Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Remarks

This communication is considered fully responsive to the communication filed on 05/17/2022. Claim 1 has been amended. No new claim has been added and no claim has been canceled. Therefore, claims 1-20 are pending and addressed below.
Response to Arguments
Applicant’s arguments with respect to claims filed on 05/17/2022 have been considered
but they are not persuasive.
Regarding claim 1
The applicant’s arguments assert that the combination of Zorn et al. (US 20040019786) and Lu et al. (US 20160065383, henceforth "Lu") do not teach “determining, based on the first gateway data and the second gateway data, that the client device is configured to communicate, via the WLAN, with the gateway“, see Applicant’s remarks/arguments pages [07-09]. The examiner respectfully disagrees with that augment.
	Zorn teaches that the client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. The combination of Zorn et al. (US 20040019786) and Lu et al. (US 20160065383, henceforth "Lu") teach the above limitation. As the combination of Zorn et al. (US 20040019786) and Lu et al. (US 20160065383, henceforth "Lu") teach all the claim limitations of claim 1, claim 1 is rejected.
	Regarding claims 11 and 17, the claims contain similar features as recited in claim 1,
thus are rejected for the same reason for claim 1.
Regarding claims 2-10, 12-16 and 18-20, these claims depend from claim 1, 11 and 17 respectively, and thus are rejected for the same reason claim 1, 11 and 17.
	Therefore, the applicant’s arguments overall are deemed unpersuasive, and the previous
rejections are updated for the amended claim and are maintained for the unamended claim
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-7, 9-14, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Zorn et al. (US 20040019786, henceforth "Zorn") and in view of  Lu et al. (US 20160065383, henceforth "Lu").
Examiner’s note: in what follows, references are drawn to Zorn unless otherwise mentioned.	
Regarding claim 1, Zorn teaches a method comprising (FIGS. 1a-1c illustrate general block diagrams systems that utilize the described Lightweight Extensible Authentication Protocol (LEAP) protocol. Authentication between a network and a client is managed according to LEAP authentication. FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106. The AS 110 provides AAA services to any network entity that can function as an authenticator, for example, the AP 102, see [0031]. So, the LEAP protocol is used by a AP or gateway. FIG. 2 illustrates a block diagram of general network entities and associated protocol modules of FIG. 1a. FIGS. 4a and 4b each illustrate a flow diagram of the LEAP encryption process for deriving a respective session key in the AS and the client, in accordance with a disclosed embodiment. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client, according to a disclosed embodiment.):
receiving, by a client device, (FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Lu.);
receiving, by a client device, ( FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110, see [0080]. This technique is used for receiving first gateway data associated with the gateway. The missing/crossed out limitations will be discussed in view of Lu.);
sending, by the client device and via the WLAN, a first data packet directed to the (The communication over the wireless link 104 between the client 106 and the AP 102 is according to the IEEE 802.11 and 802.1x architecture standards, see [0038]. FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102, see [0081]. The missing/crossed out limitations will be discussed in view of Lu.);
receiving, by the client device, from the gateway, and via the WLAN, second gateway data associated with the gateway, wherein the receiving the second gateway data is based on the sending the first data packet (The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. FIG. 5b in a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. This technique is used for receiving, by the client device, from the gateway, and via the WLAN, second gateway data associated with the gateway, wherein the receiving the second gateway data is based on the sending the first data packet.);
and determining, based on the first gateway data and the second gateway data, that the client device is configured to communicate, via the WLAN, with the gateway (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is used for determining, based on the first gateway data and the second gateway data, that the client device is configured to communicate, via the WLAN, with the gateway.).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) a network resource location associated with a gateway of a wireless local area network (WLAN), (2) receiving, by a client device, via a communication channel external to the WLAN, first gateway data associated with the gateway, (3) a network resource location associated with a gateway.
