DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was giving in a telephone interview with 
Applicant’s representative, Chris Grice on July 27th, 2022. The Applicant’s representative has agreed and authorized the Examiner to amend claims 1, 38-39, and 41, and canceled claim 40. 

The application has been amended as follows:

Claims

1.	(Currently Amended)  A method, performed by an Extensible Authentication Protocol (“EAP”) authenticator in a communication network, the method comprising:
inspecting a plurality of device access requests submitted to the EAP authenticator from at least one first device;
	determining a set of the plurality of device access requests that were successfully authenticated;
	storing an identification of at least one EAP method in a list, the at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator and having been used in at least one device access request of the set of the plurality of device access requests submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
	determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and
	subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to [[a ]]the second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device.  

38.	(Currently Amended)  An Extensible Authentication Protocol (“EAP”), authenticator in a communication network, the EAP authenticator comprising:
	processing circuitry; and
	memory coupled to the processing circuitry and having instructions stored therein that are executable by the processing circuitry to cause the EAP authenticator to perform operations, the operations comprising:
inspecting a plurality of device access requests submitted to the EAP authenticator from at least one first device;
		determining a set of the plurality of device access requests that were successfully authenticated;
		storing an identification of at least one EAP method in a list, the at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator and having been used in at least one device access request of the set of the plurality of device access requests submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
		determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and
		subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to a second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device.  

39.	(Currently Amended)  A non-transitory computer-readable medium having instructions stored therein that are executable by a processor of an Extensible Authentication Protocol (“EAP”) authenticator in a communication network to cause the EAP authenticator to perform operations, the operations comprising:
	inspecting a plurality of device access requests submitted to the EAP authenticator from at least one first device;
	determining a set of the plurality of device access requests that were successfully authenticated;
	storing an identification of at least one EAP method in a list, the at least one EAP method supported by an EAP authentication server providing an EAP authentication service to the EAP authenticator and having been used in at least one device access request of the set of the plurality of device access requests submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
	determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated;
	obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and
	subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to a second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device.  

40.	(Canceled)

41.	(New)  The EAP authenticator of Claim 38, wherein obtaining the identification of the at least one EAP method supported by the EAP authentication server providing the EAP authentication service to the EAP authenticator comprises:
	sending a request to the network entity for identification of the at least one EAP method supported by the EAP authentication server; and
	receiving from the network entity a response identifying the at least one EAP method supported by the EAP authentication server,
	wherein the EAP authentication server is a home EAP authentication server, and 
	wherein the response from the network entity further identifies any of the at least one EAP method supported by remote EAP authentication servers trusted by the home EAP authentication server.







Examiner’s Statement of Reasons for Allowance

Claims 1, 3-4, 7-20, 28-39, and 41 are allowable.
The systems and methods disclose an EAP authenticator may obtain an identification of an EAP method or methods supported by an EAP authentication server providing authentication services to the authenticator, and may then provide this indication to a device operable to request communication network access from the EAP authenticator. In examples of the invention, the EAP authenticator and associated home and remote authentication servers may pre-negotiate, or otherwise establish all the EAP methods supported by them.  The EAP authenticator may inspect successful access requests to identify and store EAP methods which were used for successful authentications and parts of the network accessed during the successful authentications. The authenticator may then provide information about supported EAP methods to devices, for example by broadcasting it in 802.11 beacon transmissions or by including it as a part of probe responses, vendor specific messages or other control or data transmissions.  Information about supported EAP methods, together for example with information about network domains or network slices for which the RADIUS servers are responsible, can also be communicated to devices for example in appropriate 802.11 MAC frames such as the probe response frame.
The prior art of Palekar (2007/0157027) discloses an authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.
The prior art of Palekar (2007/0157027) does not disclose or suggest, “determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated; obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to the second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device”.  
The prior art of Hernandez (2006/0218393) discloses authentication server receives an authentication request from a given client. The authentication request does not identify the authentication method used by the given client. In response to the authentication request, the authentication server accesses authentication method cache information and looks up the last used (LU) cache entry identifier (ID) corresponding to the last used authentication method for the MAC address of the given client that has requested authentication. The authentication server accesses authentication method information (e.g., Table 1 maintained in authentication method information) and looks up the last used authentication method corresponding to the LU cache entry identifier obtained. The authentication server sends an identity request to the given client that contains the last used authentication method obtained.
The prior art of Hernandez (2006/0218393) does not disclose or suggest, “determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated; obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to the second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device”.
The Non-patent literature of Pawlowski et al. (Title: Extending Extensible Authentication Protocol over IEEE 802.15.4 Networks).  Pawlowski teaches IEEE 802.1X message exchanged with MD5 authentication mechanism. In general, the three different phases during IEEE 802.1X message exchange can be described. First phase consists of just four communicates, which we have called Authentication Initiation phase. At the beginning Supplicant sends EAPOL-Start message to the Authenticator that informs Authenticator to start the EAP authentication procedure. After the reception the Authenticator by sending the EAP-Request-Identity asks Supplicant to identified itself. Supplicant responds with the EAP-Response-Identity packet with its identity string inside. Authenticator encapsulates the EAP-Response-Identity in RADIUS-Access-Request datagram and forwards it to the Authentication Server. Then RADIUS server checks the validity of identity of the Supplicant and if everything is correct then proceeds to the next phase, otherwise it responds with the RADIUS-Access-Reject message. Second phase, Authentication message exchange in this example is only four communicates long, due to the fact that EAP-Method-MD5 was used as the authentication mechanism. With different EAP-Method the number of exchanged messages is bigger (in general). During this phase the negotiation and execution of authentication mechanism is performed. This starts the negotiation of the authentication mechanism, the RADIUS-Access-Challenge includes EAPMethod-MD5 challenge to which the Supplicant should respond. The Authenticator strips the RADIUS packet and forwards the challenge in the EAP-Request-Auth message to the Supplicant. If the EAP-Method would be not acceptable by the Supplicant the EAP-Response-NAK message should be sent, after that another EAP-Method will be selected by the Authentication Server. In this example Supplicant accepts the Challenge, prepares the EAP-Method-MD5 response and sends the answer back to the Supplicant in the EAP-Response-Auth communicate. The Authenticator relays the response to the Authentication Server in the RADIUS Access-Request packet. Which ends the authentication message exchange phase. 
Last phase is Authentication decision during which the Authentication Server decides if the Supplicant should be allowed to have granted access to the protected resources. If the authentication was successful the Authentication Server sends RADIUS-Access-Accept message to the Authenticator. The Authenticator starts the access granting procedure and sends EAP-Success message to the Supplicant. If the authentication failed, analogical procedure is performed and the access is rejected, which is indicated by the EAP-Failure message sent to the Supplicant.
The Non-patent literature of Pawlowski et al. (Title: Extending Extensible Authentication Protocol over IEEE 802.15.4 Networks) does not teach or suggest, “determining to provide the identification of the at least one EAP method to a second device based on the at least one EAP method having been used in the at least one device access request submitted to the EAP authenticator from the at least one first device that was successfully authenticated; obtaining the identification of the at least one EAP method supported by EAP authentication server providing the EAP authentication service to the EAP authenticator from the list; and subsequent to determining to provide the identification of the at least one EAP method to the second device, providing the identification of the at least one EAP method to the second device operable to request communication network access from the EAP authenticator, the second device being separate from the at least one first device”

Any comments considered necessary by applicant must be submitted no later than the
payment of the issue fee and, to avoid processing delays, should preferably accompany
the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons
for Allowance."


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



8/8/2022


 /J.E.J/ Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439