DETAILED ACTION
This Non Final Office Action is in response to Request for Continued Examination filed on 06/07/2022. Claims 1, 4-8, 11, 13, 15-18, and 20 have been amended. Claims 2-3, 12, 14 and 19 were previously cancelled. Claims 1, 4-11, 13, 15-18 and 20 filed on 06/07/2022 remain pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 03/01/2019 are accepted.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/07/2022 has been entered.

	
	
Response to Arguments
Applicant stated “Salgueiro discloses querying a blockchain ledger in a blockchain database for wireless roaming data regarding the wireless client (see Salgueiro, abstract). However, Salgueiro's blockchain ledger only includes the MAC address of the client, the basic service set identification (BSSID) of the AP, and a master session key (see Salgueiro, FIGs. 6A-6B). Salgueiro does not disclose that each AP runs a block chain engine. In the Salgueiro system, the wireless Lan controller (WLC) queries the blockchain database (see Salgueiro, pars. [0046]-[0051] and FIGs. 3A-3B).”
	Examiner respectfully disagrees. Salgueiro discloses Salgueiro discloses in [0045] “the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs)”, [0072] “WLC 506a may be in communication with a blockchain database 510 that may be distributed among WLCs”, where the WLCs have blockchain database distributed among them, as part of a blockchain network for storing, maintaining and updating the ledger, i.e. block transactions, Salgueiro further illustrates in Figure 2 (248) a blockchain process on a WLC as described in [0093] and above, where the blockchain process (248) in the WLCs is interpreted as a blockchain engine, further in [0070] “a WLC and its mobility peers may be the only devices that are required to create/maintain/update the wireless roaming blockchain ledger.”, [0090] “the ledger provides a way to distribute client keying material between WLCs”. Salgueiro disclose in the cited paragraphs by the applicant that WLCs query the blockchain database, however, Salgueiro also discloses from the above cited paragraphs by the examiner that the blockchain ledger is created, updated and maintained by the WLC, and the ledger is further distributed among WLCs, where each WLC has a blockchain roaming process illustrated in Figure 2 (248). Examiner also notes that even if the WLC query a ledger from a database, it still does not preclude the WLCs from having the ledger, blocks, stored among them as a blockchain network of WLCs, where the ledger is accessed as required when the device is roaming, as disclosed in [0081] and Figure 6A-B.
	Applicant further stated “Salgueiro also fails to disclose that the first AP registers the client device as a transaction in the block chain, wherein the transaction includes authentication credential”.
Examiner respectfully disagrees. Salgueiro discloses in [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4…such a root block may identify client 502, the time at which it associated with AP 504a, the identity of AP 504a, keying information such as the MSK or PMK used, or the like. This information from the root block creation, as well as all subsequent block updates, may be shared across all mobility peers of WLC 506a, making both inter-controller as well as intra-controller client roaming possible.”, 
where the information created in the blockchain ledger includes authentication information, keying material, required to perform association and connection between the AP 504a and client 502, as disclosed in [0057], where the created information illustrated in Figure 5 (520) is in response to the probe request illustrated in Figure 5 (512) and disclosed in [0073],  
Salgueiro discloses based on the query/request, creating, based on identifying the client’s MAC address, authentication and association information, e.g. keying material, where the WLC 506a registering the client by creating a block chain transaction, i.e. root block, comprising the authentication and association information pertaining to the client, where the transaction is accessible to all other WLCs, making both inter-controller as well as intra-controller client roaming possible as disclosed above in [0076], [0079] “…WLC 506b may create a new child block for client 502 in blockchain database 510 via exchange 532 that includes the mandatory and optional fields of roaming parameters regarding the roaming of client 502 to AP 504b. This forms the first blockchain for client 502 and may serve as a ledger for future roams involving client 502.”, [0090] “…the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain, and belong to organizations that cannot trust each other… the ledger can store the history of the client roam.”, where the history indicates the registering of the client roaming as transaction blocks as further indicated by Figure 6 A-B and [0081]. Please see detailed rationale below.
With respect to the argument that “wherein the transaction includes...a public key of a public-private key pair associated with the client device, examiner agrees that Salgueiro does not disclose the transaction includes a public key associated with the client device, however, the argument is considered moot in light of a newly found prior art Madineni et. al. (US 20200244441 A1). Please see detailed rationale and motivation below.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4-5, 7-9, 11, 13, 16-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro in view Madineni et. al. (US 20200244441 A1), hereinafter Madineni.