 However, in an analogous art, Lu discloses the missing/crossed limitations comprising: (1) a network resource location associated with a gateway of a wireless local area network (WLAN), (3) a network resource location associated with a gateway (For 1 and 3: FIG. 2 is a block diagram illustrating a home control gateway. The gateway management module 206 is coupled to the microprocessor unit 202, and configured to receive various signals. The home control gateway 20 also provides a class C network uniform resource locator (URL) for accessing the operating interface. Particularly, the home control gateway 20 only permits the electronic device of the user to access the operating interface provided by the home control gateway 20 by using the class C network uniform resource locator containing the identity code, see [0037]-[0047].), (2) receiving, by a client device, via a communication channel external to the WLAN, first gateway data associated with the gateway (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 11, Zorn teaches a method comprising (FIGS. 1a-1c illustrate general block diagrams systems that utilize the described Lightweight Extensible Authentication Protocol (LEAP) protocol. Authentication between a network and a client is managed according to LEAP authentication. FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106. The AS 110 provides AAA services to any network entity that can function as an authenticator, for example, the AP 102, see [0031]. So, the LEAP protocol is used by a AP or gateway. FIG. 2 illustrates a block diagram of general network entities and associated protocol modules of FIG. 1a. FIGS. 4a and 4b each illustrate a flow diagram of the LEAP encryption process for deriving a respective session key in the AS and the client, in accordance with a disclosed embodiment. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client, according to a disclosed embodiment.):
sending, (FIGS. 4a and 4b each illustrate a flow diagram of the LEAP encryption process for deriving a respective session key in the AS and the client. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Lu.);
accessing first gateway data associated with the gateway (FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110. The client 106 must now generate the encrypted peer-response 416'. To do so, the client protocol interface 208 segments the single-hash password 404' into three subwords. The third subword requires more bits to which the first padding process 406' pads zeroes to the third subword to bring it to the same number of bits as each of the other two 7-byte subwords. The padding operation 406' brings the single-hash password 404' to a 24-byte word. The three 7-byte subwords are used as respective keys in the peer DES encryption operations (410', 412', and 414') on the peer-challenge 408 to arrive at the encrypted peer-response 416'. As in the AS 110 protocol 214, interface 214, the client protocol interface 208 includes each of the three DES functions (410', 412', and 414') that operate on the respective 7-byte segments of the padded password. That is to say, the first DES 410' calculation operates on the first 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, the second DES 412' calculation operates on second 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, and the third DES 414' operates on a third 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input. Thus the client 106 generates the encrypted peer-response 416', and sends it to the AS 110, as indicated in a function block 538. The client 106 also stores a copy locally for future use in generating its client session key 438', see [0080]. This technique is used for accessing first gateway data associated with the gateway.);
receiving, by the gateway, from the client device, and via the WLAN, a first data packet directed to ( (FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102, see [0081]. The missing/crossed out limitations will be discussed in view of Lu.); 
sending, from the gateway, to the client device, via the WLAN, and based on the first data packet directed to (The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. FIG. In a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. The missing/crossed out limitations will be discussed in view of Lu.); and 
determining, based on the first gateway data and the second gateway data, that the client device is configured to communicate, via the WLAN, with the gateway (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is used for determining, based on the first gateway data and the second gateway data, that the client device is configured to communicate, via the WLAN, with the gateway.).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) sending, via a communication channel external to a wireless local area network (WLAN) and to a client device associated with the WLAN, a network resource location associated with a gateway of the WLAN, (2) the network resource location associated with the gateway, (3) the network resource location associated with a gateway.
