DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.    	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
2.    	Claims 1-21 are pending. Claims 1, 7, and 11 are in independent forms. 
Information Disclosure Statement
3.    	No information disclosure statements (I DS's) submitted on these application.
Drawings
4.    	The drawings filed on 07/08/2021 are accepted by the examiner.
Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-6, 11-13, and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Patil et al. US Patent Application Publication No. 2021/0014776 (hereinafter Patil) in view of Thangaveluchamy et al. US Patent No. 10,820,201 (hereinafter Thangaveluchamy).                                                                  Regarding claim 1, Patil discloses a method for communicating over a wireless network, the method comprising: 
	“broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device” (see Patil par. 0077, The AP 102 periodically broadcasts beacon frames (“beacons”) including the BSSID to enable any STAs 104 (client device) within wireless range of the AP 102 to “associate” or re-associate with the AP 102 to establish a respective communication link 108 (hereinafter also referred to as a “Wi-Fi link”), or to maintain a communication link 108, with the AP 102); 
	 “establishing a security association with the client device” (see Patil par. 0015, the operations may also include associating the STA MLD with the AP MLD based at least in part on the association information, and communicating with the STA MLD on one or more of the first communication link or the one or more secondary communication links based on the association. In some instances, the operations may also include establishing a common security context between a first medium access control service access point (MAC-SAP) endpoint of the AP MLD and a second MAC-SAP endpoint of the STA MLD, where each of the first and second MAC-SAP endpoints is used to communicate over the first communication link and the one or more secondary communication links); and 
	“in response to establishing a security association with the client device, granting access by the client device to a subset of the one or more services based on the type of the client device” (see Patil pars. 0112, 0117, allow an AP MLD device and a STA MLD to establish a common BA session with one another for MAC service data units (MSDUs) corresponding to one or more TIDs, and to affiliate (or “map”) each of the one or more TIDs with a corresponding group of communication links. The common BA session established between the AP MLD and the STA MLD, in conjunction with mappings between each TID and a corresponding group of communication links, may allow the AP MLD and the STA MLD MLDs to remap each TID of the one or more TIDs to another group of communication links without tearing-down the common BA session or establishing a new BA session. at block 722, the AP establishes a block acknowledgement (BA) session with the second wireless communication device that affiliates at least one traffic identifier (TID) to a first subset of the first communication link, the second communication link, and a third communication link. The BA session may be common for each of the first, the second, and the third communication links);
	“wherein the service data indicates that a service type is differentiated based on (Patil in par. 0077 discloses, A single AP 102 and an associated set of STAs 104 may be referred to as a basic service set (BSS), which is managed by the respective AP 102. FIG. 1 additionally shows an example coverage area 106 of the AP 102, which may represent a basic service area (BSA) of the WLAN 100. The BSS may be identified to users by a service set identifier (SSID), as well as to other devices by a basic service set identifier (BSSID), which may be a medium access control (MAC) address of the AP 102); but Patil does not explicitly discloses a type of the client device. However, in analogues art, Thangaveluchamy discloses a type of the client device (see Thangaveluchamy col. 6, lines 11-32, The process flow of FIG. 5 begins in operation 505 where a default pre-shared key is provided from a first device to a second device. The first device is configured to authenticate client devices to a network. In operation 510, a first authentication request is obtained at the first device from a third device. The authentication request includes data indicative of the second device. In operation 515, a first response to the first authentication request is provided to third device from the first device. The first response includes the default pre-shared key. In operation 520, a second authentication request is obtained at the first device from the third device. This second authentication request includes a private pre-shared key and data indicative of the second device).  
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42).   
  	
	Regarding claim 2, Patil in view of Thangaveluchamy discloses the method of claim 1, 
	Thangaveluchamy further discloses wherein the type of client device indicates one or more network resources available to the client device, the one or more network resources comprising an access point, a subnetwork, or both (see Thangaveluchamy col. 2, lines 45-57,  a network environment 100 that includes client devices 105a-e (also referred to as stations (STAs)), an access point (AP) 110, a wireless local area network controller (WLC) 115 and an AAA server 120 which are leveraged according to the techniques of the present disclosure to provide access to Wi-Fi network 125. While FIG. 1 illustrates access point 110 and WLC 115 as being separate devices, these devices may be combined or separated into fewer or more devices).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42).   

