DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
The office action is a response to Applicant’s Amendment filed May 16, 2022.
No claims have been amended, added, or cancelled.
Claims 1-10 are pending in the application.

Response to Arguments
Applicant's arguments filed May 16, 2022 have been fully considered but they are not persuasive.  Applicant asserts that prior art of record used in first non-final rejection of the independent claims, filed January 13, 2022 (“Shanmugavadivel “ (US 20190021004 A1) in view of “Lim” (US 20220007362 A1)) does not disclose or suggest the limitation, “An access point in a network security system, coupled in communication with a data communication network and coupled in communication with a Wi-Fi communication network, for extended RU (resource unit)-based medium access control for suppressing airtime of quarantined stations on Wi-Fi communication networks, prior to transmission from the quarantined stations...”
To establish the motivation for using Shanmugavadivel in view of Lim, as being relevant to the field of endeavor of the invention, Examiner had indicated in the prior office action that Shanmugavadiel discloses an access point in a network security system (e.g., FIG. 1, 3-6, 8: AP/Hub/Switch; ¶ [0096], threat management system, which may include AP, hub, switch or firewall), coupled in communication with a data communication network (e.g., FIG. 1, network 108) and coupled in communication with a Wi-Fi communication network (e.g., FIG. 1, one of the networks may be Wi-Fi), and that Lim discloses that the access point may be coupled in communication with a data communication network (Wi-Fi network), for extended RU (resource unit)-based medium access control for allocating airtime to stations on Wi-Fi communication networks (e.g., FIG. 11, 13 and ¶ [0103] [0135] [0156], AP may allocate RUs to STA on WiFi (may be a WLAN network, as seen in FIG. 2 and ¶ [0051])). 
With regard to the limitation concerning access control for suppressing airtime of quarantined stations on Wi-Fi communication networks, prior to transmission from the quarantined stations, Examiner had indicated in the office action that Shanmugavadivel disclosed this feature.  However, Examiner did not cite the proper paragraph.  While ¶ [0102] discloses that a “coloring system... may be used to evaluate when a particular device is potentially compromised (e.g., threat level)”, which is relevant to determining whether a station should be quarantined, Examiner agrees that this paragraph does not explicitly describe something that one of ordinary skill in the art could interpret as “suppressing airtime of quarantined stations on Wi-Fi communication networks, prior to transmission from the quarantined stations”.
Examiner had intended to cite ¶ [0044], please see below, which best discloses security policies to determine the amount of airtime to provide to clients, associating a threat value to the amount of airtime to provide.  At least, ¶ [0044] suggests that further transmission from the stations may have a suppressed airtime, thus logically suggesting “suppressing airtime of quarantined stations on Wi-Fi communication networks, prior to transmission from the quarantined stations”.

¶ [0044]  In some implementations, a security policy control downlinks airtime to clients based on their threat index value. In some implementations, a security policy may specify that the system provide more airtime and bandwidth to clients with a threat index value of green. For example, the client 416 having a threat index value of green may be granted 70% airtime. In some implementations, a security policy may specify that the system provide less airtime to clients with a threat index value of yellow. For example, the client 414 having a threat index value of yellow may be granted 20% airtime. In some implementations, a security policy may specify that the system provide airtime only if there is no load on the AP for clients with a threat index value of red. For example, the client 412 having a threat index value of red may be granted 10% airtime, or less. The particular percentage of airtime associated with a given threat index value may vary and will depend on the particular implementation. In various implementations, different resources described herein may be allocated based on combinations of security policies. For example, airtime may be allocated in combination with wireless channel allocation and/or VLAN assignment based on one or more security policies. Various combinations of applied security policies are possible, depending on the particular implementation.

Applicant had argued the above limitation, not any other aspects of the claims or prior art of record.  As the Applicant must consider the documents that comprise the grounds of rejection in their entirety, Examiner asserts that Shanmugavadivel in view of Lim discloses all the limitations of the claims. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 5-9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Shanmugavadivel et al., U.S. Patent Application Publication No. 20190021004 A1 (hereinafter Shanmugavadivel) in view of Lim et al., U.S. Patent Application Publication No. 20220007362 A1 (hereinafter Lim).

