DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted at applicant’s initial time of filing for patent. 
Priority
The instant application is CON and claim[s] domestic priority under 35 USC 120 to parent US application # 15/982476, filed on 05/17/2018, now US PAT # 10932129, which further claims domestic priority under 35 USC 119e to provisional application # 62/536177, filed on 07/24/2017. 
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/16/2020, 03/05/2021, 07/20/2021, the submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Applicant’s drawings filed on 11/16/2020 have been inspected, and are in compliance with MPEP 608.02. 
Specification
Applicant’s specification filed on 11/16/2020 has been inspected and is in compliance with MPEP 608.01. 
Claim Objections
Claim[s] 9 is objected to because of the following informalities:  because there is a mis-spelled word [i.e. “devicee”].  
Appropriate correction is required.
Claim Interpretation – 35 USC 112th F
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function.  
***Such claim[s] and claim limitation(s) is/are: 
As per claim 9. An apparatus comprising:

a network interface that enables network communications;

a processor; and

a memory to store data and instructions executable by the processor,

wherein the processor is configured “to execute the instructions to:

receive a network access request from a client device, the network access request
including a media access control (MAC) address of the client device and information
about a first private key;

send, via the network interface, an authentication request to a server, wherein the
authentication request includes the MAC address of the client device;

receive an authentication response from the server;

determine whether the authentication response includes a second private key;

in response to determining that the authentication response includes the second
private key, determine whether the first private key is the same as the second private key;

in response to determining that the first private key is different than the second
private key or that the authentication response does not include the second private key,
deny network access to the client device; and

in response to determining that the first private key is the same as the second
private key, grant network access to the client device.”

As per claim 10. The apparatus of claim 9, wherein the processor is configured to execute the instructions to:

in response to a failure to receive the authentication response within a predetermined
period of time, deny network access to the client device.

As per claim 14. The apparatus of claim 13, wherein the processor is configured to execute the instructions to:

monitor network activities of the client device;

determine whether the client device accesses a network resource other than the
predetermined network resource; and

in response to determining the client device accesses a network resource other than the
predetermined network resource, block the client device from accessing the network.

As per claim 17. A non-transitory computer-readable storage media encoded with software comprising computer executable instructions which, when executed by a processor, cause the processor “to perform operations including:

receiving a network access request from a client device, the network access request
including a media access control (MAC) address of the client device and information about a first private key;

sending an authentication request to a server, wherein the authentication request includes the MAC address of the client device;

receiving an authentication response from the server;

determining whether the authentication response includes a second private key;

in response to determining that the authentication response includes the second private
key, determining whether the first private key is the same as the second private key;

in response to determining that the first private key is different than the second private
key or that the authentication response does not include the second private key, denying network access to the client device; and

in response to determining that the first private key is the same as the second private key, granting network access to the client device.”

As per claim 20. The non-transitory computer-readable storage media of claim 19, wherein the instructions further cause the processor “to perform operations including:

monitoring network activities of the client device;

determining whether the client device accesses a network resource other than the
predetermined network resource; and

in response to determining the client device accesses a network resource other than the
predetermined network resource, blocking the client device from accessing the network.”

Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  
(1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or 
(2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function.
Appropriate action required. 
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based e-Terminal Disclaimer may be filled out completely online using web-screens. An e-Terminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about e-Terminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim[s] 1 – 20 are rejected on the ground of non-statutory double patenting as being unpatentable over claim[s] 1 - 20 of U.S. Patent No. 10932129. 
Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of both the pending application and patent are not distinct in the following manner:
	receiving a network access request from a client device. The network access request includes a media access control address and information about a first private key. The network controller sends to a server an authentication request, which includes the media access control address of the client device. The network controller receives an authentication response from the server, which includes a second private key. The network controller determines whether the first private key is the same as the second private key. As a result of determining that the first private key is different from the second private key, network access is denied to the client device, in the alternative outcome determining that the first private key is the same as the second private key, network access is granted to the client device.
Also see the table below for a claim by claim comparison. 
Pending US App # 17/098677
US PAT # 10932129
1. A method comprising:



at a network controller, receiving a network access request from a client device, the network access request including a media access control (MAC) address of the client device and
information about a first private key;













sending, by the network controller, an authentication request to a server, wherein the authentication request includes the MAC address of the client device;





receiving an authentication response from the server;



determining whether the authentication response includes a second private key;


in response to determining that the authentication response includes the second private key, determining whether the first private key is the same as the second private key;




in response to determining that the first private key is different than the second private key or that the authentication response does not include the second private key, denying network
access to the client device; and


in response to determining that the first private key is the same as the second private key, granting network access to the client device.