	Regarding claim 3, Patil in view of Thangaveluchamy discloses the method of claim 1, 
	Patil further discloses wherein the one or more services each comprises an access point for establishing a communication link between the client device and a networking device (see Patil par. 0003, A wireless local area network (WLAN) may be formed by one or more access points (APs) that provide a shared wireless communication medium for use by a number of client devices also referred to as stations (STAs)).  

	Regarding claim 4, Patil in view of Thangaveluchamy discloses the method of claim 3, 
	Patil further discloses wherein each access point is associated with a radio band comprising one of a 2.4 GHz radio band, a 5 GHz radio band, or a 6 GHz radio band (see Patil par. 0078, To establish a communication link 108 with an AP 102, each of the STAs 104 is configured to perform passive or active scanning operations (“scans”) on frequency channels in one or more frequency bands (for example, the 2.4 GHz, 5.0 GHz, 6.0 GHz, or 60 GHz bands))   
	
	Regarding claim 5, Patil in view of Thangaveluchamy discloses the method of claim 1, 
	Thangaveluchamy further discloses wherein the type of client device is indicated by a private pre-shared key (PPSK) or a simultaneous authentication of equals (SAE) password identifier (see Thangaveluchamy col. 3, lines 17-21, An application or “app” installed on the client devices 105a-e may be used for social login and for auto generation of a unique private pre-shared key. This unique pre-shared key may then be used to automatically provision AAA server 120 to permit access to Wi-Fi network 125).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42).   

	Regarding claim 6, Patil in view of Thangaveluchamy discloses the method of claim 1, 
	Thangaveluchamy further discloses determining that the client device is requesting access to a service that the client device is not authorized to access (see Thangaveluchamy col. 4, lines 47-62, WLC sends association response 404 back to client 205 and also sends access request 406 to AAA server 220. Access request 406 includes the MAC address for client 205. AAA server 220 searches its stored data in operation 408 based on the MAC address of client 205 and returns access accept 410 with the already provisioned private pre-shared key found against the MAC address for client 205. In other words, access is now granted to client 205 because AAA server 220 was previously provisioned with the private pre-shared key, username and MAC address of client 205 in operation 363 of FIG. 3);  and in response to determining, rejecting the request and providing an authorized service to the client device instead of the requested service (see Thangaveluchamy col. 4, lines 17-29, Client 205 initiates an association request to WLC 315, as illustrated in operation 332. WLC 315 receives the association request 332 and sends association response 333 back to client 205. WLC 315 also sends an access request 334 to AAA server 220. Access request 334 includes the MAC address for client 205 for use in the MAC Authentication performed by AAA server 220. As this is the first access request sent on behalf of client 205, the MAC address for client 205 may not have been registered with AAA server 220. Therefore, AAA server 220 sends access reject 335 back to WLC 315. Included in access reject 335 is the default pre-shared key previously provided to client 205, as illustrated in operation 250 of FIG. 2).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42). 

