DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/49/22 has been entered.
Claims 1-20 as submitted on 4/29/22 were considered.  Applicant’s amendments were fully considered.  Applicant’s remarks were also considered, but are moot in view of new rejections made below in response to the amendments filed.

Claim Objections
Claim 14 is objected to because of the following informalities:  
In claim 14, line 17, “the automatically detecting step” should instead be “the automatically detect step”.
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “the automatically detecting step” in line 16, which is indefinite because there are two separate “automatically detecting step” recited due to applicant’s latest amendments filed on 4/29/22; one starting in line 3 and the other starting in line 7.  It is assumed that “the automatically detecting step” recited in line 16 is meant to refer back to the one recited in line 7.  
A similar issue exists in claim 14 with respect to recitation of “the automatically detecting step” in line 17.  
Claims not specifically addressed are rejected due to dependency.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 5, 9-15, 17, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ocepek et al (US 2004/0054926) in view of Owen et al (US 2004/0187018).
Claims 1 and 14:
	As per claim 1, Ocepek discloses:
automatically detecting with a network device of the secure network an attempt by the client to access the secure network (paragraphs 39, 61, an 63;  Security device 10 passively monitors for when client devices 24 attempts to access the network, including the secured parts, by processing all frames received).
automatically detecting with a network device of the secure network
whether a client device requesting access to the secure network is a known client device on a list maintained by the network device or an unrecognized client device that is not on the list such that the client has not previously requested access to the secure network (paragraphs 46, 57-59, 63, and 74; Upon detection of an unknown client, the client is allowed to communicate with an authentication server to be authenticated before access to secured servers are allowed.  Known clients are listed in access list 146 by IP address and MAC address.  If the client is not in access list 146, it is not a previously seen client, thus is not a client that previously accessed the secure network);
automatically blocking with the network device access to the secure network by the client device based on the client device being detected as an unrecognized client device during the automatically detecting step (paragraphs 16, 46, 57, 63, 65-66, an 74;  As discussed in at least paragraph 16, for example, when an unknown client first attempts access, access to protected devices by the client is blocked and the client is directed towards the authentication server).
automatically causing a message in electronic form to be sent from the network device to a manager of the secure network based on the client device being detected as an unrecognized client device during the automatically detecting step as another level of security, the message seeking a response from the manager as to whether access to the unrecognized client device should be granted or denied (paragraphs 16, 46, 57, 63, 65-66, and 74; The authentication server is considered the claimed manager and only if the authentication manager indicates that the client successfully authenticated will access to protected devices/servers be allowed to the client.  If the client fails to authenticate, access to protected devices are blocked); and
automatically adding identification information of the unrecognized client device to the list of known client devices when the response is received and granting or denying access based on the response (paragraphs 16, 46, 65-66, and 68-69).

Ocepek does not disclose, but Owen discloses determining that the client device has passed a first-factor of a multi-factor authentication security system (Fig 5; paragraphs 52-54, 57, and 159; Multi-factor authentication scheme is disclosed where access is allowed only if a user/client is able to successfully pass two or more authentication schemes.  Those schemes could include pin/password authentication, geolocation authentication, time based authentication, etc.  As per paragraph 159, each of the authentication schemes can be carried out in any order with respect to each other).
Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to utilize Owen’s teachings of a multi-factor authentication scheme along with the various individual authentication schemes within Ocepek’s invention.  One of ordinary skill would have been motivated to utilize Owen’s teachings because use of multiple authentication schemes would cover the weaknesses of any one authentication scheme and Owen’s teachings overcomes the disadvantages of previously known authentication schemes (Owen: paragraph 8).

The rejection of claim 1 applies, mutatis mutandis, to claim 14.

Claims 2 and 17:
Ocepek further discloses wherein the identification information is a Media Access Control (MAC) address of the client device (paragraphs 58-59).  

Claim 5:
	Ocepek further discloses wherein the message is selected from the group consisting of a text message sent to a phone number of the manager, an email sent to an email address of the manager, or an electronic message sent to an app accessible by the manager (paragraphs 61 and 66; Security device 10 sends electronic message to authentication server to perform authentication on a client.  The application/software used by the authentication server to receive the authentication request is considered the app accessible by the manger/authentication server).

Claim 9:
	Ocepek further discloses wherein the network device communicates with a cloud server for at least one of having the message sent and having the response received (paragraphs 35-36; Network can include wireless portions, thus servers can be cloud servers).

Claim 10:
	Owen further makes obvious wherein said steps of detecting, causing, and adding are part of a security system for granting or denying access to client devices to the secure network (paragraph 66; Owen’s teachings show that it can use any number of multi-factor authentication schemes, so when Ocepek and Owen’s teachings are combined, any authentication scheme Ocepek already uses can be incorporated with ones taught by Owen as part of a greater security system for granting or denying access to client devices in the secure network).

Claim 11:
	Owen further makes obvious wherein said steps of detecting, causing, and adding are part of a second or subsequent factor of a multi-factor authentication security system, and wherein the first-factor of the multi-factor authentication security system must be passed before said steps of detecting, causing, and adding occur (paragraph 159; Each authentication scheme of the multi-factor authentication scheme can be performed in any order relative to each other).

Claim 12:
	Owen further discloses wherein the first-factor requires accurate submission of a pre-set secret password (paragraphs 19 and 159).

