DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on 03/04/2022 has been entered.
Claims 1, 3, 6 and 8 have been amended.
Claims 23-27 have been added.
Claims 1-27 are pending.

Response to Arguments
Applicant's arguments filed 03/04/2022, regarding 35 U.S.C. § 112(b) rejection of the independent claims 1 and 6 have been fully considered and they are persuasive. Therefore, 112(b) rejection of the claims 1 and 6 have been withdrawn. However, applicant's arguments regarding 112(b) rejection of the claims 3 and 8 are not persuasive. Therefore, 112(b) rejection of the claims 3 and 8 will remain.
Applicant's arguments, regarding 35 U.S.C. § 103 rejection of the independent claims 1 and 4 have been fully considered, but they are not persuasive.
Regarding Claim 1, applicant argues that As shown in Fig. 3, Je's request to revoke temporary access in operation S3l5 is based on a main authentication failing in operation S310. Je' s request to revoke temporary access in operation S315 is not based on the access request in operation S301. Thus, Je fails to disclose an authentication device receiving a network permission request packet and receiving a first authentication failure message that is based on authentication failure of the terminal, wherein the authentication failure is based on the network permission request packet. (Applicant Arg./Rem., Pages 13-14)
Examiner respectfully disagrees. Je revokes temporary access (S315), based on Main authentication request (S309) which is the continuation of the Access request ($301) from the terminal forwarded by the Service Access device 110 (see, below Fig. 3). Therefore, skilled artisans will appreciate that the authentication failure is based on the network permission request packet.

    PNG
    media_image1.png
    757
    1032
    media_image1.png
    Greyscale

Regarding Claim 4, applicant argues that Jung's cloud server 300 transmits an authentication success message either through a beacon terminal 200 or directly to an application 150, but not to both the beacon terminal 200 and the application 150. …Thus, Jung fails to disclose a server sending, to a terminal and when sending a first authentication success message to the authentication device, an authentication success indication message. (Applicant Arg./Rem., Page 15)
Examiner respectfully disagrees. Jung teaches the cloud server 300 may transmit the authentication success message through the beacon terminal 200 or directly to the application 150 to inform the user of the authentication success. Examiner considered the “or” is an inclusive or. The use of "A or B" allows the option that both A and B hold. Thus under broadest reasonable interpretation, Examiner interpreted Jung can transmit  the authentication success message both to beacon terminal 200 and the application 150. Since, Je teaches transmit authentication success message to the access device [¶ 0056] and Jung teaches transmit the authentication success message through the beacon terminal 200 or directly to the application 150, therefore it would have been obvious to one of ordinary skill in the art to combine Je and Jung’s teachings because it would have allowed the system of a known technique for improvement to yield the predictable result of transmitting indication of authentication successful message directly to the terminal as well as transmit the authentication successful message to the access device, without the requiring significant modifications to the Je’s disclosure outside the scope of one having ordinary skill in the art before the effective filing date of the claimed invention.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3-4 and 8-9  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 3 and 8 recite “…sending the MAC address of the terminal to the server before granting the first network permission; and receiving, from the server, a second authentication success message that is based on the MAC address and reputation data of the terminal.”, which is unclear, because it contradicts with Claims 1 and 6. Since, claims 1 and 6 recites “…granting, in response to the network permission request packet and before any terminal authentication, a first network permission to the terminal;…”. Thus, Claims 1 and 6 do not require any authentication before granting first network permission, however, claims 3 and 8 teaches receiving authentication success message before grant the first network permission, which clearly means that there are some form of authentication required before grant the first network permission. Therefore, Claims 1 and 6 are contradict to Claims 3 and 8 and it is not clear whether some form of authentication is required before grant first network permission or not.
Claims 4 and 9 recite “…receiving a first authentication request requesting to authenticate a terminal;”, however, it is not clear whether the first authentication request is requested by the terminal or the authentication device.  The limitation is interpreted to read on the prior art as explained infra.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 6 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over US 2011/0131630 (Je et al.) in view of US 2015/0223070 (Chhabra et al.). 