	Regarding claim 11, Patil discloses a method for communicating over a wireless network, the method comprising: 
	“broadcasting, by a Multi-Link Device (MLD) device, service data indicative of one or more services for wireless communication with a client device” (see Patil par. 0077, The AP 102 periodically broadcasts beacon frames (“beacons”) including the BSSID to enable any STAs 104 (client device) within wireless range of the AP 102 to “associate” or re-associate with the AP 102 to establish a respective communication link 108 (hereinafter also referred to as a “Wi-Fi link”), or to maintain a communication link 108, with the AP 102); 
 	“establishing a security association with the client device” (see Patil par. 0015, the operations may also include associating the STA MLD with the AP MLD based at least in part on the association information, and communicating with the STA MLD on one or more of the first communication link or the one or more secondary communication links based on the association. In some instances, the operations may also include establishing a common security context between a first medium access control service access point (MAC-SAP) endpoint of the AP MLD and a second MAC-SAP endpoint of the STA MLD, where each of the first and second MAC-SAP endpoints is used to communicate over the first communication link and the one or more secondary communication links);  
	“in response to receiving the authentication data from the client device, switching the communication link from the first service type to the second service type” (see Patil par. 0074, By using a first communication link to exchange discovery information and one or more of capability information or operating parameter information for other communication links, wireless communication devices that implement various aspects of the present disclosure may allow the wireless communication devices to associate with one another by exchanging communications on a single communication link. The exchanged ML information may also allow the wireless communication devices to quickly switch communications between different communication links, and to dynamically change mappings between TID values and a plurality of communication links. Specifically, a STA MLD may receive, from an AP MLD, a single packet including ML information for all of the links that the MLDs are operating on. Thus, aspects of the present disclosure enable the STA MLD to discover the AP MLD on any link that the AP MLD device has setup a BSS. Additionally, aspects of the present disclosure may allow an AP MLD device and a STA MLD to establish a common BA session with one another for MAC service data units (MSDUs) corresponding to one or more TIDs, and to affiliate (or “map”) each of the one or more TIDs with a corresponding group of communication links); 
	“receiving authentication data from the client device, the authentication data indicative of a second service type available from the MLD device that is different from the first available service type” (see Patil par. 0027, the frame may also include a field containing an indication of a presence or absence of each of the common attributes indicated in the second portion of the frame, the common attributes including at least one of an indication of an authentication scheme, an address of the AP MLD, or a basic service set identifier (BSSID) of the AP MLD. In some other instances, the frame may also indicate whether the AP MLD supports simultaneous transmit-and-receive (STR) operations across multiple links of the first communication link or the one or more secondary communication links. In addition, or in the alternative, the frame may also include an indication of one or more critical updates corresponding to one or more of the first AP or the one or more secondary APs, where the critical updates include a change in operating channels or a change in basic service set (BSS) parameters for at least one AP of the first AP or the one or more secondary Aps); wherein the service data indicates a first available (Patil in par. 0077 discloses, A single AP 102 and an associated set of STAs 104 may be referred to as a basic service set (BSS), which is managed by the respective AP 102. FIG. 1 additionally shows an example coverage area 106 of the AP 102, which may represent a basic service area (BSA) of the WLAN 100. The BSS may be identified to users by a service set identifier (SSID), as well as to other devices by a basic service set identifier (BSSID), which may be a medium access control (MAC) address of the AP 102); but Patil does not explicitly discloses service type for a communication link with the MLD device. However, in analogues art, Thangaveluchamy discloses service type for a communication link with the MLD device (see Thangaveluchamy col. 6, lines 11-32, The process flow of FIG. 5 begins in operation 505 where a default pre-shared key is provided from a first device to a second device. The first device is configured to authenticate client devices to a network. In operation 510, a first authentication request is obtained at the first device from a third device. The authentication request includes data indicative of the second device. n operation 515, a first response to the first authentication request is provided to third device from the first device. The first response includes the default pre-shared key. In operation 520, a second authentication request is obtained at the first device from the third device. This second authentication request includes a private pre-shared key and data indicative of the second device).  
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42).   

	Regarding claim 12, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil further discloses wherein the second service type includes a higher bandwidth than the first service type (see Patil par. 0004, the AP may communicate with one or more STAs over multiple concurrent communication links. Each of the communication links may be of various bandwidths, for example, by bonding a number of 20 MHz-wide channels together to form 40 MHz-wide channels, 80 MHz-wide channels, or 160 MHz-wide channels. The AP may establish BSSs on any of the different communication links, and therefore it is desirable to improve communication between the AP and the one or more STAs over each of the communication links).

	Regarding claim 13, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil further discloses wherein the second service type comprises a communication using a 6 gigahertz (GHz) radio band (see Patil par. 0018, each per-link profile subelement may also include at least one of capability information or operating parameter information of a corresponding secondary AP of the one or more secondary APs. The capability information may indicate one or more of HT capabilities, VHT capabilities, HE capabilities, HE 6 GHz Band capabilities, or EHT capabilities). 