Regarding claim 1 (Currently Amended), Salgueiro teaches a computer-implemented method (Salgueiro teaches the method for client device 302 roaming between multiple wireless LAN controllers (WLCs) illustrated in Figures 3A-B, [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”), comprising: 
2for a first access to a local area network by a client device, receiving, at a first 3access point in the local area network, a request from the client device to access a 4wireless local area network (Salgueiro [0043] “…a device receives data regarding a wireless client attempting to form an association with a particular wireless access point in a network. The device queries a blockchain ledger in a blockchain database for wireless roaming data regarding the wireless client.”, [0073] “client 502 may initiate a probe exchange 512 with AP 504 a in which client 502 sends a probe request to AP 504a and AP 504a returns a probe response.”, [0074] “an authentication exchange 514 may ensue in which client 502 shares authentication information with AP 504a, such as identification information for client 502, etc. After authenticating client 502, an association exchange 528 may ensue between AP 504a and client 502, and this association may be overseen by WLC 506a.”, where the WLC 506a supervising the AP AP504a illustrated in Figures 3A-B, correspond to the first access point, where the first local area network and first access point correspond to client 302 accessing WLC (306a) illustrated in Figures 3 A-B), 
[wherein receiving the request from the client device 5comprises receiving a user ID and a password from the client device;] 
6responsive to the request from the client device, creating authentication 7credentials for the client device based on an identification of the client device andregistering the client device 10as a transaction in a block chain accessible by a plurality of access points (Salgueiro [0076] “WLC 506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4…such a root block may identify client 502, the time at which it associated with AP 504a, the identity of AP 504a, keying information such as the MSK or PMK used, or the like. This information from the root block creation, as well as all subsequent block updates, may be shared across all mobility peers of WLC 506a, making both inter-controller as well as intra-controller client roaming possible.”, 
where the information created in the blockchain ledger includes authentication information, keying material, required to perform association and connection between the AP 504a and client 502, as disclosed in [0057], where the created information illustrated in Figure 5 (520) is in response to the probe request illustrated in Figure 5 (512) and disclosed in [0073],  
consistent with the credentials defined e.g. [0039] and in claim 3 of the instant application, where authentication credentials comprise set of shared keys),
Salgueiro discloses based on the query/request, creating, based on identifying the client’s MAC address, authentication and association information, e.g. keying material, where the WLC 506a registering the client by creating a block chain transaction, i.e. root block, comprising the authentication and association information pertaining to the client, where the transaction is accessible to all other WLCs, making both inter-controller as well as intra-controller client roaming possible as disclosed above in [0076], [0079] “…WLC 506b may create a new child block for client 502 in blockchain database 510 via exchange 532 that includes the mandatory and optional fields of roaming parameters regarding the roaming of client 502 to AP 504b. This forms the first blockchain for client 502 and may serve as a ledger for future roams involving client 502.”, [0090] “…the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain, and belong to organizations that cannot trust each other…the ledger can store the history of the client roam.”, the history indicates the registering of the client roaming as transaction blocks as further indicated by Figure 6 A-B and [0081]) , 
wherein 11each access point runs a block chain engine to access the block chain (Salgueiro [0045] “the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs)”, [0072] “WLC 506a may be in communication with a blockchain database 510 that may be distributed among WLCs”, where the WLCs have blockchain database distributed among them, as part of a blockchain network for storing the ledger, i.e. block transactions, Figure 2 (248) further illustrates a blockchain process on a WLC as described in [0093] and above, where the blockchain process in the WLCs corresponds to the blockchain engines), and 
wherein the 12transaction comprises at least the authentication credentials [and a public key of a 13public-private key pair associated with the client device] (Salgueiro [0076] “WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4”); and 
14
17allowing the client device to roam from the first access point to a second 18access point of the plurality of access points without requesting new authentication 19credentials (Salgueiro discloses in [0046-0051] and Figures 3A-B illustrate client 502 roaming between two access points, [0090] “the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain”, [0095] “in the case in which the client is attempting to re-associate with the AP, the device can use the roaming information from the blockchain ledger to send a re-association response back to the client.…an existing FSR mechanism may also be leveraged in parallel with the blockchain-based roaming mechanism and whichever results in a re-association response faster may be used. In other cases, such as when the device is roaming between APs in separately administered networks (e.g., between different stores in a mall, etc.), the retrieved roaming information can be used to authenticate the client across the networks. Security checks, such as ensuring that the client is not spoofing a MAC address of an existing client, can also be performed using the information from the ledger.”, where the roaming information retrieved from the ledger authenticate the client, i.e. no new authentication credential is requested, where the ledger blocks are stored, maintained and updated in all WLCs as disclosed in [0045, 0070, 0072]), 
wherein allowing the client device to roam from the first access point to the 20second access point comprises accessing, by the second access pointthe transaction in order to validate the client device (Salgueiro [0048] “In FIG. 3B, when client 302 decides to initiate roaming to AP 304b, WLC 306b (or AP 304b) may perform two operations, which may be done in parallel: [0049] 1.) Execute selected roaming validation to move client 302 to a Run state. This process may be driven by the configuration of the service set identifier (SSID) used by AP 304b. [0050] 2.) In parallel, a query may be performed on blockchain database 308 for the Client-AP roaming history of client 302 in a ledger and potentially within a predefined interval. This process is purely ledger driven based on previous successful authentication history.”, Figure 6B further illustrates the device roaming from AP5 to AP2, as indicated by the loop from 610 to 604, the WLC 506b query the ledger to match the client to block 604 in the ledger for reassociation, [0081] “…the corresponding WLC (e.g., WLC 506b) may perform a query to ledger 600 to match the MAC of client 502 and BSSID of AP 504b to block 604. In turn, the WLC may forward the FSR information in block 604 on to AP 504b. On receiving the re-association request from client 502, AP 504b is now ready to send a re-association response using the FSR information obtained from the blockchain ledger 600. In such a case, block 604 may also be updated with the relevant information regarding this re-association, as well.”).  
	Salgueiro discloses the blockchain block includes Master session key (MSK)—this may also be mandatory, in some embodiments, and may indicate the MSK used to form the association between the client and the AP. [0060] Pairwise master key (PMK) [0061] Group master key (GMK) [0062] Pairwise transient key (PTK) [0063] Group temporal key (GTK), as illustrated in Figure 4, however, Salgueiro does not disclose the below limitation.
	