Regarding Claim 1, Je teaches a method implemented  by  an authentication device ([⁋ 0007], a service access method and device, a user authentication device) and comprising: receiving, from a terminal [e.g., Fig. 1, Terminal 140] that is separate from the authentication device [e.g., service access device 110], a network permission request packet ([⁋ 0029], an access request received from the terminal 140. [Fig.2, 0036], In operation S201,...a service access request received from the terminal 140. [Fig. 3, ⁋ 0053], The terminal 140 may transmit a service access request to the service access device 110 [e.g.,  the authentication device] in operation S301. [Fig. 1, ⁋ 0031], Fig 1 illustrates terminal 140 and service access device 110. Je teaches the service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed so that they are relatively far apart from each other. For example, the service access device 110 may be built in an equipment within user's space, such as a home or office. Since, Je teaches the service access device 110 can be implemented as devices or servers that are independently installed, therefore, it is clear that the service access device 110 is separated from the user terminal 140);
granting,  in response to the network  permission  request packet and before terminal authentication, a first network permission to the terminal ([⁋ 0017], a terminal transmits an access request and authentication information to a service access device, and a service processor performs a temporary access [e.g., a first network permission] in response to a permission of a temporary access request. [⁋ 0030] the service access device 110 may permit a temporary access to the terminal 140 based on a result of the temporary authentication. [⁋ 0040], service access device 110 may perform the temporary authentication based on a validation code. [⁋ 0047], when the terminal 140 is powered on, a user may be provided with a predetermined service through a temporary access. Accordingly, it is possible to provide the user with a simple push service, such as a notification or guidance information, prior to the main authentication);
receiving, from a server [e.g., Fig. 1, user authentication Device 120] and after granting the first network permission to the terminal, a first authentication failure message that is based on authentication failure of the terminal, wherein the authentication failure is based on the network permission request packet ([⁋ 0042], the result of the main authentication may be received from the user authentication device 120 [e.g., server]. The user authentication device 120 may perform the main authentication using the authentication information and, when the main authentication fails, may transmit a request to revoke the temporary access to the service providing device 130. [Fig. 3, ⁋ 0056], transmit, to the user authentication device 120, the authentication information along with a main authentication request [i.e., the network permission request packet] in operation S309. Subsequently, the user authentication device 120 may perform a main authentication based on user authentication information that is registered in advance, in operation S310. When the main authentication fails, the user authentication device 120 may request the service access device 110 to revoke the temporary access); and
withdrawing the first network permission in response to  the first authentication failure message ([⁋ 0013], revoking the temporary access when the main authentication fails. [⁋ 0015], When the main authentication fails, the user authentication device may transmit a request to revoke the temporary access to the service providing device. [⁋ 0041], when the main authentication fails, the service access device 110 may revoke the temporary access. [⁋ 0056], When the main authentication fails, the user authentication device 120 may request the service access device 110 to revoke the temporary access, and the service access device 110 may revoke the temporary access).
While, Je teaches the temporary access [e.g., first network permission],  granted based on some form of authentication ([⁋ 0017], a terminal transmits an access request and authentication information to a service access device, and a service processor performs a temporary access [e.g., a first network permission] in response to a permission of a temporary access request. [⁋ 0030] the service access device 110 may permit a temporary access to the terminal 140 based on a result of the temporary authentication. [⁋ 0040], service access device 110 may perform the temporary authentication based on a validation code), however, Je does not explicitly teaches, but Chhabra teaches granting, …before any terminal authentication, a first network permission to the terminal ([⁋ 0008], when the electronic device is connected to the network. Subsequently, the electronic device receives, from the authentication computer, network information that allows the electronic device to access a wireless network associated with the service provider at a remote location that is different from the home location. The network information eliminates a need for the electronic device to provide authentication information when accessing the wireless network [see also, ⁋ 0038]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Je’s teachings of permit temporary access with some form of authentication with Chhabra teaching of grant, an electronic device, access to a wireless network without any authentication, because it would have allowed the user to access the network without any difficulties [Chhabra, ⁋ 0006]

Regarding Claim 6, Je teaches an authentication device comprising: a memory configured to store instruction; and a processor coupled to the memory and configured to execute the instructions ([⁋ 0031], service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed).
The rest of the limitations of Claim 6 are rejected under the same rationale of Claim 1.