	Regarding claim 15, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Thangaveluchamy further discloses receiving, by the MLD device, a request for communication using the second service type by the client device prior to establishing the security association with the client device (see Thangaveluchamy col. 4, lines 47-62, WLC sends association response 404 back to client 205 and also sends access request 406 to AAA server 220. Access request 406 includes the MAC address for client 205. AAA server 220 searches its stored data in operation 408 based on the MAC address of client 205 and returns access accept 410 with the already provisioned private pre-shared key found against the MAC address for client 205. In other words, access is now granted to client 205 because AAA server 220 was previously provisioned with the private pre-shared key, username and MAC address of client 205 in operation 363 of FIG. 3); and rejecting the request without providing an indication that the second service type is available (see Thangaveluchamy col. 4, lines 17-29, Client 205 initiates an association request to WLC 315, as illustrated in operation 332. WLC 315 receives the association request 332 and sends association response 333 back to client 205. WLC 315 also sends an access request 334 to AAA server 220. Access request 334 includes the MAC address for client 205 for use in the MAC Authentication performed by AAA server 220. As this is the first access request sent on behalf of client 205, the MAC address for client 205 may not have been registered with AAA server 220. Therefore, AAA server 220 sends access reject 335 back to WLC 315. Included in access reject 335 is the default pre-shared key previously provided to client 205, as illustrated in operation 250 of FIG. 2).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Thangaveluchamy into the system of Patil in order to provide a mechanism to provision the private pre-shared key (sometimes referenced in the figures as an “aPSK”) of authenticated clients in a secure manner and to on-board subscribers automatically in Wi-Fi deployments (see Thangaveluchamy col. 2, lines 39-42).   
 
	Regarding claim 16, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil further discloses wherein the security association enables a unicast communication between the MLD device and the client device (see Patil par. 0022,  the method may also include transmitting a multi-link (ML) association request to the AP MLD, and receiving association information for the first AP and the one or more secondary APs of the AP MLD based on the ML association request. The ML association request may indicate one or more of capabilities, operating parameters, an operating class, or identification information of each STA of the STA MLD).

	Regarding claim 17, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil further discloses providing, by the MLD device, off-link change data to the client device using a secure unicast management data frame (see Patil par. 0012, the frame may also indicate whether the AP MLD supports simultaneous transmit-and-receive (STR) operations across multiple links of the first communication link or the one or more secondary communication links. In addition, or in the alternative, the frame may also include an indication of one or more critical updates corresponding to one or more of the first AP or the one or more secondary APs, where the critical updates include a change in operating channels or a change in basic service set (BSS) parameters for at least one AP of the first AP or the one or more secondary Aps).  

	Regarding claim 18, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil further discloses broadcasting, by the MLD device, general MLD update data indicating a potential change to a basic service set identifier (BSSID) metric on any established communication link with the MLD device (see Patil par. 0027, the frame may also include a field containing an indication of a presence or absence of each of the common attributes indicated in the second portion of the frame, the common attributes including at least one of an indication of an authentication scheme, an address of the AP MLD, or a basic service set identifier (BSSID) of the AP MLD. In some other instances, the frame may also indicate whether the AP MLD supports simultaneous transmit-and-receive (STR) operations across multiple links of the first communication link or the one or more secondary communication links). 