However, Lu in an analogous art, discloses the missing/crossed limitations comprising: (1) sending, via a communication channel external to a wireless local area network (WLAN) and to a client device associated with the WLAN, a network resource location associated with a gateway of the WLAN (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036].), (2) the network resource location associated with the gateway, (3) the network resource location associated with a gateway (For 2 and 3: FIG. 2 is a block diagram illustrating a home control gateway. The gateway management module 206 is coupled to the microprocessor unit 202, and configured to receive various signals. The home control gateway 20 also provides a class C network uniform resource locator (URL) for accessing the operating interface. Particularly, the home control gateway 20 only permits the electronic device of the user to access the operating interface provided by the home control gateway 20 by using the class C network uniform resource locator containing the identity code, see [0037]-[0047].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 17, Zorn teaches a system comprising:
a gateway of a wireless local area network (WLAN) (FIG. 2 item 102); 
and a server located external to the WLAN, wherein the server is in communication, via one or more communication channels external to the WLAN, with the gateway and a client device associated with the WLAN (FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106. The AP 102 provides wired network access for the wireless client 106 to a LAN 108 to a centralized authentication server (AS) 110 disposed on the LAN 108 for providing such services, see [0031]. The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. FIG. 2, there is illustrated a block diagram of general network entities and associated protocol interfaces of FIG. 1a. The wired network 108 has disposed thereon the AS 110 and the AP 102. The wireless client 106 communicates with the AP 102 via the communication link 104. Internal to the AP 102 is an AP network interface 200 operatively disposed to provide wireless communication via the link 104 with one or more wireless clients 106 and wired communication via the wired network 108 to network entities, including the AS 110, see [0046]. The missing/crossed out limitations will be discussed in view of Lu.), 
wherein the gateway (FIG. 2 item 102) is configured to: 
send, (FIGS. 4a and 4b each illustrate a flow diagram of the LEAP encryption process for deriving a respective session key in the AS and the client. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Lu.);
send first gateway data associated with the gateway (FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110, see [0080]. This technique is used to send first gateway data associated with the gateway.);
 	receive, from the client device, and via the WLAN, a first data packet directed to (FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102, see [0081]. This technique is used to receive, from the client device, and via the WLAN, a first data packet. The missing/crossed out limitations will be discussed in view of Lu.);
send, to the client device, via the WLAN, and based on the first data packet directed to (The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. FIG. In a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. This technique is used to send, to the client device, via the WLAN, and based on the first data packet directed to the gateway, second gateway data associated with the gateway. The missing/crossed out limitations will be discussed in view of Lu.);
receive an indication that a first gateway indicated by the first gateway data and a second gateway indicated by the second gateway data match (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. This technique is used to receive an indication that a first gateway indicated by the first gateway data and a second gateway indicated by the second gateway data match.); and 
determine, based on the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match, that the client device is configured to communicate, via the WLAN, with the gateway (The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is used to determine, based on the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match, that the client device is configured to communicate, via the WLAN, with the gateway.).
 	As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) send, to the client device and via the one or more communication channels external to the WLAN, a network resource location associated with the gateway, (2) a network resource location associated with a gateway, (3) a network resource location associated with a gateway.
However, Lu, in an analogous art, discloses the missing/crossed limitations comprising: (1) send, to the client device and via the one or more communication channels external to the WLAN, a network resource location associated with the gateway (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036].), (2) the network resource location associated with a gateway, (3) the network resource location associated with a gateway (For 2-3: FIG. 2 is a block diagram illustrating a home control gateway. The gateway management module 206 is coupled to the microprocessor unit 202, and configured to receive various signals. The home control gateway 20 also provides a class C network uniform resource locator (URL) for accessing the operating interface. Particularly, the home control gateway 20 only permits the electronic device of the user to access the operating interface provided by the home control gateway 20 by using the class C network uniform resource locator containing the identity code, see [0037]-[0047].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 2, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein the determining that the client device is configured to communicate, via the WLAN, with the gateway comprises determining that the first gateway data and the second gateway data both indicate the gateway (If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is used for determining that the client device is configured to communicate, via the WLAN, with the gateway comprises determining that the first gateway data and the second gateway data both indicate the gateway.).
Regarding claim 12, Zorn and Lu teach all the claim limitations of claim 11 above; Zorn further teaches wherein the first gateway data indicates the gateway and the second gateway data indicates the gateway (If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084].).
Regarding claim 3, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein the first data packet comprises a request for the second gateway data (FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102. The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. In a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. This technique is used for comprising the first data packet for a request for the second gateway data.).
Regarding claim 13, Zorn and Lu teach all the claim limitations of claim 11 above; Zorn further teaches wherein the first data packet comprises a request for the second gateway data (FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102. The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. In a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. This technique is used for comprising the first data packet for a request for the second gateway data.).