Regarding Claim 24, Je does not explicitly teaches, but Chhabra teaches the method of claim 1, further comprising further granting the first network permission without exchanging authentication information with the terminal ([¶ 0038]  authentication computer communicates network information to electronic device that allow electronic device to access wireless network. In particular, the network information may eliminate the need for electronic device to provide authentication information (such as the username, the account identifier with the service provider and/or the password associated with the account) when accessing wireless network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Je’s teachings of permit temporary access with Chhabra teaching of grant, an electronic device, access to a wireless network without exchanging authentication information, because it would have allowed a known device to access the network without any difficulties [Chhabra, ⁋ 0006]

Claims 2  and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of  US Patent no. 9,088,891 (Belton et al.).

Regarding Claim 2, Je teaches the method of claim 1, wherein after granting the first network permission, the method further comprises: receiving, from the server, a first authentication success message that is based on authentication success of the terminal and that instructs the authentication device to grant a second network permission to the terminal [Fig. 2, ⁋ 0041], In operation S204, the service access device 110 may process a main authentication based on the authentication information. Specifically, the service access device 110 may permit a main access to the terminal 140 based on a result of the main authentication performed based on the authentication information. [⁋ 0042], …permit the main access to the terminal 140 based on a result of the main authentication. …the result of the main authentication [e.g., a first authentication success message] may be received from the user authentication device 120. The user authentication device 120 may perform the main authentication using the authentication information. [⁋ 0043], the user authentication device 120 may perform the main authentication using authentication information of the terminal 140 that is received from the service access device 110, and may transmit a result of the main authentication to the service access device 110. [Fig. 3, ⁋ 0056], the user authentication device 120 may perform a main authentication based on user authentication information that is registered in advance, in operation S310. … when the main authentication succeeds, the user authentication device 120 may transmit a result of the main authentication to the service access device 110); and 
granting the second network permission to the terminal in response to the first authentication success message ([⁋ 0043], permit a main access [e.g., the second network permission] to the terminal 140 based on a result of the main authentication. [Fig. 3, ⁋ 0056], the service access device 110 may permit a main access to the terminal 140 in operation S311, and may transmit a main access request for the terminal 140 to the service providing device 130 in operation S312. Additionally, the terminal 140 may perform a main access connection to the service providing device 130 based on access information, so that a communication service may be provided in operation S313.
However, Je does not explicitly teach, but, Belton teaches wherein the second permission is broader than the first network permission [C.7:L.21-28], First authentication component 112 only allows traffic within a first walled garden. Upon authentication using first authentication component 112, device 100 is …granted access to a second walled garden representing second authentication component 114. After authenticating with second authentication component 114, device 110 has access beyond both walled gardens [e.g., broader than the first permission], to include network 116).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je with Belton in order to grant broader access after a secure authentication, because it would allow controlling client access limitation to the network resources.

Claim 7 is rejected under the same rationale of Claim 2.

Claims 3, 8, 12, 17  and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of US 2016/0036833 (Ardeli et al.).