7.	Claims 7-10 are rejected under 35 U.S.C. 103 as being unpatentable over Patil et al. US Patent Application Publication No. 2021/0014776 (hereinafter Patil) in view of Lee et al. US Patent Application Publication No. 2016/0135041 (hereinafter Lee).
  	Regarding claim 7, Patil discloses a method for communicating over a wireless network, the method comprising: 
	 “establishing a secure association between the MLD device and the client device” (see Patil par. 0015, the operations may also include associating the STA MLD with the AP MLD based at least in part on the association information, and communicating with the STA MLD on one or more of the first communication link or the one or more secondary communication links based on the association. In some instances, the operations may also include establishing a common security context between a first medium access control service access point (MAC-SAP) endpoint of the AP MLD and a second MAC-SAP endpoint of the STA MLD, where each of the first and second MAC-SAP endpoints is used to communicate over the first communication link and the one or more secondary communication links);  
	“receiving, by a Multi-Link Device (MLD) device, a request from a client device to establish a secure association with the MLD device, the request comprising multi-link media access control (ML-MAC) address data indicative of a ML-MAC address and (Patil in par. 0014-0015, 0071 discloses the operations may also include receiving, by the first AP of the AP MLD on the first communication link, a directed probe request from a wireless station (STA) of a STA MLD, and transmitting the frame as a multi-link (ML) probe response frame based on receiving the directed probe request from the STA MLD. In some instances, the directed probe request may request one or more of discovery information, operating parameters, capabilities, or an operating class for each AP of the AP MLD. The directed probe request may also indicate one or more of capabilities, operating parameters, an operating class, or identification information of each STA of the STA MLD, provide a single ML association context for a plurality of communication links shared between multiple devices that form a multi-link device (MLD). Each MLD may have a unique medium access control (MAC) address, which is also referred to as a MAC service access point (MAC-SAP) endpoint); in response to establishing the secure association, receiving, from the client device, Patil in par. 0015, the operations may also include associating the STA MLD with the AP MLD based at least in part on the association information, and communicating with the STA MLD on one or more of the first communication link or the one or more secondary communication links based on the association);
	Patil does not explicitly discloses over the air MAC (OTA-MAC) address data indicative of a OTA-MAC address; an indication of a changed ML-MAC address or a changed OTA-MAC address for communication with the client device.
	However, in analogues art, Lee discloses over the air MAC (OTA-MAC) address data indicative of a OTA-MAC address (see Lee par. 0049, The wireless stations 115 may support communication techniques that utilize one MAC address for OTA communications (e.g., the wireless transmissions via links 120) and a second persistent MAC address for legacy network functions. The MAC privacy component 130 may determine the OTA MAC address and the persistent MAC address and communicate information indicative of both MAC addresses to the AP 105 via a secure channel. The AP 105 may receive the information indicative of the two MAC addresses for the wireless station 115 and support MAC address randomization for privacy functions. Accordingly, the wireless station 115 and the AP 105 may exchange data frames over links 120 where the data frames include the OTA MAC address); an indication of a changed ML-MAC address or a changed OTA-MAC address for communication with the client device (see Lee par. 0054, The MAC privacy component 210 may communicate information indicative of the OTA and persistent MAC addresses to an AP 105. When the apparatus 220 has information to communicate, the MAC privacy component 210 may replace the persistent MAC address with the OTA MAC address and transmit, via the transmitter 215, the data frame(s) using the OTA MAC address as a source address of the apparatus 220. An AP 105 may receive the data frame(s) with the OTA MAC address and identify the persistent MAC address associated with the apparatus 220. The AP 105 may forward the data frames to legacy network components using the legacy MAC address to ensure the apparatus 220, as the source of the data frames, is properly identified).   
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee into the system of Patil in order to provide an STA may communicate the OTA MAC address and the persistent MAC address to the AP during authentication and/or association via a secure channel (see Lee par. 0008).
   
	

	Regarding claim 8, Patil in view of Lee discloses the method of claim 7, 
	Lee further discloses receiving, from the client device, encrypted data indicative of one or more station (STA) OTA addresses (see Lee par. 0076, the MAC mapping component 510 may receive the indication of an OTA MAC address and a persistent MAC address from the wireless station over a secure channel. In some aspects, the OTA MAC address and a persistent MAC address from the wireless station may be encrypted); and in response to establishing the secure association, receiving, from the client device, an indication of a changed STA-OTA for communication with the client device (see Lee par. 0077, the MAC mapping component 510 may map the OTA MAC address to the associated persistent MAC address for the wireless station using the look-up table, for example. Accordingly and for wireless station originated data, the MAC mapping component 510 may replace the OTA MAC address with the persistent MAC address and forward the data via legacy network entities using the persistent MAC address).  
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee into the system of Patil in order to provide an STA may communicate the OTA MAC address and the persistent MAC address to the AP during authentication and/or association via a secure channel (see Lee par. 0008).   

	Regarding claim 9, Patil in view of Lee discloses the method of claim 7, 
 	Lee further discloses wherein the indication of the changed ML-MAC address or the changed OTA-MAC address for communication with the client device is a portion of an encrypted management frame or an encrypted action frame of a communication packet (see Lee par. 0008, the OTA MAC address and the persistent MAC address may be communicated to the AP after being encrypted using a shared key established during the authentication and/or association process. The STA and AP may wirelessly exchange data frames that include the OTA MAC address and perform MAC replacement to identify the associated persistent MAC address of the STA. Accordingly, the persistent MAC address may provide for data source/destination routing functions).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee into the system of Patil in order to provide an STA may communicate the OTA MAC address and the persistent MAC address to the AP during authentication and/or association via a secure channel (see Lee par. 0008).   