1. A method comprising: 

at a network controller configured to provide network access to client devices, receiving a network access request from a client device, the network access request including a media access control (MAC) address of the client device and information about a first private key; 

sending, by the network controller, an authentication request to a server, wherein the authentication request includes the MAC address of the client device; 
receiving an authentication response from the server, the authentication response including a second private key; 

determining whether the first private key is the same as the second private key using the information about the first private key;
 
in response to determining that the first private key is different from the second private key, denying network access to the client device; and 
in response to determining that the first private key is the same as the second private key, granting network access to the client device.
2. The method of claim 1, further comprising:


in response to a failure to receive the authentication response within a predetermined period of time, denying network access to the client device.

2. The method of claim 1, further comprising: 
in response to a failure to receive the authentication response within a predetermined period of time, denying network access to the client device.
3. The method of claim 1, wherein the authentication response further includes a change of authorization (CoA) message that includes vendor-specific attributes.

3. The method of claim 1, wherein the authentication response further includes a change of authorization (CoA) message that includes vendor-specific attributes.
4. The method of claim 3, wherein the vendor-specific attributes further allow peer-to-peer traffic between the client device and other client devices having a same user identification.

4. The method of claim 3, wherein the vendor-specific attributes further allow peer-to-peer traffic between the client device and other client devices having a same user identification.
5. The method of claim 3, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.

5. The method of claim 3, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.
6. The method of claim 5, further comprising:


monitoring network activities of the client device;



determining whether the client device accesses a network resource other than the predetermined network resource; and





in response to determining the client device accesses a network resource other than the predetermined network resource, blocking the client device from accessing the network.

6. The method of claim 5, further comprising: 
monitoring network activities of the client device; 
determining whether the client device accesses a network resource other than the predetermined network resource; and 

in response to determining the client device accesses a network resource other than the predetermined network resource, blocking the client device from accessing the network.
7. The method of claim 5, wherein the access restriction parameters further require the client device to obey a set of traffic patterns.

7. The method of claim 5, wherein the access restriction parameters further require the client device to obey a set of traffic patterns.
8. The method of claim 5, wherein the access restriction parameters further require traffic from and to the client device be with a predetermined set of access points.

8. The method of claim 5, wherein the access restriction parameters further require traffic from and to the client device be with a predetermined set of access points.
9. An apparatus comprising:

a network interface that enables network communications;




a processor; and



a memory to store data and instructions executable by the processor, wherein the processor is configured to execute the instructions to:







receive a network access request from a client device, the network access request including a media access control (MAC) address of the client device and information about a first private key;







send, via the network interface, an authentication request to a server, wherein the authentication request includes the MAC address of the client device;





receive an authentication response from the server;






determine whether the authentication response includes a second private key;








in response to determining that the authentication response includes the second private key, determine whether the first private key is the same as the second private key;





in response to determining that the first private key is different than the second private key or that the authentication response does not include the second private key, deny network access to the client device; and




in response to determining that the first private key is the same as the second private key, grant network access to the client device.

9. An apparatus comprising: 
a network interface that enables network communications; 

a processor; and 

a memory to store data and instructions executable by the processor, wherein the processor is configured to execute the instructions to: 

receive a network access request from a client device, the network access request including a media access control (MAC) address of the client device and information about a first private key; 

send an authentication request to a server, wherein the authentication request includes the MAC address of the client device; 

receive an authentication response from the server, the authentication response including a second private key; 





determine whether the first private key is the same as the second private key using the information about the first private key; 

in response to determining that the first private key is different from the second private key, deny network access to the client device; and 

in response to determining that the first private key is the same as the second private key, grant network access to the client device.
10. The apparatus of claim 9, wherein the processor is configured to execute the instructions to:

in response to a failure to receive the authentication response within a predetermined period of time, deny network access to the client device.

10. The apparatus of claim 9, wherein the processor is configured to execute the instructions to: 
in response to a failure to receive the authentication response within a predetermined period of time, deny network access to the client device.

11. The apparatus of claim 9, wherein the authentication response further includes a change of authorization (CoA) message that includes vendor-specific attributes.