Regarding claim 18, Zorn and Lu teach all the claim limitations of claim 17 above; Zorn further teaches wherein the first data packet comprises a request for the second gateway data (FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102. The client 106 generates the double-hash password 420' in preparation for checking the expected encrypted network-response 432' of the AS 110, as indicated in a function block 542, se [0081]. In a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. This technique is used for comprising the first data packet for a request for the second gateway data.).
Regarding claim 4, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein the receiving the network resource location associated with the gateway comprises receiving,  (FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Lu.).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) via the communication channel external to the WLAN, the network resource location associated with the gateway.
However, Lu, in an analogous art,  discloses the missing/crossed limitations comprising: (1) via the communication channel external to the WLAN, the network resource location associated with the gateway (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036]. FIG. 2 is a block diagram illustrating a home control gateway. The gateway management module 206 is coupled to the microprocessor unit 202, and configured to receive various signals. The home control gateway 20 also provides a class C network uniform resource locator (URL) for accessing the operating interface. Particularly, the home control gateway 20 only permits the electronic device of the user to access the operating interface provided by the home control gateway 20 by using the class C network uniform resource locator containing the identity code, see [0037]-[0047].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 14, Zorn and Lu teach all the claim limitations of claim 11 above; Zorn further teaches wherein:
the sending the network resource location associated with the gateway comprises sending, from the gateway and to the client device, (FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Lu.), and
 	the accessing first gateway data associated with the gateway comprises sending, from the gateway, to the client device, and (FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110. The client 106 must now generate the encrypted peer-response 416'. To do so, the client protocol interface 208 segments the single-hash password 404' into three subwords. The third subword requires more bits to which the first padding process 406' pads zeroes to the third subword to bring it to the same number of bits as each of the other two 7-byte subwords. The padding operation 406' brings the single-hash password 404' to a 24-byte word. The three 7-byte subwords are used as respective keys in the peer DES encryption operations (410', 412', and 414') on the peer-challenge 408 to arrive at the encrypted peer-response 416'. As in the AS 110 protocol 214, interface 214, the client protocol interface 208 includes each of the three DES functions (410', 412', and 414') that operate on the respective 7-byte segments of the padded password. That is to say, the first DES 410' calculation operates on the first 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, the second DES 412' calculation operates on second 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, and the third DES 414' operates on a third 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input. Thus the client 106 generates the encrypted peer-response 416', and sends it to the AS 110, as indicated in a function block 538. The client 106 also stores a copy locally for future use in generating its client session key 438', see [0080]. This technique is used for accessing first gateway data associated with the gateway comprises sending, from the gateway, to the client device. The missing/crossed out limitations will be discussed in view of Lu.).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) the network resource location associated with a gateway, (2) via the communication channel external to the WLAN, the first gateway data associated with the gateway.
However, in an analogous art, Lu discloses the missing/crossed limitations comprising: (1) the network resource location associated with a gateway (FIG. 2 is a block diagram illustrating a home control gateway. The gateway management module 206 is coupled to the microprocessor unit 202, and configured to receive various signals. The home control gateway 20 also provides a class C network uniform resource locator (URL) for accessing the operating interface. Particularly, the home control gateway 20 only permits the electronic device of the user to access the operating interface provided by the home control gateway 20 by using the class C network uniform resource locator containing the identity code, see [0037]-[0047].), (2) via the communication channel external to the WLAN, the first gateway data associated with the gateway (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 6, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein the determining that the client device is configured to communicate, via the WLAN, with the gateway comprises determining, by a server located external to the WLAN, that the client device is configured to communicate, via the WLAN, with the gateway (FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106. The AP 102 provides wired network access for the wireless client 106 to a LAN 108 to a centralized authentication server (AS) 110 disposed on the LAN 108 for providing such services, see [0031]. The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. FIG. 2, there is illustrated a block diagram of general network entities and associated protocol interfaces of FIG. 1a. The wired network 108 has disposed thereon the AS 110 and the AP 102. The wireless client 106 communicates with the AP 102 via the communication link 104. Internal to the AP 102 is an AP network interface 200 operatively disposed to provide wireless communication via the link 104 with one or more wireless clients 106 and wired communication via the wired network 108 to network entities, including the AS 110, see [0046].).