Claim 13:
	Ocepek and Owen further disclose wherein the client device is selected from the group consisting of a smartphone, smartwatch, tablet computer, lap-top computer, wearable device, smartwatch, smart appliance, smart television, computer, lap top computer, tablet computer, and wireless personal electronic device (Ocepek: paragraph 36 and Owen: paragraph 11).

Claim 15:
Ocepek further discloses wherein the secure network is a wireless local area network (WLAN), wherein the network device is customer premise equipment (CPE), a gateway device, or a WiFi router of the secure network that has access to the Internet, and wherein the network device transmits the message to the manager via the Internet (paragraphs 35-37).

Claim 19:
Ocepek further discloses further discloses wherein the at least one processor is further configured to execute the one or more instructions to directly send the message and receive the response (paragraphs 46 and 48).

Claim 20:
	Ocepek and Owen further makes obvious wherein the at least one processor is further configured to execute the one or more instructions to provide the multi-factor authentication system for granting or denying access to client devices to the security network (Owen: paragraphs 10 and 19), and wherein the multi-factor authentication security system includes the first-factor requiring accurate for a pre-set secret password (Owen: paragraphs 10 and 19), and wherein a second or subsequent factor of the multi-factor authentication security system is provided by the list maintained by the network device (Owen: paragraph 10 and 159; Ocepek: paragraphs 57-59; As per Owen’s teachings, each factor in the multi-factor authentication system can be performed in any order relative to each other.  Since Ocepek disclose of use of a list maintained by the network device as part of his authentication scheme, in the combination invention of Ocepek-Owen, the pin/password authentication and authentication using a list can both be utilized and in any order).



Claim(s) 3-4 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ocepek et al (US 2004/0054926) in view of Owen et al (US 2004/0187018) in further view of Huotari et al (US 2009/0122787).
Claim 3:
	Ocepek and Owen do not explicitly disclose, but Huotari discloses wherein the list includes a whitelist of identification information of known client devices that are automatically to be granted access to the secure network by the network device (paragraph 32).
	Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to further modify Ocepek and Owen’s combination invention according to Huotari’s teachings discussed by using a whitelist to bypass multifactor authentication of a client.  One skilled would have been motivated to do so as it would allow automatic access of a client to protected resources without having to go through all the authentication processes (Huotari: paragraph 32), which would save computer resources.

Claim 4:
	Ocepek and Owen do not explicitly disclose, but Huotari discloses wherein the list includes a blacklist of identification information of known client devices that are automatically to be denied access to the secure network by the network device (paragraph 32).
Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to further modify Ocepek and Owen’s combination invention according to Huotari’s teachings discussed by using a blacklist to bypass multifactor authentication of a client and automatically blocking known clients that previously failed the authentication process.  One skilled would have been motivated to dos so as it would allow automatic blocking of a client to protected resources without having to go through all the authentication processes (Huotari: paragraph 32), which would save computer resources and prevent a brute force attack.

Claim 16:
	The rejection of claims 3 and 4 combined, applies, mutatis mutandis, to claim 16.




Claim(s) 5-8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ocepek et al (US 2004/0054926) in view of Owen et al (US 2004/0187018) in further view of Wang et al (US 9,961,079).

Claim 5:
	Alternative to the above rejection of claim 5 over Ocepek and Owen, Wang also discloses wherein the message is selected from the group consisting of a text message sent to a phone number of the manager, an email sent to an email address of the manager, or an electronic message sent to an app accessible by the manager (col 6, lines 62-67; Use of messages sent via text to a phone number).
	Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to incorporate Wang’s teachings into Ocepek and Owen’s combination invention so that the message was sent via text.
The rationale for why one of ordinary skill in the art would find it obvious to do so is that doing so is nothing more than simple substitution of one known element (i.e. type of message) for another to achieve predictable results (see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007)).

Claim 6:
	Wang further discloses the step of requesting a phone number, email address, or username of an app to be input by the manager during setup of the network device (paragraphs 53-54; Messaging is done via phone or text, which means a phone number needs to be set up at some point for successful message delivery to phone).
	Note that a manger device/program requesting the user input a phone number, email address, or user name for an app as part of a system or software setup was also something that was well known in the art prior to the effective filing date of applicant’s claimed invention.  It would have been obvious for one of ordinary skill in the art to further modify Ocepek-Owen-Wang’s combination invention to have the manager request a user to input a phone number, email address, or username of an app as part of a standard network system setup so the system works properly in order to know where to send alert messages.

Claim 7:
	Ocepek further discloses wherein the secure network is a wireless local area network (WLAN), wherein the network device is customer premise equipment (CPE), a gateway device, or a WiFi router of the secure network that has access to the Internet, and wherein the network device transmits the message to the manager via the Internet (paragraphs 35-37).

Claim 8:
	Ocepek further discloses further discloses wherein the network device performs at least one of (directly) sending the message and receiving the response (paragraphs 46 and 48).

Claim 18:
	Claim 18 recite limitations substantially similar to what is recited in both claims 5 and 6, thus the rejections of claims 5 and 6 over Ocepek, Owen, and Wang apply, mutatis mutandis, to claim 18.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PONNOREAY PICH whose telephone number is (571)272-7962. The examiner can normally be reached M-F 9am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PONNOREAY PICH/Primary Examiner, Art Unit 2495