11. The apparatus of claim 9, wherein the authentication response further includes a change of authorization (CoA) message that includes vendor-specific attributes.
12. The apparatus of claim 11, wherein the vendor-specific attributes further allow peer-to-peer traffic between the client device and other client devices having a same user identification

12. The apparatus of claim 11, wherein the vendor-specific attributes further allow peer-to-peer traffic between the client device and other client devices having a same user identification.
13. The apparatus of claim 11, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.

13. The apparatus of claim 11, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.
14. The apparatus of claim 13, wherein the processor is configured to execute the instructions to:





monitor network activities of the client device;




determine whether the client device accesses a network resource other than the predetermined network resource; and





in response to determining the client device accesses a network resource other than the predetermined network resource, block the client device from accessing the network.

14. The apparatus of claim 13, wherein the processor is configured to execute the instructions to: 

monitor network activities of the client device; 

determine whether the client device accesses a network resource other than the predetermined network resource; and 

in response to determining the client device accesses a network resource other than the predetermined network resource, block the client device from accessing the network.
15. The apparatus of claim 13, wherein the access restriction parameters further require the client device to obey a set of traffic patterns.

15. The apparatus of claim 13, wherein the access restriction parameters further require the client device to obey a set of traffic patterns.
16. The apparatus of claim 13, wherein the access restriction parameters further require traffic from and to the client device be with a predetermined set of access points.

16. The apparatus of claim 13, wherein the access restriction parameters further require traffic from and to the client device be with a predetermined set of access points.
17. A non-transitory computer-readable storage media encoded with software comprising computer executable instructions which, when executed by a processor, cause the processor to perform operations including:


receiving a network access request from a client device, the network access request
including a media access control (MAC) address of the client device and information about a first private key;



sending an authentication request to a server, wherein the authentication request includes the MAC address of the client device;


receiving an authentication response from the server;



determining whether the authentication response includes a second private key;




in response to determining that the authentication response includes the second private key, determining whether the first private key is the same as the second private key;


in response to determining that the first private key is different than the second private key or that the authentication response does not include the second private key, denying network
access to the client device; and

in response to determining that the first private key is the same as the second private key,
granting network access to the client device.

17. A non-transitory computer-readable storage media encoded with software comprising computer executable instructions which, when executed by a processor, cause the processor to:

receive a network access request from a client device, the network access request including a media access control (MAC) address of the client device and information about a first private key;

send an authentication request to a server, wherein the authentication request includes the MAC address of the client device;
receive an authentication response from the server, the authentication response including a second private key;

determine whether the first private key is the same as the second private key using the information about the first private key;

in response to determining that the first private key is different from the second private key, deny network access to the client device; and

in response to determining that the first private key is the same as the second private key, grant network access to the client device.

18. The non-transitory computer-readable storage media of claim 17, wherein the instructions further cause the processor to perform operations including:

in response to a failure to receive the authentication response within a predetermined period of time, denying network access to the client device.

18. The non-transitory computer-readable storage media of claim 17, wherein the instructions further cause the processor to:
in response to a failure to receive the authentication response within a predetermined period of time, deny network access to the client device.

19. The non-transitory computer-readable storage media of claim 17, wherein the
authentication response further includes a change of authorization (CoA) message that includes vendor-specific attributes, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.

19. The non-transitory computer-readable storage media of claim 17, wherein the authentication response further includes a change of authorization (CoA) message that includes vender-specific vendor-specific attributes, wherein the CoA message includes access restriction parameters to restrict the network access to the client device to a predetermined network resource.
20. The non-transitory computer-readable storage media of claim 19, wherein the instructions further cause the processor to perform operations including:





monitoring network activities of the client device;

determining whether the client device accesses a network resource other than the predetermined network resource; and

in response to determining the client device accesses a network resource other than the predetermined network resource, blocking the client device from accessing the network.

20. The non-transitory computer-readable storage media of claim 19, wherein the instructions further cause the processor to: 

monitor network activities of the client device; 
determine whether the client device accesses a network resource other than the predetermined network resource; and 

in response to determining the client device accesses a network resource other than the predetermined network resource, block the client device from accessing the network.


Claim Rejections - 35 USC § 101
NO rejections warranted at applicant’s initial time of filing for patent. 
Claim Rejections - 35 USC § 102
NO rejections warranted at applicant’s initial time of filing for patent. 
Claim Rejections - 35 USC § 103
NO rejections warranted at applicant’s initial time of filing for patent. 
Allowable Subject Matter
Claim[s] 1 – 20 contain allowable subject matter, but as allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).
***The examiner notes that a reason for allowance will be written in the next subsequent office action once formal requirements are satisfied. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434