	Regarding claim 10, Patil in view of Lee discloses the method of claim 7, 
 	Patil further discloses wherein the MLD comprises a plurality of access points, at least one access point of the plurality being a premium access point and at least one access point of the plurality being a non-premium access point, the method further comprising: establishing the secure association between the MLD device and the client device using the non-premium access point (see Patil par. 0006, the method may be performed by an access point (AP) multi-link device (MLD), and may include generating a frame by a first AP of the AP MLD associated with a first communication link of the AP MLD, the AP MLD further including one or more secondary APs associated with one or more respective secondary communication links of the AP MLD, and transmitting the frame on the first communication link. The frame may include an advertising information element carrying discovery information for the first AP of the AP MLD, a first portion carrying discovery information for each secondary AP of the one or more secondary APs of the AP MLD, and a second portion carrying common attributes of the one or more secondary APs of the AP MLD); and updating the secure association to be between the MLD device and the client device using the premium access point based on the changed ML-MAC address or the changed OTA-MAC address (see Patil par. 0020, the frame may also include an indication of one or more critical updates corresponding to one or more of the first AP or the one or more secondary APs, where the critical updates include a change in operating channels or a change in basic service set (BSS) parameters for at least one AP of the first AP or the one or more secondary Aps). 

8.	Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Patil et al. US Patent Application Publication No. 2021/0014776 (hereinafter Patil) in view of Thangaveluchamy et al. US Patent No. 10,820,201 (hereinafter Thangaveluchamy) in further view of Powell et al. US Patent No. 8,601,587 (hereinafter Powell).
	Regarding claim 14, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil in view of Thangaveluchamy does not explicitly discloses wherein the second service type represents a subnetwork with additional administrative privileges relative to the first service type.
	However, in analogues art, Powell discloses wherein the second service type represents a subnetwork with additional administrative privileges relative to the first service type (see Powell col. 4, line 63-col. 5, line 14, Node credential database 28 stores information associated with administrative privileges of certain network elements 18 of network infrastructure 16. Cyber threat analysis tool 26 uses credential information to identify underlying links between network elements 18 and configuration parameters of network elements 18 that may not otherwise be provided for generating network model 32. For example, node credential database 28 may include administrative privileges for a particular sub-network of network infrastructure 16 whose configuration is hidden from public access in which the configuration of this sub-network may include write privileges for certain applications executed on network elements 18). 
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Powell into the system of Patil and Thangaveluchamy in order to include a privileged access generally refers to administrative privileges accessed via node credential database to determine internal vulnerabilities of network infrastructure (see Powell col. 9, lines 15-18).   

9.	Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Patil et al. US Patent Application Publication No. 2021/0014776 (hereinafter Patil) in view of Thangaveluchamy et al. US Patent No. 10,820,201 (hereinafter Thangaveluchamy) in further view of Goel et al. US Patent Application Publication No. 2018/0218168 (hereinafter Goel).
	Regarding claim 19, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil in view of Thangaveluchamy does not explicitly discloses providing an identifier privacy public key to the client device in response to establishing the secure association; causing the client device to encrypt the ML-MAC address of the MLD device with the identifier privacy public key; causing a subsequent communication link to include a privacy session key based on the identifier privacy public key and a client identifier privacy public key. 
	However, in analogues art, Goel discloses providing an identifier privacy public key to the client device in response to establishing the secure association (see Goel par. 0060, Client device 204 may include or be identified with a device identifier 314 (shown in FIG. 3A as device ID 314). Device identifiers 314 may include any type and form of identification, including without limitation a Media Access Control (MAC) address, text and/or numerical data string, a username, a cryptographic public key, cookies, device serial numbers, user profile data, network addresses, or any other such identifier that may be used to distinguish the client device 204 from other client devices 204); causing the client device to encrypt the ML-MAC address of the MLD device with the identifier privacy public key (see Goel par. 0060, In many implementations, to preserve privacy, the device identifier 314 may be cryptographically generated, encrypted, or otherwise obfuscated); causing a subsequent communication link to include a privacy session key based on the identifier privacy public key and a client identifier privacy public key (see Goel par. 0060, client device 204 may include a session identifier 316 (shown in FIG. 3A as session ID 316) which may be similar to a device identifier 314 but generated more frequently, such as hourly, daily, upon activation of application 310, or any other such period. Session identifier 316 may be generated by a client device 204 or received from a server or other device. Session identifier 316 may be used in place of device identifiers 314 to increase anonymity, or may be used in connection with device identifiers 314 to distinguish interactions of one session from those of another session).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Goel into the system of Patil and Thangaveluchamy in order to include a client device adapted to receive requests to deliver device identifiers, session identifiers, and any other PII data collected by collection agent to a computing device, such as a server (see Goel par. 0061).   