Regarding claim 10, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein the gateway is configured to facilitate data communications between the WLAN and (FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106. The AP 102 provides wired network access for the wireless client 106 to a LAN 108 to a centralized authentication server (AS) 110 disposed on the LAN 108 for providing such services, see [0031]. The missing/crossed out limitations will be discussed in view of Lu.).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) a second network external to the WLAN. However, in an analogous art, Lu discloses the missing/crossed limitations comprising: (1) a second network external to the WLAN (FIG. 1, an environment of a remote home control usually includes household equipment, a home control gateway 20, a local area network 30, a mobile communication device 40 and a mobile phone network 50. The home control gateway 20 has one or more communication channels, and a user may use the mobile communication device 40 to perform the remote control through communications with the home control gateway 20 via the communication channel(s). The local area network 30 is a wireless communication network (Wi-Fi) established according to LAN protocol transmission standard, and the home control gateway 20 may communicate with other electronic devices with network conductivity through the local area network 30. The mobile phone network 50 is a telecommunication service provided by a telecommunication service provider, such as Global System. In the present exemplary embodiment, the mobile communication device 40 is capable of communicating with the home control gateway 20 through voice signals of the mobile phone network 50 or by ways of Short Message Service (SMS) or voice message. In addition, the home control gateway 20 may also receive a connection request from the mobile communication device 40 through the local area network 30, see [0029]-[0036].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Lu in order to make a more effective method by provide a convenient, secure, simple and easy method for the user to conveniently and securely perform the remote control, see (Lu, [0007].).
Regarding claim 16, Zorn and Lu teach all the claim limitations of claim 11 above; Zorn further teaches wherein: further comprising:
 	receiving, by the gateway, an indication that a first gateway indicated by the first gateway data and a second gateway indicated by the second gateway data match (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. This technique is used  for receiving, by the gateway, an indication that a first gateway indicated by the first gateway data and a second gateway indicated by the second gateway data match.), 
wherein the determining that the client device is configured to communicate, via the WLAN, with the gateway is further based on the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match (The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is used for determining that the client device is configured to communicate, via the WLAN, with the gateway is further based on the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match.).
Regarding claim 9, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches the communication channel external to the WLAN comprises at least one of a cellular network, a public hotspot network, and a second WLAN (The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042].)
 Regarding claim 7, Zorn and Visuri teach all the claim limitations of claim 1 above; Zorn further teaches wherein the determining that the client device is configured to communicate, via the WLAN, with the gateway comprises determining, by the client device, that the client device is configured to communicate, via the WLAN, with the gateway (FIG. 1a, a basic system 100 for describing the novel LEAP protocol includes a wireless access point (AP) 102 for communicating over a wireless communication link 104 to a wireless client 106, see [0031]. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084].).
Claims 5, 8 are rejected under 35 U.S.C. 103 as being unpatentable over Zorn et al. (US 20040019786, henceforth "Zorn") in view of  Lu et al. (US 20160065383, henceforth "Lu") and further in view Naor et al. (US 20130205040, henceforth “Naor”).
Regarding claim 5, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches wherein
 	the first gateway data comprises (FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110. The client 106 must now generate the encrypted peer-response 416'. To do so, the client protocol interface 208 segments the single-hash password 404' into three subwords. The third subword requires more bits to which the first padding process 406' pads zeroes to the third subword to bring it to the same number of bits as each of the other two 7-byte subwords. The padding operation 406' brings the single-hash password 404' to a 24-byte word. The three 7-byte subwords are used as respective keys in the peer DES encryption operations (410', 412', and 414') on the peer-challenge 408 to arrive at the encrypted peer-response 416'. As in the AS 110 protocol 214, interface 214, the client protocol interface 208 includes each of the three DES functions (410', 412', and 414') that operate on the respective 7-byte segments of the padded password. That is to say, the first DES 410' calculation operates on the first 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, the second DES 412' calculation operates on second 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input, and the third DES 414' operates on a third 7-byte segment of the padded single-hash password 404' as a first input and the 8-byte received peer-challenge 408 as the second input. Thus the client 106 generates the encrypted peer-response 416', and sends it to the AS 110, as indicated in a function block 538. The client 106 also stores a copy locally for future use in generating its client session key 438', see [0080]. The missing/crossed limitation will be discussed in view of Naor.) and 
 	the second gateway data comprises (FIG. 5b in a function block 546, the client 106 then receives the encrypted network-response 432 from the AS 110, see [0082]. The missing/crossed limitation will be discussed in view of Naor.), and 
wherein the determining that the client device is configured to communicate, via the WLAN, with the gateway is further based on the first cryptographic information and the second cryptographic information (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. This technique is sued for determining that the client device is configured to communicate, via the WLAN, with the gateway is further based on the first cryptographic information and the second cryptographic information.).