Madineni discloses wherein receiving the request from the client device 5comprises receiving a user ID and a password from the client device (Madineni  [0041] “synchronizing with the blockchain 120 requires the authenticating device 102 to satisfy one or more access parameters to the blockchain 120. Access parameters can include, but are not limited to, static passwords, biometric passwords (e.g., fingerprints, eye-graphs, voice patterning, etc.), geolocation parameters, timing parameters, and/or other parameters. Satisfying access parameters to the blockchain 120 increases the security of the authentication protocol by creating a multi-factor authentication protocol.”, where the biometric passwords corresponds to the user ID, and the static password corresponds to the password),
wherein the 12transaction comprises a public key of a 13public-private key pair associated with the client device (Madineni [0038] “In operation 202, the authenticating device 102 registers with an authenticator server 112 and/or a blockchain 120. Registration can include generating an asymmetric key pair (e.g., a public key 106 and a private key 108) and/or generating a shared key 104 that is known to both the authenticating device 102 and an authenticator server 112. Registration can involve storing details such as identification, public keys, signatures, etc. on the blockchain 120 (e.g., in a genesis block).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro to incorporate the teaching of Madineni to utilize the above feature, with the motivation of synchronizing devices with a blockchain, and registering of devices in a blockchain network, as recognized by (Madineni [0038, 0041] and throughout).
Claims 11 (Currently Amended) and 18 (Currently Amended) are directed to a system and a non-transitory computer-readable medium, respectively, reciting processor and memory (disclosed by Salgueiro e.g. [0033]) to perform the method in claim 1. The methods in Claims 11 and 18 are similar in scope to claim 1, and are therefore rejected with the same rationale as claim 1 