Regarding Claim 3, while Je teaches the service access device 110 may validate a Media Access Control (MAC) address for the terminal 140, may perform a temporary authentication [¶ 0047], however, Je does not explicitly teach, but, Chhabra teaches the method of claim 1, wherein the network permission request packet is a network access packet, wherein a source media access control (MAC) address in the network access packet is a MAC address of the terminal ([⁋ 0032] Communication between the electronic device and the authentication computer may include wireless communication. This wireless communication may involve conveying packets that are transmitted and received by radios in the electronic device and the authentication computer in accordance with a communication protocol ([⁋ 0037], …the request may include: a unique identifier of electronic device  (such as a media access control or MAC address)), and wherein before granting the first network permission, the method further comprises: sending the MAC address of the terminal to the server before granting the first network permission ([⁋ 0037] authentication computer may provide a request to accounting computer [e.g., server] to allow electronic device to access wireless network. For example, the request may include: a unique identifier of electronic device 112 (such as a media access control or MAC address), the network address and an expiration date of the access); and receiving, from the server, a second authentication success message that is based on the MAC address, based on connection pattern of the terminal ([⁋ 0066], the authentication computer determines the connection pattern of the electronic device based on the received information. …the authentication computer identifies that the electronic device is at the home location based on the connection pattern. ..the authentication computer provides, to the accounting computer, the request to allow the electronic device to access the wireless network associated with the service provider at the remote location that is different from the home location. …the authentication computer communicates, to the electronic device, the network information [e.g., a second authentication success message], where the network information allows the electronic device to access the wireless network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Je’s teachings of permit temporary access with some form of authentication with Chhabra teaching of grant, an electronic device, access to a wireless network based on the MAC address and connection pattern of the device without any authentication, because it would have allowed the user to access the network without requiring any user action.
Although, Chhabra teaches allow network access based on the connection pattern of the network device, however Je in view of Chhabra do not explicitly teach, however, Ardeli teaches  authentication success message that is based on reputation data of the terminal ([⁋ 0067], grants a client device access to a network resource based on a reputation score assigned to the client device. [⁋ 0057], …reputation module compares the current reputation score of the client against one or more reputation threshold limits to determine access rights for the client. [⁋ 0058], If the current reputation score is below or equal to the downgrade threshold, the reputation module sends instructions to the policy enforcement module to downgrade the access privileges for the client to that of a less privileged role).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Chhabra in order to incorporate a method as disclosed by Ardeli to grant access of a client device to the network based on the reputation score of the client device. Because it would control client access privileges to the network resources based on client reputation.

Claim 8 is rejected under the same rationale of Claim 3.

Regarding Claim 12, Je in view of Ardeli do not explicitly teach, however, Chhabra teaches the method of claim 3, wherein the network access packet is an Internet Protocol (IP) packet ([⁋ 0032] Communication between the electronic device and the authentication computer may include wireless communication. This wireless communication may involve conveying packets that are transmitted and received by radios in the electronic device and the authentication computer in accordance with a communication protocol, such as an Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, Bluetooth.TM. (from the Bluetooth Special Interests Group of Kirkland, Wash.), and/or another type of wireless interface, such as a near-field-communication standard or specification (from the NFC Forum of Wakefield, Mass.)).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Ardeli with Chhabra in order to issue an IP request packet to access network resources, because it would have been a predictable variation of sending a request to access resources on a wireless communication network accordance with a communication protocol.

Claim 17 is rejected under the same rationale of Claim 12.

Regarding Claim 23, Je in view of Chhabra do not explicitly teach, however, Ardeli teaches the method of claim 1, wherein the network permission request packet comprises a destination address, and wherein the destination address is an address of a website that the terminal requests to access ([¶ 0044], receives one or more data packets …analyzes the one or more data packets to retrieve Uniform Resource Locators (URLs) [i.e., destination address of a website] from the one or more data packets. [¶ 0045], if the URL is unpermitted, drops the Hypertext Transfer Protocol (HTTP) GET request. For example, the client may be trying to access a social networking website in an office enterprise setting).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Chhabra with Ardeli in order to have an address of a website as a destination address in the network access request, because it would have been allowed the system to verify  whether accessing the requested website is permitted or not.

Claims 4, 9 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of WO 2017/116016 (Jung et al.).

Regarding Claim 4, Je teaches a method implemented by a server and comprising: receiving a first authentication request requesting to authenticate terminal ([⁋ 0030], the service access device 110 may accumulate pieces of authentication information, and may transmit the accumulated pieces of authentication information to the user authentication device 120 [e.g., the server] [⁋ 0031], …the user authentication device 120 may be implemented as devices or servers that are independently installed. [⁋ 0042], the service access device 110 may transmit a main authentication request to the user authentication device 120 using the authentication information);
sending, to an authentication device in response to the first authentication request, a first authentication success message ([⁋ 0043], the user authentication device 120 may perform the main authentication using authentication information of the terminal 140 that is received from the service access device 110, and may transmit a result of the main authentication to the service access device 110. [⁋ 0056], when the main authentication succeeds, the user authentication device 120 may transmit a result of the main authentication to the service access device 110); 
However, Je does not explicitly teach, but Jung teaches sending, to the terminal, without passing through the authentication device, before receiving  a  response  message  from  the  authentication device  in response  to the first authentication success message, and when sending the first authentication success message to the authentication device, an  authentication success indication message ([2. User Authentication Process, Page 4.], …The Application 150 encrypts the key having the authentication data received and transmits the encrypted authentication data to the beacon terminal 200 [ e.g., the  authentication device] together with the user ID. Then, the beacon terminal 200 transmits the encrypted authentication data and the user ID together with the authentication data generated to the cloud server 300 [e.g. server]. If the authentication is successful, the cloud server 300 may transmit the authentication success message through the beacon terminal 200 or directly to the application 150 to inform the user of the authentication success. Since, Jung teaches the cloud server 300 may transmit the authentication success message…directly to the application 150 to inform the user of the authentication success, therefore, given the broadest reasonable interpretation, Examiner interprets the cloud server inform the user of the authentication success, without passing through the beacon terminal [e.g., authentication device], before receiving  a  response  message  from  the  beacon terminal).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je in order to incorporate a method as disclosed by Jung in order to transmit the authentication success message directly to the application to inform the user of the authentication success,   because it would allow the system to accelerate the authentication process.