 As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) first cryptographic information associated with the gateway, (2) second cryptographic information associated with the gateway. However, Naor discloses the missing/crossed limitations comprising: (1) first cryptographic information associated with the gateway, (2) second cryptographic information associated with the gateway (Fig. 1, the processing unit 120 is connected to a hardware security device 122 which is able to generate cryptographic keys , see [0021]. So, the first gateway data comprises first cryptographic information associated with the gateway and the second gateway data comprises first cryptographic information associated with the gateway.).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Naor in order to make a more effective method by ensuring that traffic sent to and from the private network traverses the gateway, see (Naor, [abstract].).
Regarding claim 8, Zorn and Lu teach all the claim limitations of claim 1 above; Zorn further teaches further comprising:
sending, from the client device and via at least one of the communication channel external to the WLAN and a second communication channel external to the WLAN, a second data packet directed to the network resource location associated with the gateway, wherein (The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. FIG. 5b in a function block 540, the client 106 sends a network-challenge 424' to the AS 110 via the AP 102, see [0081].  The missing/crossed limitation will be discussed in view of Naor.); and 
determining, based on a response to the sending the second data packet, the at least one of the communication channel external to the WLAN and the second communication channel external to the WLAN, with the gateway (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful. If not, flow is out the "N" path to a function block 552 where the client 106 has determined that the network is that which it does not want to connect, and disassociates therefrom. At this point, flow loops back to the input of function block 528 for the next association to an AP 102, see [0082]. The missing/crossed limitation will be discussed in view of Naor.)
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1)  the network resource location associated with the gateway comprises a non-routable network address, (2) that the client device is not configured to communicate, via the non-routable network address. 
 However, Naor, in an analogous art, discloses the missing/crossed limitations comprising: (1) the network resource location associated with the gateway comprises a non-routable network address (A remote client may try to connect to an entity of a private network using a non-routable network address, see [0003].), (2) that the client device is not configured to communicate, via the non-routable network address (Fig. 2, the client 210 is configured with an IP address of a tunnel endpoint with which to reach the private network 231. In one implementation, this tunnel endpoint is a Unique Local Address (ULA). A ULA is meant for use within a private network and is not routable over the global IPv6 network 230, see [0043]. The client is not configured to communicate via the non-routable network address.).
 It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Naor in order to make a more effective method by ensuring that traffic sent to and from the private network traverses the gateway, see (Naor, [abstract].).
Claims 15, 19, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zorn et al. (US 20040019786, henceforth "Zorn") in view of  Lu et al. (US 20160065383, henceforth "Lu") and further in view Zhu (US 20180332471, henceforth “Zhu”).
Regarding claim 15, Zorn and Lu teach all the claim limitations of claim 11 above; Zorn further teaches wherein:
the sending the network resource location associated with the gateway comprises (The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. FIG. 5b illustrates a detailed flow chart of the challenge/response process from the perspective of the client 106. The client 106 performs the similar operations on its password, i.e., hashing, padding, and encrypting. Flow begins at a function block 528 where the client 106 associates with the AP 102. The client user then performs a login function that provides his or her username and password, as indicated in a function block 530. In a function block 532, the username is then transmitted from the client 106 to the AS 110, via the AP 102, see [0078]-[0079]. The missing/crossed out limitations will be discussed in view of Zhu.), and
 	the accessing first gateway data associated with the gateway comprises (The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. FIG. 5b in a function block 536, the client 106 receives the peer-challenge 408 from the AS 110, see [0080]. The missing/crossed out limitations will be discussed in view of Zhu.). 