Regarding claim 4 (Currently Amended), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, wherein 2registering the client device as the transaction 3comprises forming a distributed ledger accessible by the plurality of access 4points((Salgueiro [0076] “WLC506a may query blockchain database 510 for ledgers regarding client 502 (e.g., using the specified MAC address of client 502). If no such ledger exists, or is active/valid, WLC 506a may create a root block via exchange 520 within blockchain database 510 that includes any or all of the information about the association between client 502 and AP 504 a, as detailed above with respect to FIG. 4…such a root block may identify client 502, the time at which it associated with AP 504a, the identity of AP 504a, keying information such as the MSK or PMK used, or the like. This information from the root block creation, as well as all subsequent block updates, may be shared across all mobility peers of WLC 506a, making both inter-controller as well as intra-controller client roaming possible.”, 
where the information created in the blockchain ledger includes authentication information, keying material, required to perform association and connection between the AP 504a and client 502, as disclosed in [0057], where the created information illustrated in Figure 5 (520) is in response to the probe request illustrated in Figure 5 (512) and disclosed in [0073],  
consistent with the credentials defined e.g. [0039] and in claim 3 of the instant application, where authentication credentials comprise set of shared keys),
Salgueiro discloses based on the query/request, creating, based on identifying the client’s MAC address, authentication and association information, e.g. keying material, where the WLC 506a registering the client by creating a block chain transaction, i.e. root block, comprising the authentication and association information pertaining to the client, where the transaction is accessible to all other WLCs, making both inter-controller as well as intra-controller client roaming possible as disclosed above in [0076], and [0079] “…WLC 506b may create a new child block for client 502 in blockchain database 510 via exchange 532 that includes the mandatory and optional fields of roaming parameters regarding the roaming of client 502 to AP 504b. This forms the first blockchain for client 502 and may serve as a ledger for future roams involving client 502.”, [0090] “…the ledger provides a way to distribute client keying material between WLCs that do not belong to the same mobility domain, and belong to organizations that cannot trust each other… the ledger can store the history of the client roam.”, the history indicates the registering of the client roaming as transaction blocks as further indicated by Figure 6 A-B and [0081]”).
Claim 16 (Original) is directed to a system associated with the method claimed in claim 4. Claim 16 is similar in scope to claim 4, and are therefore rejected with the same rationale and motivation as claim 4. 

