via the Internet, the destination being indicated by the HTTP request received via the client electronic device (Parag. [0108], Parag. [0150], and Parag. [0152]; (The art teaches the contextual information and the retrieved content is provided to a scanning facility to detect restricted content. The art also teaches that if the URI is in the list of restricted URIs with respect to a client request, the client request may be denied. In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI (i.e., destination). The art also teaches that when the access of the URI is blocked, a message is sent to the requesting client)). 
Howard doesn’t explicitly disclose whitelisting by the controller of the visitor-based communication service; the requests are captivity probes, requests are not HTTP captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity. 
		However, Wyatt discloses the requests are captivity probes, requests are not HTTP captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity (Parag. [0076]; (The art teaches a probe may be a request or sequence of requests made from AMD 304 (i.e., computing device 200) to a server. In return, AMD 304 receives a response to the probe request. In an embodiment, a Captive Portal probe is performed by AMD 304 by AMD 304 making a network connection from AMD 304 on computing device 200 (the client) to a server to obtain a content response. Probe requests can use various protocols, such as DNS, HTTP, HTTPS, ESMTP, IMAP, POP3, or other protocols. Different protocols may be used to test, or probe, whether there is an active MITM on the network connection. A particular protocol may be used to probe whether there is an active MITM on the network connection that is processing that particular protocol and modifying responses to requests so that the responses differ from what is expected. In the following, a probe operation will be discussed using HTTP or HTTPS, but the method applies to probing using any protocol. Thus, not all probes are Captive Portal probes. The determination of Network Connection State may differ on different platforms. On some platforms, the Network Connection State may be determined by explicit actions taken by AMD 304, or determined by results observed by AMD 304. i.e., it is known in the art that a captive portal is a Web page that the user of a public-access network interacts with before access is granted. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hot spots for Internet users)). 
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Wyatt. This would be convenient for detecting and preventing compromise of computing device network connections, including man-in-the-middle attacks (Parag. [0002]).
		Tewari discloses whitelisting by the controller of the visitor-based communication service (Parag. [0041], Parag. [0047], and Fig. 2; (The art teaches that whitelisting of URLs can be implemented/managed/controlled with a port-based multitenancy router (and/or other router) to allow access to the content behind a set of whitelisted URLs. For example, a Wi-Fi hotspot host device can visit such a whitelisted URL and access its content even when Internet access has not been granted to the host. Walled garden is a term commonly used to describe such a behavior. Whitelisting can be managed and/or controlled with a smart whitelisting proxy (SWP) system. For example, an SWP module (not shown) can be managed and/or controlled in the memory of 310 of routing device 302. The SWP module can analyze a set of URLs. The SWP module can then learn the URLs that a particular URL can itself access. The SWP can then whitelist (and/or otherwise allow access) to all these referenced URLs. For example, SWP module can allow a host device to www.w3c.org even if the rest of the Internet is blocked. Accordingly, can be whitelisted by the SWP module)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard in view of Wyatt to incorporate the teaching of Tewari. This would be convenient  to allow access to the content behind a set of whitelisted URLs (Parag. [0047]). 

Claim 11 is taught by Howard in view of Wyatt and Tewari as described for claim 2.

Claim 12 is taught by Howard in view of Wyatt and Tewari as described for claim 3.

Claim 13 is taught by Howard in view of Wyatt and Tewari as described for claim 4.