Regarding Claim 1, Shanmugavadivel discloses an access point in a network security system (e.g., FIGS. 1, 3-6, 8, AP/Hub/Switch; FIG. 9, computing device 900; FIG. 8, ¶ [0096], threat management system 800, which may include an AP or hub or switch or firewall, and a threat management facility, all of which may be implemented on one or more computing devices (such as shown in FIG. 9)), coupled in communication with a data communication network (e.g., FIG. 1, network 108, which may be one or more networks (e.g., ¶ [0021]); computing device (i.e., AP) includes I/O interface for wireless communication and network interface (e.g., ¶ [0103])) and coupled in communication with a Wi-Fi communication network (e.g., FIG. 1, one of the networks 108 may be Wi-Fi), for extended RU (resource unit)-based medium access control for suppressing airtime of quarantined stations on Wi-Fi communication networks (e.g., ¶ [0081], when threat or policy violation detected, isolate device that restricts network access (e.g., ¶ [0044] [0102], less airtime (fairness allocation) depending on threat value)), prior to transmission from the quarantined stations (e.g., ¶ [0044], In some implementations, a security policy control downlinks airtime allocation to clients based on their threat index value [i.e., airtime for subsequent transmission is controlled through security policies (i.e., prior to transmission at a particular instance, the available airtime may be suppressed)]; ¶ [0102], policies established to mitigate potential threats, e.g., particular VLAN assignment for devices considered a threat according to policies (i.e., subsequent communications by such devices would trigger isolation)), the access point comprising: 
a processor (e.g., FIG. 9, processor 902); a network interface, communicatively coupled to the processor (e.g., FIG. 9, ¶ [0103], I/O interface 906; FIG. 1, connection to network(s) 108), coupled to the data communication network (e.g., ¶ [0020] [0021], connection to network other than WiFi (e.g., LAN)), and coupled to the Wi-Fi communication network (e.g., FIG. 9, an I/O interface 906 connected to WiFi); and a memory device, communicatively coupled to the processor and to the network interface (e.g., FIG. 9, memory 904), the memory device storing code that when executed by the processor (e.g., ¶ [0104], processor may execute the application stored in the computer readable medium), comprises: 
a network policy database to store a plurality of network policies (e.g., FIG. 2, ¶ [0033], system determines one or more security policies associated with one or more respective network resources), including quarantined station network policies (e.g., ¶ [0034], system provides security policies based on threat levels of a client device (e.g., ¶ [0081], to possibly isolate (i.e., quarantine) a client to a location or status within the network that restricts network access)); 
a quarantined station database to store a list of quarantined stations (e.g., ¶ [0073] [0080], one or more databases that may include restriction policies (e.g., ¶ [0041], a security policy may specify that a system assign clients with a threat index value of red to a VLAN)); 
a quarantining module to move quarantined stations from a first VLAN to a quarantine VLAN (e.g., FIG. 3; ¶ [0041], assign clients with a threat index value of red to a VLAN, different from a VLAN for green devices (Examiner interprets that a device may not violate a policy and be assigned to a green VLAN, but may subsequently be assigned to a red VLAN if it violates a policy, since it can be moved to a different SSID based on a threat value (e.g., ¶ [0049]))), having a dedicated BSSID on the Wi-Fi communication network (e.g., FIG. 6; ¶ [0048] [0049], threat index based SSID steering, moving clients to particular SSIDs based on their threat indexes values), and to move stations taken off quarantine to the first VLAN (e.g., ¶ [0049], move clients to particular SSIDs (and frequencies (e.g., ¶ [0046]), which may be associated with VLANs (corroborated by prior art, such as McFarthing et al, U.S. Patent Application Publication No. 20210204105 A1 (e.g., ¶ [0065]))) based on their threat index values); 
wherein the network policy module also applies additional network policies to quarantine data packets transmitted from the quarantined stations to the access point in compliance with the airtime RU allocation (e.g., ¶ [0041] [0073] [0080], policies/rules with regard to network access through the AP, i.e., access to network or devices as an authorization measure (independent of resources available for airtime to access)), the additional network policies concerning network-side policies for quarantined packets (i.e., quarantine policies are for red-assigned packets), separate from the airtime policies (i.e., Examiner interprets access to network or specific devices (e.g., servers) through AP as being separate from policies regarding allocation of airtime based on threat value (e.g., ¶ [0044] [0102])).
Shanmugavadivel discloses suppressing airtime of quarantined stations on Wi-Fi communication networks, and allocating airtime to each of the quarantined stations (e.g., ¶ [0044] [0102]), the airtime allocated at the quarantined stations through trigger data packets transmitted from the access point to the quarantined stations (e.g., ¶ [0044], client is informed of its allocated airtime), and determining an amount of resources for access to airtime on a Wi-Fi communication network (e.g., ¶ [0044], yellow assignment of 20% airtime, red value assignment of 10% airtime), based on quarantine network policies that limit an amount of airtime allowed by quarantined stations network (e.g., ¶ [0044], determination of airtime based on threat-related policy).
Shanmugavadivel does not expressly disclose extended RU (resource unit)-based medium access control for controlling airtime of stations on Wi-Fi communication networks, an RU airtime allocation module to allocate airtime RUs to stations, the airtime RUs allocated at the stations through trigger data packets transmitted from the access point to the stations.
Lim discloses extended RU (resource unit)-based medium access control for controlling airtime of stations on Wi-Fi communication networks (e.g., FIGS. 11, 13; ¶ [0103] [0135] [0156], AP may allocate RUs to STA On Wi-Fi network (e.g., FIGS. 1, 2; ¶ [0051], IEEE 802.11 (WLAN) network) through trigger frame (MAC frame included in Physical PDU (e.g., ¶ [0135])), with RU information in RA allocation field (e.g., ¶ [0151]) (i.e., Examiner interprets the allocation of RUs as being for airtime reservation, which is known to one of ordinary skill in the art (please see prior art example McFarland et al, U.S. Patent Application Publication No. 20210105773 A1 (e.g., ¶ [0066])), as well as an RU airtime allocation module to allocate airtime RUs to stations (e.g., FIG. 1; ¶ [0060], STA 110 operating as AP provides control to STA(s) 120 for system transmission (i.e., which would include allocation information); ¶ [0102] [0156], plurality of RUs may be allocated to one STA), the airtime RUs allocated at the stations through trigger data packets (e.g., FIG. 11) transmitted from the access point to the stations (e.g., ¶ [0103], AP may allocate RUs to STA through a trigger frame (plurality of RUs may be allocated to one STA (e.g., ¶ [0102] [0156])).
It would have been obvious to one of ordinary skill in the art at the time of the filing date to combine the disclosure of allocating and suppressing airtime of quarantined stations on Wi-Fi communication networks based on policies, as disclosed by Shanmugavadivel, with the disclosure of allocating airtime to stations via resource units through a trigger frame, as disclosed by Lim. The motivation to combine would have been to use resource units to allocate airtime to stations through a standard frame format (Lim) and modify the airtime according to a policy (Shanmugavadivel).

