DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to claims filed on 4/2/2021.  Claims 1-20 have been examined.  This office action is Non-Final.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 18 recites the limitation "the first threshold time period” and “the second threshold time period" in lines 3-4.  There is insufficient antecedent basis for this limitation in the claim.  Claim 18 should be further amended to be dependent on claim 17 to sufficiently provide antecedent basis for the aforementioned limitations.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-6, 8, 12-13, 15, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fu et al. (9,130,758) in view of Schonwald et al. (2018/0309757).

As per claim 1, Fu discloses a method for renewal of a security certificate of a supplicant device, the method comprising: 
receiving, by an authenticator device and from a supplicant device, a request to authenticate the supplicant device based on the security certificate, wherein the request comprises information relating to the security certificate which is expired (Fu: col. 3, lines 29-35, col. 4, lines 64-67, and col. 5, lines 1-2, and  9-10, and 48-55,  receiving, by the certificate manager that operates as a CA server (i.e. authenticator device) and from a requestor (i.e. end user workstation/supplicant device) a request including information (i.e. username and password, serial number, etc..) relating to the security certificate which has expired); 
determining, by the authenticator device, a login history of the supplicant device and presence of a valid account associated with the supplicant device in a directory database, wherein the valid account has a login credential (Fu: col. 8, lines 3-11, col. 9, lines 8-30, determining by the certificate manager, CA server, a login history of the end user workstation (i.e. suppliant device), the login history is a record in the CA database/LDAP (i.e. directory database) where there is a valid account, which is the stored credentials) ; 
providing, by the authenticator device, a renewed security certificate for the supplicant device, in response to successful authentication of the supplicant device (Fu: col. 8, lines 3-10, col. 16, lines 6-21, 40-50, providing by the CA server (i.e. authenticator device), a renewed security certificate for the end user workstation).
Fu does not explicitly disclose sending, by the authenticator device, an authentication successful message to the supplicant device based on the login history and presence of the valid account in the directory database; and redirecting, by the authenticator device, the supplicant device to a captive web portal for authentication of the supplicant device based on the login credential.
However, analogous art of Schonwald discloses sending, by the authenticator device, an authentication successful message to the supplicant device based on the login history and presence of the valid account in the directory database (Schonwald: para. 0024-0025, sending, by the authentication provider/Radius server (i.e. authenticator device), an authentication success message to the user device (i.e. supplicant device) based on the database that has associated user device identifiers, MAC address, device name, IP address, etc… and the presence of a valid account in the directory database); and redirecting, by the authenticator device, the supplicant device to a captive web portal for authentication of the supplicant device based on the login credential (Schonwald: para. 0025, 0030-0032, 0034, redirecting by the authentication provider, the user device to a captive portal for authentication of the user device based on the login credential).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Schonwald with the system/method of Fu to include sending, by the authenticator device, an authentication successful message to the supplicant device based on the login history and presence of the valid account in the directory database; and redirecting, by the authenticator device, the supplicant device to a captive web portal for authentication of the supplicant device based on the login credential. 
One would have been motivated to improve an authentication process for a computer network while maintaining backwards compatibility with existing browsers/processes (Schonwald: para. 0011).  

As per claim 5, Fu and Schonwald disclose the method as claimed in claim 1.
Fu further discloses wherein providing the renewed security certificate comprises one of: sending the renewed security certificate to the supplicant device; and generating a Uniform Resource Locator (URL) for the renewed security certificate to be downloaded by the supplicant device (Fu: col. 5, lines 40-44, and col. 8, lines 43-46, providing the renewed certificate includes sending the renewed certificate to the requester (i.e. supplicant device); and generating a link (i.e. URL) for the renewed certificate to be downloaded by the requestor, the link includes a location where the renewed certificate can be retrieved by the requester).
         As per claim 6, Fu and Schonwald discloses the method as claimed in claim 1.
         Fu further discloses wherein the security certificate is one of a Transport Layer Security (TLS) certificate and a Secure Sockets Layer (SSL) certificate (Fu: col. 7, lines 62-65, discloses a SSL certificate, the Examiner asserts that you do not need to change the certificate to use TLS, the certificate already supports both SSL and TLS protocols, thus the SSL certificate can be configured to be a TLS certificate, thus when you have a SSL certificate it supports TLS protocol as well, and can be a TLS certificate).
	