Claim 19 	Howard discloses one or more non-transitory computer readable media storing non-transitory computer executable instructions that, when executed via the one or more processors (Parag. [0174]) of a controller device providing a visitor-based communication service in a wireless communication network, cause the one or more processors to:  
obtain first and second lists of uniform resource identifiers, the first list of uniform resource identifiers to be whitelisted, the first list of uniform resource identifiers corresponding to Hypertext Transfer Protocol (HTTP) requests (Parag. [0006-0007], Parag. [0037]; (The art teaches detecting restricted content associated with retrieved content in a sent request (e.g., HTTP request), and contextual  information extracted from a URI included in the request used in the detection of restricted content associated with the retrieved content in order to allow or deny access (i.e., using elements within the request to detect access))) transmitted by client electronic devices to detect network captivity of the client electronic devices, and the second list of uniform resource identifiers corresponding to HTTP requests (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI HTTP request should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI.  The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))); 
receive, via a client electronic device over the wireless communication network, an HTTP request comprising a uniform resource identifier (Parag. [0107], Parag. [0119-0120], and Parag. [0124]; (The art teaches that a client URI request is received; the request is an HTTP request));  
determine one or more textual characteristics of the received uniform resource identifier (Parag. [0151]; (The art teaches that contextual information are extracted from the URI included in the client request, where the extracted information is a plurality of characters from the URI));  
determine whether the received uniform resource identifier is included in the first or the second list of uniform resource identifiers (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed. It is decided whether the client request for access to a URI should be allowed or denied based on the restrictions in the policy management facility. If the URI is in the list of restricted URIs with respect to a client request, the client request may be denied.  In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI.  The network access rules facility may have a generic set of rules that may be in support of an enterprise facility's network access policies, such as denying access to certain types of URIs (i.e., the request would be allowed if URI is within the allowed list (or whitelist), and denied if the URI is within block list (or blacklist))); and  
based upon the one or more textual characteristics, and further based upon whether the received uniform resource identifier is included in the first or second list of uniform resource identifiers, transmit one or more messages to the client electronic device or to a destination via the Internet, the destination being indicated by the HTTP request received via the client electronic device (Parag. [0108], Parag. [0150], and Parag. [0152]; (The art teaches the contextual information and the retrieved content is provided to a scanning facility to detect restricted content. The art also teaches that if the URI is in the list of restricted URIs with respect to a client request, the client request may be denied. In another embodiment, the network access rules facility may be used to provide the client in the client facility with access to the requested URI (i.e., destination). The art also teaches that when the access of the URI is blocked, a message is sent to the requesting client)).
Howard doesn’t explicitly disclose whitelisting by the controller of the visitor-based communication service; the requests are captivity probes, requests are not captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity.
		However, Wyatt discloses that the requests are captivity probes, requests are not captivity probes; and the requests are captivity probes automatically transmitted by client electronic devices to detect network captivity (Parag. [0076]; (The art teaches a probe may be a request or sequence of requests made from AMD 304 (i.e., computing device 200) to a server. In return, AMD 304 receives a response to the probe request. In an embodiment, a Captive Portal probe is performed by AMD 304 by AMD 304 making a network connection from AMD 304 on computing device 200 (the client) to a server to obtain a content response. Probe requests can use various protocols, such as DNS, HTTP, HTTPS, ESMTP, IMAP, POP3, or other protocols. Different protocols may be used to test, or probe, whether there is an active MITM on the network connection. A particular protocol may be used to probe whether there is an active MITM on the network connection that is processing that particular protocol and modifying responses to requests so that the responses differ from what is expected. In the following, a probe operation will be discussed using HTTP or HTTPS, but the method applies to probing using any protocol. Thus, not all probes are Captive Portal probes. The determination of Network Connection State may differ on different platforms. On some platforms, the Network Connection State may be determined by explicit actions taken by AMD 304, or determined by results observed by AMD 304. i.e., it is known in the art that a captive portal is a Web page that the user of a public-access network interacts with before access is granted. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hot spots for Internet users)). 
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Wyatt. This would be convenient for detecting and preventing compromise of computing device network connections, including man-in-the-middle attacks (Parag. [0002]).  
		Tewari discloses whitelisting by the controller of the visitor-based communication service (Parag. [0041], Parag. [0047], and Fig. 2; (The art teaches that whitelisting of URLs can be implemented/managed/controlled with a port-based multitenancy router (and/or other router) to allow access to the content behind a set of whitelisted URLs. For example, a Wi-Fi hotspot host device can visit such a whitelisted URL and access its content even when Internet access has not been granted to the host. Walled garden is a term commonly used to describe such a behavior. Whitelisting can be managed and/or controlled with a smart whitelisting proxy (SWP) system. For example, an SWP module (not shown) can be managed and/or controlled in the memory of 310 of routing device 302. The SWP module can analyze a set of URLs. The SWP module can then learn the URLs that a particular URL can itself access. The SWP can then whitelist (and/or otherwise allow access) to all these referenced URLs. For example, SWP module can allow a host device to www.w3c.org even if the rest of the Internet is blocked. Accordingly, can be whitelisted by the SWP module)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard in view of Wyatt to incorporate the teaching of Tewari. This would be convenient  to allow access to the content behind a set of whitelisted URLs (Parag. [0047]).

Claims 5, 6, 14, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Howard et al. (Pub. No. US 2009/0249484), hereinafter Howard; in view of Wyatt et al. (Pub. No. US 2017/0346853), hereinafter Wyatt, in view of Tewari et al. (Pub. No. US 2016/0315856), hereinafter Tewari; and in view of Sivasubramanian et al. (Pub. No. US 2013/0275384), hereinafter Sivasubramanian. 