Regarding Claim 2, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 1.
Shanmugavadivel in view of Lim discloses wherein the quarantined station policies comprise airtime quarantined station policies (Shanmugavadivel: e.g., ¶ [0044] [0102], airtime allocation depending on threat value) and network-side quarantined station policies (Shanmugavadivel: e.g., ¶ [0041] [0073] [0080], policies/rules with regard to network access through the AP, i.e., access to network or devices as an authorization measure (independent of resources available for airtime to access)).

Regarding Claim 3, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 2.
Shanmugavadivel in view of Lim discloses wherein the airtime quarantined station polices concern transmission amounts over the Wi-Fi communication network (Shanmugavadivel: e.g., ¶ [0090], manage the flow of network data into and out of the network based on threat assessment; ¶ [0102], bandwidth allocation based on threat assessment (i.e., association with maximum available data that could potentially be transmitted).

Regarding Claim 5, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 1.
Shanmugavadivel in view of Lim discloses wherein a total spectral bandwidth of the quarantined VLAN amounts to at least one of: 20 MHz, 40 MHz, 80 MHz and 160MHz (Lim: e.g., ¶ [0156], assigned RUs for (non-AP) stations, with RUs being within a bandwidth (e.g., FIG. 5-7; ¶ [0023]-[0025] [0098] [0101] [0166], RUs within a band)) (Shanmugavadivel: e.g., ¶ [0046], security policies move particular clients to particular frequency bands based on their threat index value. Client having a threat index value of yellow (which may be an interpreted as a threat level worthy of isolation (e.g., ¶ [0081]), as such configuration is not precluded) may be moved to a frequency band of 2.4 GHz-40 Mhz (i.e., a VLAN in that frequency band; the relationship of a unique frequency band and a VLAN may be seen in McFarthing et al, U.S. Patent Application Publication No. 20210204105 A1 (e.g., ¶ [0030] [0065] [0074])).

