DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim interpretation – Formal Matters
1.  A double patenting rejection is NOT put forth.

2.  The examiner interprets that the claims are statutory under the requirements and guidelines as set forth in 35 USC 112.  Written support is found and the claims particularly point out the inventive concept(s).

3.  The examiner interprets that the claims are statutory under the requirements and guidelines as set forth in 35 USC 101 (ie. directed to one of the four patent-eligible subject matter categories, no abstract idea, above judicial bar).

4.  The preliminary amendment is ENTERED.







Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 2, 8-9, 18-19 and 21 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Coughlan et al. US WO2012/172533.
As per claim 1, Coghlan et al. WO2012/172533 (from IDS) teaches a method comprising: 
receiving, at a user device from a home access point, a first digital certificate for a residential wireless roaming mode, wherein the residential wireless roaming mode provides the user device remote access to a wireless local area network corresponding to the home access point (Figure 1 shows the user can access a HOME WLAN #2 and Figure 2 shows that a Certificate Signing REQUEST is sent to the network/AccuROAM and a Signed Certificate Download and Service Profile Exchanged is sent back (see dashed lines)).  The certificate is used in the login/access process shown in Figure 4), 
and 
	Below from page 7:

    PNG
    media_image1.png
    453
    671
    media_image1.png
    Greyscale

wherein the first digital certificate is issued by a certificate authority of a service provider associated with the home access point (Coghlan shows the user in Figure 1 communicating with the user’s service provider, which verifies the user and then provides a certificate for said user to access the network via home WLAN.   Page 8, L31-34 teaches the network sending a certificate to the user after a Certificate Signing Request has been sent from the user to the network); 
transmitting at least one probe request message to at least one public access point, wherein the probe request message comprises at least the first digital certificate (Page 8, L31-34 teaches a CSR is sent from the user to the network and a certificate is sent back, the “..device uses the signed certifcate to generate and encrypt the network access credentials for the network access, which reads on the limitation.  See also page 11, L7-20); and 
receiving from the at least one public access point a probe response message comprising information for remotely accessing the wireless local area network via a virtual private network connection established between* the public access point and the home access point (Figure 1 shows the 802.11 Home WLAN connects to the public network via RADIUS/DIAMETER and Coghlan states this is/can be a VPN link, ie. RADIUS connection is via permanent VPN connection P8, L12-13).    
Below from page 7, teaches the method provides for automatic login once the user device performs the registration process.  The 2nd paragraph teaches that the login credentials are generated each time from information elements within the certificate, which reads on the claim

    PNG
    media_image2.png
    155
    708
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    116
    706
    media_image3.png
    Greyscale

*NOTE that the phrase “..via a virtual private network connection established between the public access point and the home access point..” can be interpreted as either a direct W/L link between public and home AP’s or it can be interpreted as a link that connects via the public network (as shown in Applicant’s SPEC, Figure 2, see dashed line #230).  The examiner uses the interpretation shown in figure 2, hence there is a “backhaul” link from public AP #225 to the home AP in HN #200, which is similar to Coghlan’s design showing link from network #10 to WLAN #2).











As per claims 8 and 18, Coghlan teaches claim 1/11, wherein the first digital certificate is a X.509 digital certificate (See Page 11, L4-5 which teaches support for X.509 certificates).  
Below from Page 10:

    PNG
    media_image4.png
    561
    812
    media_image4.png
    Greyscale














As per claims 9 and 19, Coghlan teaches claim 1/11, further comprising: 5 
connecting to at least one other device connected to the local access network through the virtual private network connection (Coghlan, page 1 below, teaches multiple users being authenticated and then connecting to wireless LAN’s, which inherently allows them to connect to each other OR other networks OR other users across other networks, etc.)

    PNG
    media_image5.png
    405
    736
    media_image5.png
    Greyscale
  	

As per claim 11, this claim is rejected as based on the rejection of claim 1 above.  Furthermore, Coghlan teaches an apparatus comprising circuitry configured to receive and circuitry configured to transmit the various information transmitted/received in the method steps detailed in claim 1/11 (See Coghlan’s figures 1-4 which show the devices and network hardware involved).  