Claim 5. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,    
The combination doesn’t explicitly disclose the computer-implemented method comprising: in response to determining that the received uniform resource identifier is included in neither the first list nor the second list of uniform resource identifiers, transmitting the one or more messages to the destination indicated by the received HTTP request; receiving a response message via the destination, the response message being responsive to the HTTP request; and in response to determining that the response message exceeds a predetermined size threshold, adding the uniform resource identifier of the received HTTP request to the second list of uniform resource identifiers. 
		However, Sivasubramanian discloses in response to determining that the received uniform resource identifier is included in neither the first list nor the second list of uniform resource identifiers, transmitting the one or more messages to the destination indicated by the received HTTP request; receiving a response message via the destination, the response message being responsive to the HTTP request; and in response to determining that the response message exceeds a predetermined size threshold, adding the uniform resource identifier of the received HTTP request to the second list of uniform resource identifiers (Parag. [0042], Parag. [0057], and Fig. 4; (The art teaches that that for a received unknown URI (i.e., URI is included in neither the first list nor the second list), the URI is stored in a blacklist database in case that a score of an image associated with the URI exceeds a predefined threshold. The art also teaches a database of known URIs that includes a blacklist database. The blacklist database includes a list of URIs predetermined to be associated with known unwanted data (e.g. unsolicited data, such as spam, phish, etc.). Thus, if the decision support system identifies a match between the URI received from the URI extraction library and a URI included in the blacklist database, the decision support system may determine that the URI is unwanted, and thus that the message including the URI is unwanted)). 
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Sivasubramanian. This would be convenient for processing unwanted message in a non-traditional techniques (Parag. [0001-0003]).

Claim 6. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,    
The combination doesn’t explicitly disclose the computer-implemented method comprising: in response to determining that the received uniform resource identifier is included in neither the first list nor the second list of uniform resource identifiers, transmitting the one or more messages to the destination indicated by the received HTTP request; receiving a response message via the destination, the response message being responsive to the HTTP request; and in response to determining that the response message does not exceed a predetermined size threshold, adding the uniform resource identifier of the received HTTP request to the first list of uniform resource identifiers.
		However, Sivasubramanian discloses in response to determining that the received uniform resource identifier is included in neither the first list nor the second list of uniform resource identifiers, transmitting the one or more messages to the destination indicated by the received HTTP request; receiving a response message via the destination, the response message being responsive to the HTTP request; and in response to determining that the response message does not exceed a predetermined size threshold, adding the uniform resource identifier of the received HTTP request to the first list of uniform resource identifiers (Parag. [0041], Parag. [0057], and Fig. 4; (The art teaches that for a received unknown URI (i.e., URI is included in neither the first list nor the second list), the URI is stored in a whitelist database in case that a score of an image associated with the URI doesn’t exceed a predefined threshold. The art also teaches that the database of known URIs includes a whitelist database. The whitelist database includes a list of URIs predetermined to be associated with known wanted data (e.g. data that does not necessarily include solicitations, malware, etc.).  Thus, if the decision support system identifies a match between the URI received from the URI extraction library and a URI included in the whitelist database, the decision support system determines that the URI is wanted, and thus that the message including the URI is wanted)).  
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Sivasubramanian. This would be convenient for processing unwanted message in a non-traditional techniques (Parag. [0001-0003]).
  
Claim 14 is taught by Howard in view of Wyatt, Tewari, and Sivasubramanian as described for claim 5.

		Claim 15 is taught by Howard in view of Wyatt, Tewari, and Sivasubramanian as described for claim 6.

		Claims 7, 8, 16, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Howard et al. (Pub. No. US 2009/0249484), hereinafter Howard; in view of Wyatt et al. (Pub. No. US 2017/0346853), hereinafter Wyatt, in view of Tewari et al. (Pub. No. US 2016/0315856), hereinafter Tewari; and in view of Kanabar et al. (Pub. No. US 2015/0131519), hereinafter Kanabar.

Claim 7. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,  
The combination doesn’t explicitly disclose wherein the wireless communication network is implemented in a cabin of an aircraft.
However, Kanabar discloses wherein the wireless communication network is implemented in a cabin of an aircraft (Fig. 1 “121” On-board communication system). 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Kanabar. This would be convenient to delivering communications to and from devices that are on-board vehicles (i.e., aircraft), and, in particular, to systems and method for facilitating communications between electronic devices via various communication network (Parag. [0004-0006]).
 