Regarding Claim 6, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 5.
Shanmugavadivel in view of Lim discloses wherein the total spectral bandwidth is further divided into RUs (Lim: e.g., ¶ [0156], assigned RUs for (non-AP) stations, with RUs being within a bandwidth (e.g., FIG. 5-7; ¶ [0023]-[0025] [0098] [0101] [0166], RUs within bands)).

Regarding Claim 7, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 6.
Shanmugavadivel in view of Lim discloses wherein a specific quarantine network policy assigns zero RUs to a specific quarantined station to prohibit any airtime for transmissions from the specific quarantined station to the access point (Shanmugavadivel: e.g., ¶ [0041], a security policy may specify that the client having a threat index value of red may be blocked from all services and data (i.e., no allocation of resources for communication)).

Regarding Claim 8, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 1.
Shanmugavadivel in view of Lim discloses wherein the trigger frame comprises a user info field (Lim: e.g., FIG. 13; ¶ [0150], user identifier field in trigger frame) with an RU allocation field (Lim: e.g., FIG. 13; ¶ [0151], RU allocation field) that indicates an amount of RUs (Lim: e.g., ¶ [0156], RUs allocated to STAs) and a spectral frequency for using the RUs (Lim: e.g., FIG. 5-7; ¶ [0023]-[0025] [0098] [0101] [0166], specified RUs for specified frequency bands with associated bandwidth).

Regarding Claim 9, the claim is directed to a computer-implemented method in an access point of a network security system, the method comprising operations that are functionally similar to those performed by the access point of claim 1.  Therefore, the reasoning used in the examination of claim 1 shall be applied to claim 9.  

Regarding Claim 10, Shanmugavadivel in view of Lim discloses a non-transitory computer-readable media storing source code (Shanmugavadivel: e.g., ¶ [0110]), in an access point of a network security system (Shanmugavadivel: e.g., FIG. 1, AP) (Lim: e.g., FIG. 1, 2, AP)), comprising operations that are functionally similar to those performed by the access point of claim 1.  Therefore, the reasoning used in the examination of claim 1 shall be applied to claim 10.  

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Shanmugavadivel in view of Lim in further view of Kaushik et al, U.S. Patent Application Publication No. 20170289814 (hereinafter Kaushik).

Regarding Claim 4, Shanmugavadivel in view of Lim  discloses all the limitations of the access point of claim 1.
Shanmugavadivel in view of Lim does not expressly disclose wherein a Wi-Fi controller manages a plurality of access points including the access point, wherein the access point receives a transmission from the Wi-Fi controller indicating a specific quarantined station that the Wi-Fi controller has detected as being handed- off from a second access point to the access point.
Kaushik discloses wherein a Wi-Fi controller manages a plurality of access points including the access point (e.g., FIG. 1; ¶ [0020], controller 120 manages the multiple access points from a network-wide perspective, and provides network-wide tracking of RSSI data for stations), wherein the access point receives a transmission from the Wi-Fi controller indicating a specific quarantined station that the Wi-Fi controller has detected as being handed off from a second access point to the access point (e.g., ¶ [0023], The controller 120 provides a network-wide tracking of RSSID values for stations that move from access point to access point. The controller 120 can force a hand-off or roam of a suspicious station and reconfirm the closeness or RSSI values; ¶ [0028], Controller receives RSSI values from stations connected to access points, along with a time stamp. A predetermined RSSI proximity threshold can determine the sensitivity of tracking (a particular RSSI difference can indicate suspicious activity).  In one example, the devices are tracked after being handed-off from one access point to another access point. If the suspicious condition is detected, a bit or signal is generated).
It would have been obvious to one of ordinary skill in the art at the time of the filing date to combine the disclosure of allocating and suppressing airtime of quarantined stations on Wi-Fi communication networks based on policies, as disclosed by Shanmugavadivel in view of Lim, with the disclosure of suspicious activity by handed-over stations being detected by Wi-Fi controller, which notifies the access points involved in handover, as disclosed by Kaushik. The motivation to combine would have been to detect attacks by emulated stations (Kaushik: e.g., ¶ [0007]).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADISLAV Y AGUREYEV whose telephone number is (571)272-0549.  The examiner can normally be reached on Monday--Friday (9-5).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chi Pham can be reached on (571) 272-3179.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VLADISLAV Y AGUREYEV/Examiner, Art Unit 2471                                                                                                                                                                                                                                              
/CHI H PHAM/Supervisory Patent Examiner, Art Unit 2471