Regarding Claim 9, Je teaches a server comprising: a memory configured to store instruction; and a processor coupled to the memory and configured to execute the instruction ([⁋ 0031], service access device 110, the user authentication device 120, and the service providing device 130 may be respectively implemented as devices or servers that are independently installed). 
The rest of the limitations of Claim 9 are rejected under the same rational of Claim 4.

Regarding Claim 25, Je teaches the method of claim 4, further comprising further sending the authentication success indication message after sending the first authentication success message ([¶ 0056], when the main authentication succeeds, the user authentication device may transmit a result [i.e., first authentication success message] of the main authentication to the service access device, and the service access device may permit a main access [i.e., authentication success indication] to the terminal)

Claims 5  and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Jung further in view of Chhabra and Ardeli.

Regarding Claims 5 and 10, the claim limitations are identical and/or equivalent in scope to claim 3, thus, are rejected under the same rationale of Claim 3.

Claims 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra and Ardeli, further in view of US Patent no. 6,522,875 (Dowling et al.).

Regarding Claim 11, Je in view of Chhabra and  Ardeli do not explicitly teach, however, Dowling teaches the method of claim 3, wherein the network access packet is a Hypertext Transfer Protocol (HTTP) packet or a HTTP Secure (HTTPS) packet ([C.14:L.36-38], transmit one or more hypertext transfer protocol ( HTTP) request packets via the first network connection).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify references in order to incorporate a method as disclosed by Dowling to send a HTTP request packet to access the website. Because it would allow to establish a connection with a webserver and get access HTML pages.

Claim 16 is rejected under the same rationale of Claim 11.

Claims 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra and Ardeli, further in view of Belton.

Regarding Claim 13.  Je in view of Begley and Ardeli do not explicitly teach, however, Belton teaches the method of claim 3, wherein the second authentication success message comprises an identifier of the first network permission ([C.12:L.38-42], after the device is authenticated the device can be assigned an internet protocol (IP) address [e.g., an identifier of the first network permission] on the network. …this IP address can be a "production" (normal access) address, but is specially managed until multi-factor authentication is complete).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify references in order to incorporate teachings of Belton to assign an identifier after authenticate a device. Because it would allow to identify device authentication based on the identifier.

Claim 18 is rejected under the same rationale of Claim 13.

Claims 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Chhabra further in view of US 2014/0053243 (Walsh et al.).

Regarding Claim 14,  Je teaches  the method of claim 1, wherein the first network permission is a temporary network permission ([⁋ 0007] may permit a temporary access based on a temporary authentication), however, Je in view of Chhabra does not explicitly teach, but, Walsh teaches a temporary network permission comprising a time limit ([⁋⁋ 0007, 0013], Restricted LAN Internet Access System grant the user a temporary Internet session…the temporary session could be limited by controlling the allowed time).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je in order to incorporate a method as disclosed by Walsh to grant restricted access to the user for a time limit. Because it would allow effective  cost-efficient way of delivering temporary captive portal Internet access [Walsh, ⁋ 0005].

Claim 19 is rejected under the same rationale of Claim 14.

Claims 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over  Je in view of Jung, Chhabra and Ardeli further in view of Walsh.