As per claim 21, this claim is rejected as based on the rejection of claim 1 above.  Furthermore, Coghlan teaches a non-transitory computer readable medium comprising program instructions for causing an apparatus to perform the method steps outlined in claim 1  (figures 2-4 show the method steps which inherently require program instructions stored in the devices (fig. 1) that perform the method steps ).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of Kurn US 2002/0071563 and Sood et al. US 2009/0052393.
As per claims 2 and 12. (Original) The method as in claim 1/11, but is silent on wherein the probe request message comprises: 
a first vendor specific field indicating the first digital certificate; and 
a second vendor specific field indicating that the user device supports the residential wireless roaming mode.  
EXAMINER’s NOTE:  As a teaching reference (pertinent but not cited), the examiner notes that De Silva et al. US 6,615,347 teaches a generic digital certificate containing various fields, to include Issuer’s Name, Signature, etc. (see figure 2 below).  Hence, any device sending a digital certificate would include this information, which is unique to that vendor/issuer.  Thusly, De Silva teaches that a digital certificate indentifies itself when it is sent/used (which is similar to “indicating the first digital certificate” above).

    PNG
    media_image6.png
    648
    461
    media_image6.png
    Greyscale

(11)  Fig. 2 is an illustration of a preferred embodiment of a digital certificate 200 in accordance with the present invention. The digital certificate 200 complies with the ITU-T Recommendation X.509 (1997 E), as developed by the ISO/IEC/ITU groups, and is stored in the digital certificate database 120. In other embodiments, the digital certificate 200 may be stored on other types of computer readable media, such as on smart cards, in flash memory, on magnetic stripes such as on the back of credit cards, or as printed bar codes.
(12) The digital certificate 200 includes a serial number 202, the issuer 104's distinguished name 204, the subscriber 102's distinguished name 206, a period of validity 208, the subscriber 102's public key 210, possibly digital certificate extensions 212, and the issuer 104's digital signature 214. The serial number 202 identifies the digital certificate 200; issuers 104 typically provide a unique serial number 202 for each digital certificate 200 issued by the issuer 104. The issuer's and subscriber's distinguished names 204 and 206 are, respectively, the distinguished names of the issuer 104 and subscriber 102. A distinguished name for an entity is information about the entity, including for example the entity's name, address, and/or email address. The period of validity 208 contains information regarding the time period during which the digital certificate 200 is valid. For example, the period of validity 208 may include an effective date and an expiration date of the digital certificate 200. Digital certificate extensions 212 are information which may be tailored by various issuers 104 for their specific purposes. In this particular embodiment, the digital certificate extensions 212 follow the X.509 format and include information 216 about other related digital certificates. The issuer's digital signature 214 is a version of the information in the digital certificate 200 which has been processed using the issuer's private key (typically one-way hashed and then encrypted with the issuer's private key). The signature 214 secures the digital certificate 200.   (C5, L5-41)
	The examiner notes that Kurn US 2002/0071563 teaches sending the digital certificate in a request for authentication purposes (ie. and would include the information taught by  De Silva above), which reads on “….a first vendor specific field indicating the first digital certificate….”, hence the certificate would inherently include (per De Silva) indication of the first digital certificate in the message/vendor specific field.
 	[0121] Referring to FIG. 5, a typical business transaction starts with a consumer 50 in the form of, for example, some person making use of a workstation to formulate a request. Included in this request would be the information necessary to authenticate the consumer (such as a username and password and/or a digital certificate), and to transmit that authentication information to the server on the computer system 11. 

It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Coughlan, such that there is a first vendor specific field indicating the first digital certificate, to provide the ability to indicate which digital certificate is being used.
With regard to “..a second vendor specific field indicating that the user device supports the residential wireless roaming mode..”, Sood et al. US 2009/0052393 teaches roaming (ie. not limited, which would include residential, local, national, etc.) where the user is authenticated to roam via a digital certificate, which reads the limitation since the reception of a/the digital certificate is what allows the user to authenticate and ROAM to any/all networks that are to be supported (ie. residential, local, national, international, etc.).
 [0013] FIG. 2 is a flow diagram illustrating a method for enabling roaming of a wireless device, such as the wireless device 110, in the plurality of wireless networks. The method initiates at 200 when the wireless device 110 completes an authentication with the authentication server 106. It will be evident to those skilled in the art that the authentication authenticates the wireless device 110 with the plurality of wireless networks using protocols such as EAP including typical authentication techniques like traditional passwords, token cards, digital certificates and public-key authentication.
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that there is a second vendor specific field indicating that the user device supports the residential wireless roaming mode, to provide the ability for the indicating that roaming is possible for that particular mobile device.


