DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted at applicant’s initial time of filing for patent. 
Priority
This application is a CON and claim[s] domestic priority under 35 USC 120 to non – provisional application # 15/439,663, filed on 02/22/2017, now US PAT # 11075928; which is a further CON of non – provisional application # 14/699969, filed on 04/29/2015, now US PAT # 9615255. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/10/2022, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Applicant’s drawings filed on 07/08/2021 have been inspected and is in compliance with MPEP 608.02. 
Specification
Applicant’s specification filed on 07/08/2021 has been inspected and is in compliance with MPEP 608.01. 
Claim Objections
NO claim objections warranted at applicant’s time of filing the continuation. 
Claim Interpretation – 35 USC 112th 6th or F
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function.  
Such claim[s] and claim limitation(s) is/are: 
As per claim 10. An apparatus for wireless communications access security, the apparatus comprising:
	a computer processor of a client device remote from a server computer;
	a function receiver, implemented on said computer processor of the client device, configured “to receive at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;”
	a parameter measurer, implemented on said computer processor of the client device, configured “to extract at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a user of the client device;” and
	a threat determiner, implemented on said computer processor of the client device, in communication with said parameter measurer, configured “to detect a deviation of at least one of the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in communication with; and based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.”
As per claim 18. An apparatus for wireless communications access security, the apparatus comprising:
a computer processor of a server computer;
	a parameter receiver, implemented on said computer processor, configured “to receive from each one of a plurality of client devices remote from the server computer, at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the access point and the client device;”
	a function deriver, implemented on said computer processor, in communication with said parameter receiver, configured “to derive a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point;” and
	a function provider, implemented on said computer processor, in communication with said function deriver, configured “to provide at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.”
Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function.
Appropriate action required. 
Claim Rejections – 35 USC § 112
NO rejections warranted at time of applicants filing of the CON. 
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based e-Terminal Disclaimer may be filled out completely online using web-screens. An e-Terminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about e-Terminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim[s] 1 – 7, 9 -19 are rejected on the ground of non-statutory double patenting as being unpatentable over claim[s] 1 – 7, 9 -19 of U.S. Patent No. 11075928. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of the pending application and the patent are the same in scope:
receiving at least one reference set of values from a server computer, each one of the received reference sets pertaining to a respective access point, measuring at least one parameter during wireless communication with an active access point, and determining a threat indication for the active access point based on a deviation of at least one of the measured parameters from a respective one of the received reference sets of values pertaining to the active access point.
Also, see the table below for claim by claim comparison. 
Pending US App # 17/370798
US PAT # 11075928
1. A computer implemented method of wireless communications access security, the method comprising steps that a computer processor of a client device remote from a server computer is programmed to perform, the steps comprising:

by the client device, receiving at least one reference set of values from the server
computer, each one of the received reference sets pertaining to a respective access point and
defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;




by the client device, extracting at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a
user of the client device;

by the client device, detecting a deviation of at least one of the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in
communication with; and

by the client device and based on the detected deviation, carrying out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

1. A computer implemented method for wireless communications access
security, the method comprising steps that a computer processor of a client device remote from a server computer is programmed to perform, the steps comprising:

by the client device, receiving at least one reference set of values from the server
computer, each one of the received reference sets pertaining to a respective access point and
defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point, such that a
deviation of an extracted value from the expected value is indicative of potential threat;

by the client device, extracting at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a
user of the client device;

by the client device, detecting a deviation of at least one of the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in
communication with; and

by the client device and based on the detected deviation, carrying out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point, the method further comprising receiving a threat evaluation function from the server computer, wherein the threat evaluation function is a function derived by the server computer from a plurality of parameters measured by a plurality of client devices during wireless communication with access points, wherein a determining of the threat indication is carried out using the threat evaluation function.



2. The method of claim 1, further comprising restricting the communication with the active access point according to the detected deviation.

2. The method of claim 1, further comprising restricting the communication with the active access point according to the detected deviation.

3. The method of claim 1, further comprising detecting the deviation according to global data mapping a plurality of reference values at least according to time and location.

3. The method of claim 1, further comprising detecting the deviation
according to global data mapping a plurality of reference values at least according to time and location.

4. The method of claim 1, further comprising a preliminary step of sending data indicating a location of the client device to the server computer, wherein at least one of the received reference sets is selected by the server computer at least according to the indicated
location.