Regarding Claims 15 and 20, the claim limitations are identical and/or equivalent in scope to claim 14, thus, are rejected under the same rationale of claim 14.

Claims 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Jung and further in view of CN 101009910 (Shan).

Regarding Claim 21, Je in view of Jung do not explicitly teach, however Shan teaches the method of claim 4, wherein the authentication success indication message is an Extensible Authentication Protocol (EAP) success packet ([Page 6], …authentication device directly sends EAP success EAP-Success message to user terminal).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Jung with Shan in order to send EAP Success message to the terminal, because it would allow the terminal to access resources in a secure way using EAP.

Claim 22 is rejected under the same rationale of Claim 21.

Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Dowling further in view of Walsh.

Regarding Claim 26, Je teaches a terminal comprising: a memory configured to store instructions; and a processor coupled to the memory  and configured to execute the instructions ([¶¶ 0058-0059], As shown in FIG. 4, the terminal 140 includes a transceiver 141, and a service processor 142. The transceiver 141 may transmit authentication information and an access request. As Je discloses a terminal includes a processor, thus, Je inherently discloses the claimed memory stored instruction executed by the processor) to cause the terminal to: send a network permission request packet to an authentication device [Fig. 3, ⁋ 0053], The terminal 140 may transmit a service access request to the service access device 110 [e.g.,  the authentication device] in operation S301), wherein the network permission request packet is a network access packet comprising a source medium access control (MAC) address, and wherein the source MAC address is a MAC address of the terminal ([¶ 0047] The service access device validate a Media Access Control (MAC) address for the terminal 140, may perform a temporary authentication. Since, Je teaches service access device validates the MAC of the terminal to perform temporary authentication); obtain, in response to the network permission request packet, a grant of first network permission, wherein the first network permission is a temporary network permission ([⁋ 0017], a terminal transmits an access request and authentication information to a service access device, and a service processor performs a temporary access [e.g., a first network permission] in response to a permission of a temporary access request. [⁋ 0030] the service access device 110 may permit a temporary access to the terminal 140 based on a result of the temporary authentication); and send the network permission request packet to a server ([Fig. 3, ¶ 0056], transmit, to the user authentication device [i.e., a server], the accumulated pieces of authentication information along with a main authentication request).
However, Je does not explicitly teaches, but Dowling teaches wherein the network permission request packet is a Hypertext Transfer Protocol (HTTP) packet, a Hypertext Transfer Protocol Secure (HTTPS) packet ([C.14:L.36-38], transmit one or more hypertext transfer protocol ( HTTP) request packets via the first network connection).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je in order to incorporate the teachings as disclosed by Dowling to send a HTTP request packet to access a website. Because it would allow to establish a connection with a webserver and get access HTML pages.
Je in view of Dowling do not explicitly teach, however, Walsh teaches wherein the first network permission is a temporary network permission having a time limit ([⁋⁋ 0007, 0013], Restricted LAN Internet Access System grant the user a temporary Internet session…the temporary session could be limited by controlling the allowed time).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je and Dowling in order to incorporate a teaching as disclosed by Walsh to grant restricted access to the user for a time limit, because it would allow effective  cost-efficient way of delivering temporary captive portal Internet access [Walsh, ⁋ 0005].

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Je in view of Dowling and Walsh further in view of  CN 103260260 (Chen).

Regarding Claim 27, Je in view of Dowling and Walsh do not explicitly teach, however, Chen teaches the terminal of claim 26, wherein the processor is further configured to execute the instructions to cause the terminal to further send the network permission request packet to the server before obtaining the grant ([Page 9, 6th para] a mobile device prior to receiving the access response message [i.e., grant] sent by the access server when the user input operation is performed on the mobile device, the mobile device generates an event according to input operation information of the user. coding the event information to obtain the access request message, the mobile device sends the access request message is transmitted to the access server).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Je, Dowling and Walsh in order to incorporate a teaching as disclosed by Chen to transmit the access request prior to receive access response message, because it would allow to reduce time to get the access permission.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 9am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER-ANTHONY PAPPAS can be reached on 571-272-7646. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2448                                                                                                                                                                                                        
/LANCE LEONARD BARRY/Primary Examiner, Art Unit 2448