As per claims 8 and 15, rejected under similar scope as claim 1.

	As per claims 12-13; and claim 19-20, rejected under similar scope as claim 5 and claim 6 respectively.

Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Fu et al. (9,130,758) in view of Schonwald et al. (2018/0309757), and further in view of Shrotri (2016/0021097).

As per claim 2, Fu and Schonwald discloses the method as claimed in claim 1.
Fu and Schonwald do not explicitly disclose wherein authentication of the login credential in the captive web portal comprises: verifying a username and a password of the valid account associated with the supplicant device; sending a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device; and in response to receiving the approval from the administrator device, onboarding the supplicant device in a network managed by the authenticator device.
However, analogous art of Shrotri discloses wherein authentication of the login credential in the captive web portal comprises verifying a username and a password of the valid account associated with the supplicant device (Shrotri: para. 0032, 0043, 0045, and 0071 authentication of login credential (i.e. authentication credential) in the captive web portal, and verifying a username and password of the valid account associated with the client device (i.e. supplicant device), the account is valid by the RADIUS server looking up the username and password that is stored in an active directory); sending a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device (Shrotri: para. 0045, sending a message to the RADIUS server (i.e. administrator device), the message is the request for an approval for authentication of the client device) ; and in response to receiving the approval from the administrator device (Shrotri: para. 0045, 0048, and 0072, 
response is the authentication Ack (Acknowledgement) that indicates authenticated using the credentials), onboarding the supplicant device in a network managed by the authenticator device (Shrotri: para. 0032, and 0048, onboarding the client device (i.e. supplicant device) in a network managed by the authenticator device, the authenticator device is the RADIUS server as well, the Examiner asserts that the administrator device and the authenticator device can be the same device that perform the steps associated therein).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shrotri with the system/method of Fu and Schonwald to include wherein authentication of the login credential in the captive web portal comprises: verifying a username and a password of the valid account associated with the supplicant device; sending a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device; and in response to receiving the approval from the administrator device, onboarding the supplicant device in a network managed by the authenticator device. 
One would have been motivated to have a captive portal to perform the steps of Shrotri, because captive portal is essential for any network structure because they provide a quick and easy way to control access to the network (Shrotri: para. 0004).  

As per claim 9, Fu, and Schonwald disclose the authenticator device as claimed in claim 8.
Fu further disclose verify a username and a password of the valid account associated with the supplicant device (Fu: col. 8, lines 3-11, col. 9, lines 8-30, verify a username and password, the CA server looks up a login history of the end user workstation (i.e. suppliant device), the login history is a record in the CA database/LDAP (i.e. directory database) where there is a valid account of credentials stored).
Fu and Schonwald do not explicitly disclose send a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device; and in response to receiving the approval from the administrator device, onboard the supplicant device in a network managed by the authenticator device.
However, analogous art of Shrotri discloses send a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device (Shrotri: para. 0045, sending a message to the RADIUS server (i.e. administrator device), the message is the request for an approval for authentication of the client device); and in response to receiving the approval from the administrator device (Shrotri: para. 0045, 0048, and 0072, response is the authentication Ack (Acknowledgement) that indicates authenticated using the credentials), onboard the supplicant device in a network managed by the authenticator device (Shrotri: para. 0032, and 0048, onboarding the client device (i.e. supplicant device) in a network managed by the authenticator device, the authenticator device is the RADIUS server as well, the Examiner asserts that the administrator device and the authenticator device can be the same device that perform the steps associated therein).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shrotri with the system/method of Fu and Schonwald to include send a message to an administrator device, wherein the message is indicative of a request for an approval for authentication of the supplicant device; and in response to receiving the approval from the administrator device, onboard the supplicant device in a network managed by the authenticator device. 
One would have been motivated to perform the steps of Shrotri, to allow an efficient way of authenticated the supplicant device (Shrotri: para. 0004).  
As per claim 16, rejected under similar scope as claim 9 above.

Claims 3-4, 10-11, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Fu et al. (9,130,758) in view of Schonwald et al. (2018/0309757), and further in view of Adhya et al. (2016/0036794).