Claim 8. 	Howard in view of Wyatt, Tewari, and Kanabar discloses the computer-implemented method of claim 7,   
Howard further discloses wherein obtaining the first and second lists of uniform resource identifiers comprises obtaining the first and second lists of uniform resource identifiers from a database (Parag. [0067], Parag. [0070], Parag. [0100], and Parag. [0107-0109]; (The art teaches that a policy management facility includes a database, a text file, a combination of databases and text files, or the like. The policy database may be a block list, a black list, an allowed list, a white list, or the like that may provide a list of enterprise facility external network locations/applications that may or may not be accessed by the client. The policy management facility includes rules that may be interpreted with respect to an enterprise facility network access request to determine if the request should be allowed or denied)).  
Howard doesn’t explicitly disclose that the database is located in a location external to the aircraft via satellite or air-to-ground communications between the aircraft and the location external to the aircraft.
However, Kanabar discloses that the database is located in a location external to the aircraft via satellite or air-to-ground communications between the aircraft and the location external to the aircraft (Parag. [0011] and Fig. 1; (The art teaches that the communication is done via satellite communication)).
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Howard to incorporate the teaching of Kanabar. This would be convenient to delivering communications to and from devices that are on-board vehicles (i.e., aircraft), and, in particular, to systems and method for facilitating communications between electronic devices via various communication network (Parag. [0004-0006]).

Claim 16 is taught by Howard in view of Wyatt, Tewari, and Kanabar as described for claim 7.  

Claim 17 is taught by Howard in view of Wyatt, Tewari, and Kanabar as described for claim 8.

Claim 20 	Howard in view of Wyatt and Tewari discloses the one or more non-transitory computer readable media of claim 19,  
The combination doesn’t explicitly disclose wherein the one or more processors of the controller device are aboard an aircraft, the controller device operating to implement the visitor-based communication service via the wireless communication network aboard the aircraft.
However, Kanabar discloses wherein the one or more processors of the controller device are aboard an aircraft, the controller device operating to implement a visitor-based communication service via the wireless communication network aboard the aircraft (Fig. 1 “121” On-board communication system of an aircraft). 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Kanabar. This would be convenient to delivering communications to and from devices that are on-board vehicles (i.e., aircraft), and, in particular, to systems and method for facilitating communications between electronic devices via various communication network (Parag. [0004-0006]). 

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Howard et al. (Pub. No. US 2009/0249484), hereinafter Howard; in view of Wyatt et al. (Pub. No. US 2017/0346853), hereinafter Wyatt, in view of Tewari et al. (Pub. No. US 2016/0315856), hereinafter Tewari; and in view of Neuvirth et al. (Pub. No. US 2019/0215330), hereinafter Neuvirth.

Claim 9. 	Howard in view of Wyatt and Tewari discloses the computer-implemented method of claim 1,    
The combination doesn’t explicitly disclose the computer-implemented method comprising: training, via one or more machine learning algorithms, the one or more processors to identify HTTP captivity probes based upon training data sets including the first and second lists of uniform resource identifiers, wherein training the one or more processors produces one or more criteria for identifying captivity probes, the one or more criteria being associated with at least one of HTTP requests or responses to HTTP requests from destinations of the respective HTTP requests. 
However, Neuvirth discloses training, via one or more machine learning algorithms, the one or more processors to identify HTTP captivity probes based upon training data sets including the first and second lists of uniform resource identifiers, wherein training the one or more processors produces one or more criteria for identifying captivity probes, the one or more criteria being associated with at least one of HTTP requests or responses to HTTP requests from destinations of the respective HTTP requests (Parag. [0018], Parag. [0024] and Parag. [0026]; (The art teaches that the server logs, including URIs, are provided to a machine learning (ML) system to train the system to identify sensitive (vulnerable) URIs. The art also teaches that features derived for ML systems can include port scanning patterns. Port scanning is designed to probe a server or host for open ports. Port scanning is done legitimately by administrators to verify security policies of their networks. Once the specified URI on the web site is accessed, the port scanning requestor does not issue requests for other pages but instead attempts to probe for a vulnerability. The art also teaches that many HTTP status code error responses can be used in ML systems)).   
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Neuvirth. This would be convenient to protect a web application from previously-unknown types of attacks based on features extracted at the http level logs of the web server (Parag. [0003]).
  
Claim 18 is taught by Howard in view of Wyatt, Tewari, and Neuvirth as described for claim 9. 






Conclusion
		The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Bar et al. (US 2016/0014660) – Related art in the area related to techniques to access and use mobile applications (or “apps”) on mobile devices, (Parag. [0019], once the mobile device 110 is connected to the WLAN 130, the device 110 may send a standard hypertext transfer protocol (HTTP) request (“standard/public URI HTTP ping request”) to the WLAN 130 at step 204. On the mobile device 110 side, embodiments of the present disclosure may take advantage of a mechanism available in most smartphone operating systems. Each time a smart phone is connected to a WLAN (via a Wi-Fi access point) Android and iOS devices check a standard public URI (for example, http://www.apple.com/library/test/success.html) to detect for a captive portal web browser on the mobile device 110). 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDELBASST TALIOUA whose telephone number is (571)272-4061.  The examiner can normally be reached on Monday-Thursday 7:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.T./Examiner, Art Unit 2442   

/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442