DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to claims filed 9/24/2020.  Claims 1-20 have been examined.  This office action is Non-Final.

Examiner Notes

Patent 10,819,750 is a Divisional of Application 17/031,754.  Parent Application 15/964,935, which has since been patented 10,819,750 had a restriction requirement, where the Applicant elected Group 1, and withdrew from consideration Group 2.  The child application 17/031,754 has filed claims from Group 2.  According to MPEP one is prohibited from doing an obvious type double patenting rejection in this scenario.  MPEP 804.01



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 11-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes, Jr. et al (2015/0121464) in view of Herttua et al (2015/0350088).
As per claim 1, Hughes discloses a method, comprising:
receiving, via at least one of one or more computing devices, a request for a network resource from a client device (Hughes, Jr: para. 0029, and 0033, receiving via the server a request from a mobile device, the request for data access);
determining, via at least one of the one or more computing devices, a particular class to which the client device belongs based at least in part on location-identifying information included in the request, the particular class being one of a plurality of classes (Hughes, Jr: para. 0031, and 0042, determining via the server a security level to which the mobile device belongs based in least in part on geographic location included in the request (Hughes discloses the location identifying information which is the geographic location is sent by the mobile device with the initial data access request), the particular security level being one of a plurality of security levels); and
authenticating, via at least one of the one or more computing devices, the client device for access to the network resource using a particular authentication service corresponding to the particular class, the particular authentication service being one of a plurality of authentication services usable for authentication for access to the network resource (Hughes, Jr: para. 0032 and 0046, authenticating via the server, the mobile device for access to the network resource using a particular authentication service (i.e. Hughes discloses that based on the security level a particular authorization information will be requested, and the amount, thus the level and degree required is based on the security level (i.e. particular class), and the level and degree is used for authentication to access the network resource).
Hughes, Jr. does not explicitly disclose user class.
	However, analogous art of Herttua discloses user class (Herttua: para. 0044, user class based at least in part on the IP address).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herttua with the system/method of Hughes, Jr. to include user class.  One would have been motivated to include a user class, because this enables more efficient use of a network, as data is not provided with an unnecessarily high quality which would consume network resources unnecessarily (Herttua: para. 0036).  
As per claim 2, Hughes, Jr. and Herttua disclose the method of claim 1.
Hughes, Jr. further discloses after authenticating the client device, determining, via at least one of the one or more computing devices, a different class to which the client device belongs based at least in part on different location-identifying information of the client device (Hughes, Jr: para. 0033, after authenticating the mobile device within the predetermined authorization zone, is automatically authenticated, determining, via the server, a different security level to which the mobile device belongs based at least in part on the geographic location of the mobile device, the mobile device moves to location outside a predetermined authorization zone), the different class being another one of the plurality of classes; and blocking, via at least one of the one or more computing devices, access of the client device to the network resource based at least in part on the different class to which the client device belongs (Hughes, Jr: para. 0033, and 0038, the security levels of the plurality of security levels, and not performing authentication based on being outside the authorization zone).
Hughes, Jr. does not explicitly disclose a user class.
However, analogous art of Herttua discloses a user class (Herttua: para. 0044, user class)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herttua with the system/method of Hughes, Jr. to include user class.  One would have been motivated to include a user class, because this enables more efficient use of a network, as data is not provided with an unnecessarily high quality which would consume network resources unnecessarily (Herttua: para. 0036).  
As per claim 3, Hughes, Jr. and Herttua disclose the method of claim 1. 
Hughes, Jr. further discloses wherein a particular user of the client device is associated with a respective user identity in at least two of the plurality of classes, and the method further comprises: receiving, via at least one of the one or more computing devices, a subsequent request for the network resource from the client device (Hughes, Jr: para. 0059, particular user of the of the user device is associated with a respective user identity in at least two security levels, receiving via the server a subsequent request for the network resource from the user device) ; determining, via at least one of the one or more computing devices, a different class to which the client device belongs based at least in part on different location-identifying information in the subsequent request (Hughes, Jr: para. 0059, determining, via the server, a different security level to which the user device belongs based at least in part on different geographic location, the location was updated/moved), wherein the different class is another one of the plurality of  classes; and authenticating, via at least one of the one or more computing devices, the client device for access to the network resource using a different authentication service corresponding to the different class, wherein the different authentication service is another one of the plurality of authentication services (Hughes, Jr: para. 0059-0061, different security level is another one of the plurality of security levels; and authenticating, via the server, the user device for access to the network resource using a different authentication service, automatically authentication when in the predetermined authorization zone).
Hughes, Jr. does not explicitly disclose a user class.
However, the analogous art of Herttua discloses a user class (Herttua: para. 0044, user class).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herttua with the system/method of Hughes, Jr. to include user class.  One would have been motivated to include a user class, because this enables more efficient use of a network, as data is not provided with an unnecessarily high quality which would consume network resources unnecessarily (Herttua: para. 0036).  
As per claim 4, Hughes, Jr. and Herttua disclose the method of claim 1.
Hughes, Jr. further discloses generating, via at least one of the one or more computing devices, a network page in response to the request (Hughes, Jr: para. 0041, 0046,  server requiring a user to manually enter credentials, a network page in response to the request), the network page including a form that requests security credentials necessary for the client device to be authenticated by the particular authentication service (Hughes, Jr: para. 0036,  generating, a website include a form that request credentials necessary for the mobile device to be authenticated by the particular authentication service);
receiving, via at least one of the one or more computing devices, the security credentials from the client device via the form (Hughes, Jr: para. 0036, 0041, and 0046,  receiving, via the server the credentials from the mobile device via the form); and
wherein authenticating the client device further comprises verifying, by the particular authentication service executed via at least one of the one or more computing devices, that the security credentials correspond to a valid user identity (Hughes, Jr: para. 0032, and 0046, authenticating the mobile device, verifying, by the level and degree of authorization required which includes the amount of credentials required based on the security level, and the credentials are validated).
As per claim 5, Hughes, Jr. and Herttua disclose the method of claim 1.
Hughes, Jr. further discloses receiving, via at least one of the one or more computing devices, cookie data from the client device (Hughes, Jr: para. 0036-0037, the server receives the cookie data from the mobile device, the credentials are previously stored in local memory, and thus the user does not need to enter them again); and wherein authenticating the client device further comprises verifying, by the particular authentication service executed via at least one of the one or more computing devices, that the cookie data corresponds to a valid user identity (Hughes, Jr: para. 0036-0037, authenticating the mobile device, by validating the cookie data (i.e. credentials previously stored in local memory)).
As per claims 11-14, are rejected under similar scope as claims 1-4 respectively. 