As per claim 3, Fu and Schonwald disclose the method as claimed in claim 1.
Fu further discloses determining the login history of the supplicant device comprises (Fu: col. 8, lines 3-11, col. 9, lines 8-30, the login history is a record in the CA database/LDAP (i.e. directory database) where there is a valid account of credentials stored of the end user workstation); and determining whether the security certificate has expired within a second threshold time period (Fu: col. 6, lines 56-58, determining whether the certificate has expired, each certificate has validity period (i.e. threshold time period)).
Fu and Schonwald do not explicitly disclose identifying a last successful login attempt of the supplicant device in a network managed by the authenticator device; determining whether the last successful login attempt was within a first threshold time period.
However, analogous art of Adhya discloses identifying a last successful login attempt of the supplicant device in a network managed by the authenticator device; determining whether the last successful login attempt was within a first threshold time period (Adhya: para. 0014, See Fig. 5, #520, identifying a previous successful login attempt (i.e. successfully authenticated), and determining the previous successful login attempt threshold time (i.e. particular period of time)).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Adhya with the system/method of Fu and Schonwald to include identifying a last successful login attempt of the supplicant device in a network managed by the authenticator device; determining whether the last successful login attempt was within a first threshold time period. 
One would have been motivated to have an efficient and secure method of performing authentication, by using the previous authentication (Adhya: para. 0072).   

As per claim 4, Fu, Schonwald, and Adhya disclose the method as claimed in claim 3.
Fu further discloses the security certificate has expired within the second threshold time period (Fu: col. 6, lines 56-58, determining whether the certificate has expired, each certificate has validity period (i.e. threshold time period)), and the valid account associated with the supplicant device is present in the directory database (Fu: col. 8, lines 3-11, col. 9, lines 8-30, the login history is a record in the CA database/LDAP (i.e. directory database) where there is a valid account of credentials stored).
Fu and Schonwald does not explicitly disclose wherein the authentication successful message is sent to the supplicant device in response to a determination that the last successful login attempt was within the first threshold time period.
However, analogous art of Adhya discloses wherein the authentication successful message is sent to the supplicant device in response to a determination that the last successful
login attempt was within the first threshold time period (Adhya: para. 0014, 0042, and Fig. 5, authentication success message is sent to the client device) .
Same motivation as claim 3 above.

As per claims 10-11; and claims 17-18, rejected under similar scope as claim 3 and claim 4 respectively.  

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Fu et al. (9,130,758) in view of Schonwald et al. (2018/0309757), and in view of Newberg et al. (2019/0149532) and further in view of Esdaile (2016/0323265).

As per claim 7, Fu and Schnowald disclose the method as claimed in claim 1.
Schnowald further discloses wherein the suppliant device is redirected to the captive web portal based on one of a predefined role, a vendor specific attribute, and a redirect URL (Schonwald: para. 0025, 0030-0032, 0034, redirecting by the authentication provider, the user device to a captive portal, redirecting to the captive portal the Examiner asserts is a redirect to a URL).
Fu and Schnowald do not explicitly disclose wherein the redirect to the captive web portal based on vendor specific attribute.
However, analogous art of Newberg discloses wherein the redirect to the captive web portal based on vendor specific attribute (Newberg: para. 0014, 0055-0057, captive portal based on vendor captive portal).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Newberg with the system/method of Fu and Schonwald to include redirect to the captive web portal based on vendor specific attribute. 
One would have been motivated to provide different options for different vendors this method allows flexibility to different vendors (Newberg: para. 0006). 
Fu, Schnowald, and Newberg do not explicitly disclose redirect to the captive web portal based on a predefined role.
However, analogous art of Esdaile discloses redirect to the captive web portal based on a predefined role (Esdaile: para. 0022-0023, 0030-0031, redirect to the captive portal based on a provisioning role (i.e. predefined role).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Newberg with the system/method of Fu and Schonwald to include redirect to the captive web portal based on vendor specific attribute. 
One would have been motivated to redirect to the captive web portal based on a predefined role, thus the redirection based on role will trigger certain messages to be transmitted to a captive portal based on a role (Esdaile: para. 0023). 

As per claim 14, rejected under similar scope as claim 7.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC)
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





8/21/2022
/J.E.J/Examiner, Art Unit 2439                                                                                                                                                                                                        

/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439