Claims 3 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of Yoon et al. US 2015/0146704 and Bender et al. US 2009/0222902.
As per claims 3 and 13.  Coughlan teaches claim 1/11, but is silent on 
wherein the probe request message comprises a service set identifier field, and wherein a value of a service set identifier field of the probe request message is set to zero or null, and 
6wherein a service set identifier of the wireless local area network is identified in the first digital certificate.  
With regard to “..the probe request message comprises a service set identifier field, and wherein a value of a service set identifier field of the probe request message is set to zero or null..”, Yoon et al. US 2015/0146704 teaches a mobile device sending a probe request (to a plurality of Access Points) by setting the SSID to null:
[0009] Upon requesting responses from a plurality of undesignated access points by setting a service set identifier (SSID) of a probe request frame in a state of null, the station receives a probe response frame from the access points during a maximum probe response time Max_Probe_Response_Time, and requests access at an access point whose wireless environment is the most superior among the access points having transmitted probe response frames. That is, even after a probe response frame is received from an access point having a superior wireless environment, the station waits for the maximum probe response time to pass, and then requests an access at the access point, thereby causing waste of time.
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Coughlan, such that the probe request message comprises a service set identifier field, and wherein a value of a service set identifier field of the probe request message is set to zero or null, to provide the ability to probe multiple access points in the area.
With regard to “…6wherein a service set identifier of the wireless local area network is identified in the first digital certificate…”, Bender et al. US 2009/0222902 teaches that digital certificates can include various information about the WLAN/network can can include “..includes WLAN information for mobile device 102 to identify and operate with a given WLAN, and may include a unique WLAN identifier such as a Service Set Identifier (SSID) or Extended SSID (ESSID)” (See Para 75 below), which reads on the limitation.
 [0075] The CA information may be associated with or part of a WLAN profile of the mobile device 102. The WLAN profile may also be pushed to the mobile device by host server 230 in the same communication session utilized to push the CA information. Host server 230 may provide a plurality of WLAN profiles to mobile device 102, each WLAN profile having different CA information associated therewith. Each WLAN profile includes WLAN information for mobile device 102 to identify and operate with a given WLAN, and may include a unique WLAN identifier such as a Service Set Identifier (SSID) or Extended SSID (ESSID), for uniquely identifying a WLAN for wireless access. Thus, different digital certificates may be associated with different network profiles for communication access in different wireless networks. For example, a first digital certificate may be stored in association with a first network profile for communication access in a first wireless network, and a second digital certificate may be stored in association with a second network profile for communication access in a second wireless network.
  It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that wherein a service set identifier of the wireless local area network is identified in the first digital certificate, to provide the ability to determine which WLAN network the mobile will connect to based on the digital certificate used/sent.






Claims 4 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of Lee et al. US 2017/0325094 and Bender et al. US 2009/0222902.
As per claims 4 and 14, Coughlan teaches claim 1/11, but is silent on 
wherein the probe response message comprises a second digital certificate issued by the certificate authority and 
a service set identifier identifying the wireless local area network corresponding to the home access point.  
With regard to “..wherein the probe response message comprises a second digital certificate issued by the certificate authority..”,  Lee et al. US 2017/0325094   teaches receiving multiple (two) digital certificates if/when roaming, a first is signed by the visited network operator (MNO) while the second is signed by the home network operator (MNO)
[0104] Because the MNOs have established a trust relationship, each of the MNOs may sign the digital certificates of other MNOs included in the trust relationship (e.g., as cross-certificates). When a wireless communication device (e.g., the fourth wireless communication device 710-c) is a subscriber device of one MNO (e.g., the first MNO 705) and attempts to attach to a network access device of a roaming MNO (e.g., the second MNO 705-a), the roaming MNO may transmit, to the wireless communication device, a first digital certificate (e.g., a digital certificate of the roaming MNO) and a second digital certificate (e.g., a digital certificate of the roaming MNO signed by the wireless communication device's home MNO). In this manner, the wireless communication device may verify the authenticity of the digital certificate of the roaming MNO by verifying that its home MNO signed a copy of the digital certificate of the roaming MNO. A potential advantage of the hybrid PKI 700 may be a single root of trust (i.e., a home MNO). However, a potential disadvantage of the hybrid PKI 700 may be increases OTA message sizes (because two digital certificates may need to be transmitted to a wireless communication device that is attempting to attach to an MNO).
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Coughlan, such that wherein the probe response message comprises a second digital certificate issued by the certificate authority, to provide the ability to use multiple digital certificates to certify both the roamed/visited network and the user’s home network (for added security that require both certificates).
With regard to “…6a service set identifier identifying the wireless local area network corresponding to the home access point…”, Bender et al. US 2009/0222902 teaches that digital certificates can include various information about various networks, which could be a home or visited network (since Bender does not limit WHAT networks can/can’t be identified by the SSID.   Hence a given WLAN described below can be either Home or Visited networks “..includes WLAN information for mobile device 102 to identify and operate with a given WLAN, and may include a unique WLAN identifier such as a Service Set Identifier (SSID) or Extended SSID (ESSID)” (See Para 75 below), which reads on the limitation.
 [0075] The CA information may be associated with or part of a WLAN profile of the mobile device 102. The WLAN profile may also be pushed to the mobile device by host server 230 in the same communication session utilized to push the CA information. Host server 230 may provide a plurality of WLAN profiles to mobile device 102, each WLAN profile having different CA information associated therewith. Each WLAN profile includes WLAN information for mobile device 102 to identify and operate with a given WLAN, and may include a unique WLAN identifier such as a Service Set Identifier (SSID) or Extended SSID (ESSID), for uniquely identifying a WLAN for wireless access. Thus, different digital certificates may be associated with different network profiles for communication access in different wireless networks. For example, a first digital certificate may be stored in association with a first network profile for communication access in a first wireless network, and a second digital certificate may be stored in association with a second network profile for communication access in a second wireless network.
  It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify the combo, such that a service set identifier identifying the wireless local area network corresponding to the home access point, to provide the ability to identify which WLAN network the user will connect to as it roams.