4. The method of claim 1, further comprising a preliminary step of sending data indicating a location of the client device to the server computer, wherein at least one of the received reference sets is selected by the server computer at least according to the indicated
location.

5. The method of claim 1, wherein at least one of the received reference sets is selected by the server computer at least according to time.

5. The method of claim 1, wherein at least one of the received reference sets is selected by the server computer at least according to time.

6. The method of claim 1, further comprising a preliminary step of sending data indicating location of the client device to the server computer, wherein at least one of the reference sets is selected by the server computer at least according to both time and the indicated location.

6. The method of claim 1, further comprising a preliminary step of sending data indicating location of the client device to the server computer, wherein at least one of the reference sets is selected by the server computer at least according to both time and the indicated location.

7. The method of claim 1, wherein at least one of the reference sets is selected by the server computer at least according to the active access point.

7. The method of claim 1, wherein at least one of the reference sets is selected by the server computer at least according to the active access point.

9. The method of claim 1, wherein each one of the received reference sets is derived by the server computer from a plurality of parameter sets, each parameter set pertaining to respective client device and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the access point and the client device.

9. The method of claim 1, wherein each one of the received reference sets is derived by the server computer from a plurality of parameter sets, each parameter set pertaining to respective client device and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the access point and the client device.

10. An apparatus for wireless communications access security, the apparatus comprising:

a computer processor of a client device remote from a server computer;

a function receiver, implemented on said computer processor of the client device, configured to receive at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;




a parameter measurer, implemented on said computer processor of the client device, configured to extract at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a user of the client device; and

a threat determiner, implemented on said computer processor of the client device, in communication with said parameter measurer, configured to detect a deviation of at least one of
the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in communication with; and 



based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client
device, restricting the communication of the client device with the active access point, diverting
the communication of the client device with the active access point, and suspending the
communication of the client device with the active access point.

10. An apparatus for wireless communications access security, the
apparatus comprising:

a computer processor of a client device remote from a server computer;

a function receiver, implemented on said computer processor of the client device, configured to receive at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point, such that a deviation of an extracted value from the expected value is indicative of potential threat;

a parameter measurer, implemented on said computer processor of the client device, configured to extract at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a user of the client device; and

a threat determiner, implemented on said computer processor of the client device, in communication with said parameter measurer, configured to detect a deviation of at least one of
the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in communication with; and 



based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client
device, restricting the communication of the client device with the active access point, diverting
the communication of the client device with the active access point, and suspending the
communication of the client device with the active access point, the function receiver further
configured to receive a threat evaluation function from the server computer, wherein the threat
evaluation function is a function derived by the server computer from a plurality of parameters
measured by a plurality of client devices during wireless communication with access points, the
threat determiner further configured to determine the threat indication using the threat evaluation
function.

11. A non-transitory computer readable medium storing computer processor executable instructions for performing steps of wireless communications access security on a client device remote from a server computer, the steps comprising:



by the client device, receiving at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;




by the client device, extracting at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a user of the client device; and

by the client device, detecting a deviation of at least one of the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in
communication with; and

by the client device and based on the detected deviation, carrying out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.


11. A non-transitory computer readable medium storing computer processor executable instructions for performing steps of wireless communications access
security on a client device remote from a server computer, the steps comprising:


by the client device, receiving at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point, such that a deviation of an extracted value from the expected value is indicative of potential threat;

by the client device, extracting at least one value based on measurement of the at least one parameter during the wireless communication of the client device with the access point when active, the active access point being an access point that is administrated by a party other than a
user of the client device; and

by the client device, detecting a deviation of at least one of the at least one extracted value from at least one of the at least one expected value defined by the respective one of the received reference sets of values pertaining to the active access point that the client device is in
communication with; and

by the client device and based on the detected deviation, carrying out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point, the steps further comprising receiving a threat evaluation function from the server computer, wherein the threat evaluation function is a function derived by the server computer from a plurality of parameters measured by a plurality of client devices
during wireless communication with access points, wherein a determining of the threat indication is carried out using the threat evaluation function.