As per claim 20, Hughes, Jr. discloses a non-transitory computer-readable medium embodying at least one program executable in at least one computing device, wherein when executed the at least one program causes the at least one computing device to at least (Hughes, Jr.: para. 0076-0077)
receive a request for a network resource from a client device (Hughes, Jr: para. 0029, and 0033, receiving a request from a mobile device, the request for data access);
determine a particular class to which the client device belongs based at least in part on location-identifying information included in the request, the particular class being one of a plurality of classes (Hughes, Jr: para. 0031, and 0042, determining a security level to which the mobile device belongs based in least in part on geographic location included in the request discloses the location identifying information which is the geographic location is sent by the mobile device with the initial data access request), the particular security level being one of a plurality of security levels);
automatically select a particular authentication service corresponding to the particular class, the particular authentication service being one of a plurality of authentication services usable for authentication for access to the network resource (Hughes, Jr: para. 0028-0029, and 0036-0037, automatically select a particular authentication service, automatic authentication, authorize the mobile device); and
authenticate the client device for access to the network resource using the particular authentication service (See Fig. 5,  #512, automatically authenticate the mobile device).


Hughes, Jr. does not explicitly disclose a user class.
However, the analogous art of Herttua discloses a user class (Herttua: para. 0044, user class).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Herttua with the system/method of Hughes, Jr. to include user class.  One would have been motivated to include a user class, because this enables more efficient use of a network, as data is not provided with an unnecessarily high quality which would consume network resources unnecessarily (Herttua: para. 0036).  

Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes, Jr. et al (2015/0121464) in view of Herttua et al (2015/0350088), and further in view of O’Toole et al. (2016/0057626).
As per claim 6, Hughes, Jr. and Herttua discloses the method of claim 1.
Hughes, Jr. and Herttua do not explicitly disclose wherein the location-identifying information comprises information transmitted by at least one wireless beacon.
However, analogous O’Toole discloses wherein the location-identifying information comprises information transmitted by at least one wireless beacon (O’Toole: para. 0010, and 0018, location transmitted by the wireless beacon (i.e. BLE, LTE Direct, beacon communication protocol)).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of O’Toole with the system/method of Hughes, Jr. and Herttua to include the location-identifying information comprises information transmitted by at least one wireless beacon.  One would have been motivated to include a wireless beacon, because this is an efficient method that transmits data via short range and wireless that communicates with a device (O’Toole: para. 0010).  
As per claim 15, rejected under similar basis as claim 6.

Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes, Jr. et al (2015/0121464) in view of Herttua et al (2015/0350088), and further in view of Gupta et al. (2015/0373027).
As per claim 7, Hughes, Jr. and Herttua discloses the method of claim 1.
Herttua further discloses a user class (Herttua: para. 0044, user class based at least in part on the IP address).
Hughes, Jr. and Herttua do not explicitly disclose wherein the location-identifying information comprises a network address of the client device, and determining the particular class further comprises: identifying, via at least one of the one or more computing devices, a network address range corresponding to the network address of the client device; and determining, via at least one of the one or more computing devices, that the network address range corresponds to the particular class.
Gupta discloses wherein the location-identifying information comprises a network address of the client device, and identifying, via at least one of the one or more computing devices, a network address range corresponding to the network address of the client device; and determining, via at least one of the one or more computing devices, that the network address range corresponds to the particular class (Gupta: para. 0020, 0024, and 0042, MAC address (i.e. network address) of the client device, identifying, via the network address range corresponding to the MAC address of the client device, determining that the network address range corresponds to the particular class).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gupta with the system/method of Hughes, Jr. and Herttua to include location-identifying information comprises a network address of the client device, and identifying, via at least one of the one or more computing devices, a network address range corresponding to the network address of the client device; and determining, via at least one of the one or more computing devices, that the network address range corresponds to the particular class.  One would have been motivated, because this is an efficient method that allows devices that fall within a range of addresses access to resources on the network; this is effective access control (Gupta: para. 0020).  
As per claim 16, rejected under similar basis as claim 7.

Claims 8-10, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes, Jr. et al (2015/0121464) in view of Herttua et al (2015/0350088), and further in view of Parekh (2006/0224752).
As per claim 8, Hughes, Jr. and Herttua discloses the method of claim 1.
Herttua further discloses a user class (Herttua: para. 0044, user class).
Hughes, Jr. nor Herttua do not explicitly disclose adding, via at least one of the one or more computing devices, a header to the request.
However, analogous art of Parekh discloses adding, via at least one of the one or more computing devices, a header to the request (Parekh: para. 0193, and 0196, adding by referral URL contained in the header that identifies the particular class).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Parekh with the system/method of Hughes, Jr. and Herttua to include adding, via at least one of the one or more computing devices, a header to the request.  One would have been motivated, because this ensures that the server can detect the information requested, thus being able to easily identify the information (Parkeh: para. 0193).  
As per claim 9, Hughes, Jr. and Herttua discloses the method of claim 1.
Herttua further discloses a user class (Herttua: para. 0044, user class based at least in part on the IP address).
Hughes, Jr. and Herttua do not explicitly disclose wherein the location-identifying information comprises a network address of the client device, and the method further comprises, forwarding, via at least one of the one or more computing devices, the request to a network resource server via an internal network, wherein the request that has been forwarded does not include the network address.
However, analogous art of Parekh discloses the location-identifying information comprises a network address of the client device, and the method further comprises, forwarding, via at least one of the one or more computing devices, the request to a network resource server via an internal network, wherein the request that has been forwarded does not include the network address (Parekh: para. 0192, and 0195, a geographic location includes an IP address of the requesting machine, forwarding, the request to an internal server via an internal/private network, wherein the request that has been forwarded does not include the network address, because the IP address is already stored in the database on the internal server).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Parekh with the system/method of Hughes, Jr. and Herttua to include location-identifying information comprises a network address of the client device, and the method further comprises, forwarding, via at least one of the one or more computing devices, the request to a network resource server via an internal network, wherein the request that has been forwarded does not include the network address.  One would have been motivated, because by using the DNS server, Internet users within a private network are more directly routed to an internal server (Parkeh: para. 0015).  
As per claim 10, Hughes, Jr. and Herttua disclose the method of claim 1.
Herttua further discloses a plurality of user classes (Herttua: para. 0043, user classes 1-3). 
Hughes, Jr, and Herttua do not explicitly disclose internal users, and at least another one of  external users.
	However, analogous art of Parekh discloses internal users (Parekh: para. 0194-0195, and 0197, i.e. users from within the private network/internal network, that have their IP addresses processed by the internal server), and external users (i.e. users outside the private network, external network that have their IP addresses processed by the external server).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Parekh with the system/method of Hughes, Jr. and Herttua to include internal and external users.  One would have been motivated to use a whois to determine what users own the IP addresses, thus this is an efficient security measure (Parekh: para. 0047).  
As per claims 17-19, rejected under similar basis as claims 8-10.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
6/10/2022


 /J.E.J/ Examiner, Art Unit 2439                                                                                                                                                                                                        

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439