	


Claims 6 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of Xu et al. US 2018/0077564
As per claims 6 and 16, Coghlan teaches claim 1/11, but is silent on wherein the probe response message further comprises an indication of a bandwidth limit and/or* time limit for the virtual private network connection established between the public access point and the home access point.     (*OR is alternative language)
At least Xu et al. US 2018/0077564 teaches a user who roams into/onto another network which can have a roaming policy that limits the user’s bandwidth.  Figure 1 shows users #111/#121 that can roam to a Visited Network where a roaming policy can be enfored (Fig. 2b, #285) that can limit the user’s bandwidth (See figure 3, middle of page shows COUNTER USAGE that monitors consumption of YouTube data until a quota is exceeded, then access is restricted:
[0019] According to at least one other aspect of the example embodiment, the roaming policy may further include a data shaping profile with a bandwidth limit for at least one service. The traffic detection and enforcement module may be further configured to shape data consumed by the at least one service based on the data shaping profile. According to some embodiments, the traffic detection and enforcement module may be further configured to monitor roaming data usage for the user network device.
	Clearly Xu teaches communications between the Home and Visited networks, which the examiner interprets as either an initial policy setting OR one that is determined in real-time (such as with a Probe Request for a particular user when it roams into the Visited network’s support area).
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Coughlan, such that wherein the probe response message further comprises an indication of a bandwidth limit and/or* time limit for the virtual private network connection established between the public access point and the home access point, to provide the ability to inform the use device if it has been constrained in the roaming/visited network (ie. bandwidth can be limited, time can be limited, etc.).


Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of Costa US 2009/0217033.
As per claims 7 and 17, Coughlan teaches claims 1/11, but is silent on 
wherein: the probe request message is an 802.11 probe request message; and the probe response message is an 802.11 probe response message.  
At least Costa et al. US 2009/0217033 teaches a wireless user that sends an IEEE 802.11 Probe Request message with the AP sending an IEEE 802.11 Probe Response that include generic security parameters and then creates a physical link with said wireless user, which reads on the applicant’s design/claims:
[0084] For example, the wireless user terminal (supplicant) 130a sends to the AP (authenticator) 115a an IEEE 802.11 Probe Request message. The AP replies sending to the wireless user terminal an IEEE 802.11 Probe Response message, including security parameters, and creates a physical link with that wireless user terminal. Then, the wireless user terminal sends to the AP an IEEE 802.11 Open System Authentication Request message, to which the AP replies with an IEEE 802.11 Open System Authentication Response message. The wireless user terminal then sends to the AP an IEEE 802.11 Association Request message, and the AP replies sending back an IEEE 802.11 Association Response message, with the indication that the operation has been completed successfully. This procedure allows the wireless user terminal to be associated to the AP. Up to now, the "controlled" port of the AP is however still blocked, because the wireless user terminal is not yet authenticated.
[0092] The initial state of the supplicant 200 is identified by 205 ("Connecting"); during its operation, the wireless user terminal 130a issues on a regular basis IEEE 802.11 Probe Request messages, in order to identify the presence of APs; APs like the AP 115a and the AP 115b in whose area of coverage the wireless user terminal 130a is located reply by sending thereto IEEE 802.11 Probe Response messages; based on the received IEEE 802.11 Probe Response messages, the wireless terminal 130a selects the new AP 115b as the new network's access point in substitution of the previous AP 115a. In alternative, the wireless user terminal does not need issuing IEEE 802.11 Probe Request messages, being the APs that autonomously issue Beacon messages, based on which the wireless user terminal 130a selects the new AP 115b. The wireless user terminal may operate the selection based on the measurement of the radio quality of the messages received from the APs.
[0139] In case of failure of the transaction (state 265, "TransactionFailed"), the supplicant sends to the authenticator an IEEE 802.11 Probe Request message (event 267, "SendProbe"), and waits for an IEEE 802.11 Probe Response from the authenticator (state 249, "APProbe"). In case a timeout expires without receiving any response from the authenticator (event 251, "ProbeTimeoutExpired"), the supplicant decrees that the AP is no more reachable (state 253, "APDown"), that AP is deleted from the list of the known APs (event 255, "EraseAPfromAPListI), and the supplicant returns to the initial state 205. If instead an IEEE 802.11 Probe Response from the authenticator is received within the timeout (event 257, "RcvProbeResponse"), for example indicating that the AP does not support the short authentication, or that other problems exist, the supplicant declares the network "non-compliant" with the short authentication procedure (state 259, "NonCompliantNetwork"), and the supplicant starts a fall authentication procedure, by sending to the AP the first EAPOL Start message (event 261, "EAPOLStart"). The full authentication starts (state 263, "Authentication").
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Coughlan, such that wherein: the probe request message is an 802.11 probe request message; and the probe response message is an 802.11 probe response message, to provide the ability to comply with well-known standards such as 802.11 and their probe/response messaging procedures.


Claims 10 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Coughlan WO2012/172533 and further in view of {Zi US 2009/0185495 OR Yamada et al. US 2003/0131131}
As per claims 10 and 20, Coughlan teaches claim 1/11, wherein the virtual private network connection (See Coughlan, Page 8 below, which teaches that the connection between Cellular/WLAN networks can be via RADIUS connection over a permanent VPN connection as an option):

    PNG
    media_image7.png
    190
    802
    media_image7.png
    Greyscale

But is silent on
(The VPN) comprises either a layer-2 virtual private network connection or a layer-3 virtual private network connection.  
The concept of a layer-2 or layer-3 VPN connection is well known, well understood and implemented in myriad network designs.   It essentially is used to connect two (or more) sites/users via a public connection (ie. the Internet) but encryption is provided to ensure secrecy/protection.   Thusly, any two networks/users would want to use a low-cost public network along with encryption to connect.
At least Zi or Yamada teach layer-2 and/or layer-3 VPN’s that connect different networks/users:
i)  Zi US 2009/0185495 teaches connecting two users/networks via a Layer-2 or Layer-3 VPN (that can be tunneled through the public network (Internet) which uses encryption and establishes a private data network:
[0004] Virtual Private Network (VPN) is a technology that relies on Internet Service Provider (ISP) and Network Service Provider (NSP) to establish a private data communication network in a public network. The VPN can be categorized into Layer-2 VPN (L2VPN) and Layer-3 VPN (L3VPN), etc.
ii)  Yamada et al. US 2003/0131131 teaches support for both Layer-2 and Layer-3 VPN’s in a same network (See figure 1 shows a LAYER-2 VPN #3a/#3b and a LAYER-3 VPN #4a/#4b).
It would have been obvious to one skilled in the art at the time of the invention's filing date, to modify Couglan, such that (The VPN) comprises either a layer-2 virtual private network connection or a layer-3 virtual private network connection, to provide the ability to use various VPN technology to connect the different network/user devices together for added security (prevents hacking/stolen data).












Allowable Subject Matter
Claims 5 and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
These claims (along with their intervening claims) recite highly technical design details not found in at least the prior art of record, either alone or in combination:
Claims 5 and 15:  “..further comprising, in response to receiving the probe response message: 
validating the at least one public access point based on the second digital certificate; and 
performing authentication and association procedures with the home access point via the virtual private network connection”.  



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is found in the PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN M. D'AGOSTA whose telephone number is (571)272-7862. The examiner can normally be reached 8am to 4pm (IFW).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Edan (Dan) Orgad can be reached on 571-272-7884. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/STEPHEN M D AGOSTA/Primary Examiner, Art Unit 2414