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) sending, from a server located external to the WLAN and to the client device, the network resource location associated with the gateway, (2) sending, from the server, to the client device. However, in an analogous art, Zhu discloses the missing/crossed limitations comprising: (1) sending, from a server located external to the WLAN and to the client device, the network resource location associated with the gateway, (2) sending, from the server, to the client device
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s method by adding the teachings of Zhu in order to make a more effective method by improving the security of data transmission, see (Zhu, [0038].).
 Regarding claim 19, Zorn and Lu teach all the claim limitations of claim 17 above; Zorn further teaches wherein (The network may also be a WAN, Intranet, Extranet, etc., communication over which facilitates the challenge-response handshake of the system 100 entities, see [0042]. The missing/crossed limitation will be discussed in view of Zhu).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) the gateway is configured to send, via the server, the network resource location associated with the gateway. However, in an analogous art, Zhu discloses the missing/crossed limitations comprising: (1) the gateway is configured to send, via the server, the network resource location associated with the gateway (Fig. 1 is a schematic structural diagram of a wireless network connection system. The wireless network connection system includes: a wireless access point 120, a user terminal 140, and an authentication server 160, see [0039]. Fig. 3A, the wireless access point is configured to send an SSID of the wireless access point, a basic service set identifier (BSSID) of the wireless access point, a MAC address of the wireless access point, a network address of the wireless access point, a gateway Internet Protocol (IP) of the wireless access point, or the like to an authentication server as shown in Fig. 3A see [0054]-[0073].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s system by adding the teachings of Zhu in order to make a more effective system by improving the security of data transmission, see (Zhu, [0038].).
 Regarding claim 20, Zorn and Lu teach all the claim limitations of claim 17 above; Zorn further teaches wherein the gateway is the second gateway indicated by the second gateway data match (The client 106 then compares the encrypted network-response 432 with the self-derived expected encrypted network response 432', as indicated in a function block 548. Flow is to a decision block 550 to determine of the comparison was successful, see [0082]. If the comparison was successful, flow is out the "Y" path of decision block 550 to a function block 554 where the client 106 derives the client session key 438'. Session key derivation in the client protocol interface 208 is accomplished similar to the derivation process performed by the protocol interface 214 of the AS 110. The client 106 now has all the pieces necessary to derive the client session key 438'. The intermediate word 434' is formed by the ordered concatenation of the double-hash password 420' followed by the network-challenge 424', followed by the self-derived expected network-response 432', followed by the peer-challenge 408 received from the AS 110, and followed by the peer-response 416', see [0083]. The intermediate word 434' is then digested using the MD5 hash 436' to arrive at the client session key 438'. The client 106 receives the key attribute data, key length and index information from the AP 102, as indicated in a function block 555, and decodes it. After successfully comparing the key length and index information, flow is to a function block 556 where the client 106 has now determined that the network is that which it wants to connect, installs the client session key 438', and accesses the network services disposed thereon, see [0084]. The missing/crossed limitation will be discussed in view of Zhu).
As noted above, Zorn is silent about the aforementioned missing/crossed limitations of: (1) the gateway is configured to receive, from the server, the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match. However, in an analogous art, Zhu discloses the missing/crossed limitations comprising: (1) the gateway is configured to receive, from the server, the indication that the first gateway indicated by the first gateway data and the second gateway indicated by the second gateway data match (Fig. 5A, the wireless access point is configured to receive a matching indication from an authentication server according to the step 501 to step 514, see [0097]-[0129].).
It therefore would have been obvious to one of ordinary skill in the art, at the time when instant application was filed, to modify Zorn’s system by adding the teachings of Zhu in order to make a more effective system by improving the security of data transmission, see (Zhu, [0038].).
Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED MONZUR MURSHID whose telephone number is (313)446-6560.  The examiner can normally be reached on Monday-Friday 8:30-5:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Derrick Ferris can be reached on 571-272-3123. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/M.M.M./Examiner, Art Unit 2411   

/GARY MUI/Primary Examiner, Art Unit 2464