12. A computer implemented method of wireless communications access security, the method comprising steps a server computer is programmed to perform, the steps comprising:

from each one of a plurality of client devices remote from the server computer, receiving at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the client device and the access point;

deriving a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point; and




providing at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

12. A computer implemented method for wireless communications access
security, the method comprising steps a server computer is programmed to perform, the steps comprising:

from each one of a plurality of client devices remote from the server computer, receiving at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the client device and the access point;

deriving a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at
least one value expected to be extracted based on measurement of at least one parameter during
wireless communication with the access point, such that a deviation of an extracted value from
the expected value is indicative of potential threat; and

providing at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point; the method further comprising
receiving a threat evaluation function from the server computer, wherein the server computer derives the threat evaluation function from a plurality of parameters measured by a plurality of client devices during wireless communication with access points.

13. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to location of the client device in communication with the server computer.

13. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to location of the client device in
communication with the server computer.

14. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to time.

14. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to time.

15. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to both location of the client device in communication with the server computer and time.

15. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to both location of the client device in communication with the server computer and time.

16. The method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to an active access point in communication with the client device that is in remote communication with the server computer for said providing.

16. The method of claim 12, further comprising a step of selecting the
derived reference set for said providing, at least according to an active access point in communication with the client device that is in remote communication with the server computer for said providing.

17. The method of claim 12, further comprising maintaining global data mapping a plurality of reference values at least according to time and location, wherein at least one of the reference sets provided to the client device in communication with the server computer is based on a sub-portion of the maintained global data.

17. The method of claim 12, further comprising maintaining global data mapping a plurality of reference values at least according to time and location, wherein at least one of the reference sets provided to the client device in communication with the server computer is based on a sub-portion of the maintained global data.

18. An apparatus for wireless communications access security, the apparatus comprising:

a computer processor of a server computer;

a parameter receiver, implemented on said computer processor, configured to receive from each one of a plurality of client devices remote from the server computer, at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the access point and the client device;



a function deriver, implemented on said computer processor, in communication with said parameter receiver, configured to derive a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point; and


a function provider, implemented on said computer processor, in communication with said function deriver, configured to provide at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client
device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during
the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 







alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

18. An apparatus for wireless communications access security, the
apparatus comprising:

a computer processor of a server computer;

a parameter receiver, implemented on said computer processor, configured to receive from each one of a plurality of client devices remote from the server computer, at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the access point and the client device;

a function deriver, implemented on said computer processor, in communication with said parameter receiver, configured to derive a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point, such that a deviation of an extracted value from the expected value is indicative of potential threat; and

a function provider, implemented on said computer processor, in communication with said function deriver, configured to provide at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client
device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 








alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point;

the function provider further configured to receive from the function deriver of
said-computer processor a threat evaluation function, the function deriver further configured to derive a threat evaluation function from a plurality of parameters measured by a plurality of
client devices during wireless communication with access points.

19. A non-transitory computer readable medium storing computer processor executable instructions for performing steps of wireless communications access security on a server computer, the steps comprising:


from each one of a plurality of client devices remote from the server computer, receiving at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the client device and the access point;

deriving a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point; and



providing at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

19. A non-transitory computer readable medium storing computer processor executable instructions for performing steps of wireless communications access
security on a server computer, the steps comprising:


from each one of a plurality of client devices remote from the server computer, receiving at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one value extracted based on measurement of at least one parameter during wireless communication between the client device and the access point;

deriving a reference set of values for each respective one of the access points from the received at least one parameter set pertaining to the access point, the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point, such that a deviation of an extracted value from the expected value is indicative of potential threat; and

providing at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: 

alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point;

the steps further comprising receiving a derived threat evaluation function from the server computer, wherein the server computer derives the threat evaluation function from a plurality of parameters measured by a plurality of client devices during wireless communication with access points.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim[s] 10 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) 10 does/do not fall within at least one of the four categories of patent eligible subject matter because the claim language intends to claim software per se. The claim language recites: function receiver, parameter measurer, threat determiner in a manner that suggests they only embody software. While the claim language does recite that each piece of software is implemented on the processor of the client device, however, such software doesn’t have to be exclusively implemented on the client device. The recited client device and server computer do not further limit the claim in any manner, and merely suggests that such software is for use with recited client device. Therefore, it can be concluded that applicant is reciting software only, which clearly isn’t one of the statutory categories under the meaning the statute here under. 
Appropriate action required. 
***In the interest of prosecution forward, applicant should consider further limiting the claim, and positively recite a client device. 