10.	Claims 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Patil et al. US Patent Application Publication No. 2021/0014776 (hereinafter Patil) in view of Thangaveluchamy et al. US Patent No. 10,820,201 (hereinafter Thangaveluchamy) in further view of Lee et al. US Patent Application Publication No. 2016/0135041 (hereinafter Lee).
	Regarding claim 20, Patil in view of Thangaveluchamy discloses the method of claim 11, 
	Patil in view of Thangaveluchamy does not explicitly discloses receiving, from the client device, an update to a per-link over the air MAC (OTA- MAC) address of the client device in an encrypted field of a data frame.
	However, in analogues art, Lee discloses receiving, from the client device, an update to a per-link over the air MAC (OTA- MAC) address of the client device in an encrypted field of a data frame (see Lee par. 0008, the OTA MAC address and the persistent MAC address may be communicated to the AP after being encrypted using a shared key established during the authentication and/or association process. The STA and AP may wirelessly exchange data frames that include the OTA MAC address and perform MAC replacement to identify the associated persistent MAC address of the STA. Accordingly, the persistent MAC address may provide for data source/destination routing functions).
	Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lee into the system of Patil and Thangaveluchamy in order to include an OTA MAC address and a persistent MAC address from the wireless station may be encrypted. The OTA MAC address may be used by the wireless station and the device for wireless transmissions whereas the persistent MAC address may be used to support routing, authentication, association, and/or mobility, etc.  (see Lee par. 0076).   

   	Regarding claim 21, Patil in view of Thangaveluchamy in further view of Lee discloses the method of claim 20, 
	Patil further discloses wherein the data frame comprises an A-MSDU subframe header, wherein a unicast bit in a source field of the A-MSDU subframe header is set to a predetermined value (see Patil par. 0094, each PSDU 404 may carry an aggregated MPDU (A-MPDU) 408 that includes an aggregation of multiple A-MPDU subframes 406. Each A-MPDU subframe 406 may include a MAC delimiter 410 and a MAC header 412 prior to the accompanying MPDU 414, which comprises the data portion (“payload” or “frame body”) of the A-MPDU subframe 406. The MPDU 414 may carry one or more MAC service data unit (MSDU) subframes 416. For example, the MPDU 414 may carry an aggregated MSDU (A-MSDU) 418 including multiple MSDU subframes 416. Each MSDU subframe 416 contains a corresponding MSDU 420 preceded by a subframe header 422).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Lin (2016/0192186): discloses A mesh network with a network-wide pre-shared key (PSK) that can be updated is described. The PSK can be used to establish secure communication between arbitrary electronic devices in the mesh network. In order to prevent electronic devices from being inadvertently ‘stranded,’ i.e., unable to securely communicate with other electronic devices in the mesh network when the PSK is updated, pairs of electronic devices in the mesh network establish personal PSKs (PPSKs). In particular, after securely associating with each other, a given pair of electronic devices may have used the current PSK to authenticate and encrypt their communication. Then, the given pair of electronic devices may define a PPSK, e.g., by exchanging one or more random numbers. If a subsequent attempt at establishing secure or encrypted communication between the given pair of electronic devices fails, these electronic devices may use the PPSK as a backup to establish the encrypted communication.
Huang (2019/0335454): discloses Embodiments of an access point (AP), station (STA) and method of communication are generally described herein. The AP may be included in a plurality of APs affiliated with a multi-link AP logical entity. As part of a multi-link AP logical entity, the plurality of APs may share a common medium access control (MAC) data service interface to an upper layer. The AP may exchange signaling with an STA as part of a multi-link setup process between the multi-link TP logical entity and a multi-link non-AP logical entity. The STA may be included in a plurality of STAs affiliated with the multi-link non-AP logical entity. The multi-link setup process may establish a link between each AP of the plurality of APs and a corresponding STA of the plurality of STAs.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SAMUEL AMBAYE/Examiner, Art Unit 2433                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436