Regarding claim 5 (Currently Amended),  Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, further 2comprising transmitting the authentication credentials for the client device to the plurality of access points 4(Salgueiro [0045] “…the techniques herein use blockchain technology to create a blockchain database of client roam activity in a ledger…the resulting client profile type is then written to a blockchain ledger in the database, which can be stored on one or more wireless LAN controllers (WLCs) and/or by external service reachable by the WLCs.”,
[0078] “By distributing the header of the root block created in FIG. 5A, WLC 506b already has MAC address and other information regarding client 502 and, therefore, knows to query WLC 506a for FSR method data and credentials for client 502.”, where the credential and information pertaining to client 502 is transmitted to the WLC 506b, where the WLC 506b supervising AP 504b illustrated in Figures 3A-B correspond to the second access point, where the system accommodates multiple APs as disclosed [0080-0081] illustrated Figures 6A-B, where the blockchain database accommodates the multiple Aps, [0090] “the ledger provides a way to distribute client keying material between WLCs.”).
Claims 13 (Currently Amended) and 20 (Currently Amended) directed to a system and a non-transitory computer-readable medium, respectively, associated with the method claimed in claim 5. Claims 13 (Currently Amended) and 20 (Currently Amended) are similar in scope to claim 5, and are therefore rejected with the same rationale as claim 5. 

Regarding claim 7 (Currently Amended), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, further 2comprising validating the authentication credentials by the engine running in at least the first access point and in the second access 4point (Salgueiro [0048] “In FIG. 3B, when client 302 decides to initiate roaming to AP 304b, WLC 306b (or AP 304b) may perform two operations, which may be done in parallel: [0049] 1.) Execute selected roaming validation to move client 302 to a Run state. This process may be driven by the configuration of the service set identifier (SSID) used by AP 304b. [0050] 2.) In parallel, a query may be performed on blockchain database 308 for the Client-AP roaming history of client 302 in a ledger and potentially within a predefined interval. This process is purely ledger driven based on previous successful authentication history.”, Figure 6B further illustrates the device roaming from AP5 to AP2, as indicated by the loop from 610 to 604, the WLC 506b query the ledger to match the client to block 604 in the ledger for reassociation, [0081] “…the corresponding WLC (e.g., WLC 506b) may perform a query to ledger 600 to match the MAC of client 502 and BSSID of AP 504b to block 604. In turn, the WLC may forward the FSR information in block 604 on to AP 504b. On receiving the re-association request from client 502, AP 504b is now ready to send a re-association response using the FSR information obtained from the blockchain ledger 600. In such a case, block 604 may also be updated with the relevant information regarding this re-association, as well.”, where the blockchain ledger is distributed and stored on the WLCs as disclosed in [0045, 0072], Figure 2 (248) further illustrates a blockchain process on a WLC as described in [0093] and above, where the blockchain process in the WLCs corresponds to the blockchain engines, where validation is based on the blocks associated with the ledger as illustrated in Figure 6B where the device roaming from AP5 to AP2, as indicated by the loop from 610 to 604, the WLC 506b query the ledger to match the client to block 604 in the ledger for reassociation, where the block includes the keying material and client identification illustrated in Figure 4).
Claim 17 (Currently Amended) is directed to a system associated with the method claimed in claim 7. Claim 17 is similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 8 (Currently Amended), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, further 2comprising (Salgueiro discloses creating records of roaming transactions as illustrated in Figures 6A-B, by carting blocks, child blocks and new blocks, where the construction of blocks in a blockchain ensures that the blocks are immutable and non-invertible).

Regarding claim 9 (Original), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Salgueiro Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another), and 
allowing the 3client device to roam comprises validating the authentication credentials for the client 4device in the second access point (Salgueiro [0048] “In FIG. 3B, when client 302 decides to initiate roaming to AP 304b, WLC 306b (or AP 304b) may perform two operations, which may be done in parallel: [0049] 1.) Execute selected roaming validation to move client 302 to a Run state. This process may be driven by the configuration of the service set identifier (SSID) used by AP 304b. [0050] 2.) In parallel, a query may be performed on blockchain database 308 for the Client-AP roaming history of client 302 in a ledger and potentially within a predefined interval. This process is purely ledger driven based on previous successful authentication history.”, Figure 6B further illustrates the device roaming from AP5 to AP2, as indicated by the loop from 610 to 604, the WLC 506b query the ledger to match the client to block 604 in the ledger for reassociation, [0081] “…the corresponding WLC (e.g., WLC 506b) may perform a query to ledger 600 to match the MAC of client 502 and BSSID of AP 504b to block 604. In turn, the WLC may forward the FSR information in block 604 on to AP 504b. On receiving the re-association request from client 502, AP 504b is now ready to send a re-association response using the FSR information obtained from the blockchain ledger 600. In such a case, block 604 may also be updated with the relevant information regarding this re-association, as well.”, where the blockchain ledger is distributed and stored on the WLCs as disclosed in [0045, 0072], Figure 2 (248) further illustrates a blockchain process on a WLC as described in [0093] and above, where the blockchain process in the WLCs corresponds to the blockchain engines, where validation is based on the blocks associated with the ledger as illustrated in Figure 6B where the device roaming from AP5 to AP2, as indicated by the loop from 610 to 604, the WLC 506b query the ledger to match the client to block 604 in the ledger for reassociation, where the block includes the keying material and client identification illustrated in Figure 4).

Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, in view of Madineniet. al. (US 20200244441 A1), hereinafter Madineni, and further in view of Kalan et. al. (US 20180167221 A1), hereinafter Kalan.

1 Regarding claim 6 (Currently Amended), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, 
While Salgueiro discloses the above limitations, Salgueiro further discloses in [0084] timer mechanism for timing out the blockchain ledger for a client, however, Salgueiro in view of Madineni do not disclose the below limitation.
Kalan discloses adding a time to live to a self-signed certificate from [[a]]the public key [[in]] 3of the public-private key pair associated with the client device, wherein the time to live is 4configured to last for a selected period of time ranging from a few minutes to several 5hours (Kalan discloses in [0083] “…the receiver system receives the self-signed certificate from sender system A. In this example, the self-signed certificate includes a public key A and may also include information indicating a time period during which the self-signed certificate is valid (such as an expiration date or a number of days until the self-signed certificate expires).”, where the time period may include expiration data, which can be the next day, or several days, which are construed as several hours since one day consists of 24 hours, where the public key is paired with a private key, see e.g. [0024]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro in view of Madineni to incorporate the teaching of Kalan to utilize the above feature, with the motivation of setting time period for authentication and encrypting generated secret message using the public key, as recognized by (Kalan [0083-0084]), which enhances security.
Claim 15 (Currently Amended) is directed to a system associated with the method claimed in claim 6. Claim 15 is similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 

Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Salgueiro et. al. (US 20190223089 A1), hereinafter Salgueiro, Madineni et. al. (US 20200244441 A1), hereinafter Madineni, and further in view of Palojarvi. al. (US 20050198306 A1), hereinafter Palojarvi.

Regarding claim 10 (Original), Salgueiro in view of Madineni teaches the computer-implemented method of claim 1, wherein the first access point and the second access point reside in a remote branch network (Salgueiro Figures 3 A-B illustrate the first access point 304a and second access point 304b reside in network domains 1 and 2, i.e. remote branch network, where client 502 roams from one domain to another).
Salgueiro in view of Madineni do not teach downloading network policy.
Palojarvi discloses the computer-implemented method further comprises downloading to the client device, from one of the first access point or the second access point, a network policy associated with the authentication credentials (Palojarvi discloses in [0011] “the VPN client can download at least one VPN policy from the SPD via the physical access point”, [0079] “the VPN client can receive a selection of a VPN policy to associate with the VPN access point”, [0055] “…the VPN client can be capable of installing VPN policies selected from one or more different types of VPN policies, including user-specific certificate policies, generic certificate policies and generic non-certificate policies.”, where the policies include information and key information required for authentication and establishing secure communication as disclosed in [0056], where the policy defines means for establishing connection over the network).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Salgueiro in view of Madineni to incorporate the teaching of Palojarvi to utilize the above feature, with the motivation of defining rules in establishing data connection from applications, as recognized by (Palojarvi [0012]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Basu (US 20200228349 A1) discloses The client id and public key are registered on to a block chain.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497