Claim[s] 18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) 18 does/do not fall within at least one of the four categories of patent eligible subject matter because the claim language intends to claim software per se. The claim language recites: parameter receiver, function deriver, function provider in a manner that suggests they only embody software. While the claim language does recite that each piece of software is implemented on a server computer, however, such software doesn’t have to be exclusively implemented on the server computer. The recited server computer does not further limit the claim in any manner, and merely suggests that such software is for use with recited server computer. Therefore, it can be concluded that applicant is reciting software only, which clearly isn’t one of the statutory categories under the meaning the statute here under.
Appropriate action required. 
***In the interest of prosecution forward, applicant should consider further limiting the claim, and positively recite a server computer. 

Claim Rejections - 35 USC § 102
NO rejections warranted at applicant’s time of filing for continuation. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim[s] 1, 10, 11 is/are rejected under 35 U.S.C. 103 as being unpatentable
over Jeong et al. [US PGPUB # 2010/0162392] in view of Nedkov et al. [US PAT #
8191128], further in view of Bhattacharya et al. [US PAT # 7483972]

As per claim 1. Jeong does teach a computer implemented method of wireless communications access security [Jeong, paragraph 0003, lines 1 – 4, the present invention relates to an apparatus and method for monitoring the security status of a wireless network, and more particularly, to an apparatus and method for monitoring the security status of a wireless network], the method comprising steps that a computer processor of a client device remote from a server computer is programmed to perform [Jeong, paragraph 0052], the steps comprising:

	by the client device, receiving at least one reference set of values from the server computer, each one of the received reference sets pertaining to a respective access point…………… [Jeong, paragraph 0023, lines 1 – 4, the security event collection unit 102 [i.e. applicant's client device] may collect [i.e. applicant’s receiving] traffic data [i.e. applicant's at least one reference set of values] such as NetFlow or sFlow from the security event collectors 120 and 130, which collect traffic generated by the APs 122 and 132]; 

	by the client device, at least……………..one parameter during the wireless communication of the client device with the access point when active [Jeong, paragraph 0035, lines 11 – 19, in addition, it is possible to obtain [i.e. applicant’s one parameter] detailed information regarding the current state of an AP from the data provided by the RF signal integration module 234 [i.e. applicant’s client device]. Therefore, it is possible for a network administrator to acquire not only information regarding the flow of traffic but also information regarding the state of an AP by mapping traffic information generated for each AP and detailed AP information obtained as a result of RF signal [i.e. applicant’s during wireless communication] monitoring and integrating the results of mapping into event information]…………………;

	by the client device, detecting a deviation of at least one of……..respective one of the received reference sets of values pertaining to the active access point that the client device is in communication with……..[paragraph 0036, the abnormal phenomenon detection module 242 [i.e. applicant’s client device] may determine whether an abnormal phenomenon [i.e. applicant’s threat indication] has occurred in each of a plurality of Aps [i.e. applicant’s active access point] by analyzing event information provided by the event information mapping module 232 for a corresponding AP.  Then at paragraph 0035, lines 1 – 7, The event information mapping module 232 may analyze the correlation between data [i.e. applicant’s measured parameters] provided by the RF signal integration module 234 and data [i.e. applicant’s received reference set of values] provided by the security event normalization module 214 and may map the data provided by the RF signal integration module 234 and the data provided by the security event normalization module 214 according to the results of the analysis]; and

	by the client device and based on the detected deviation, carrying out at least one step of the group consisting of: alerting on a threat indication to a user of the client device [Jeong, paragraph 0036, The abnormal phenomenon detection module 242 of network security monitoring apparatus 200 [i.e. applicant’s client device] may determine whether an abnormal phenomenon [i.e. applicant’s threat indication] has occurred in each of a plurality of APs by analyzing event information provided by the event information mapping module 232 for a corresponding AP. The abnormal phenomenon detection module 242 may notify the security event information display module 242 of abnormal wireless network device information indicating whichever of the APs is an abnormal AP where an abnormal phenomenon is detected [i.e. applicant’s alerting on the threat indication]. Where further of Jeong, at paragraph 0037 lines 7 – 11, In addition, the security event information display module 244 may display the abnormal wireless network device information provided by the abnormal phenomenon detection module 242 so as to be easily recognizable. Where further of Jeong, at paragraph 0035, lines 11 – 19, in addition, it is possible to obtain detailed information regarding the current state of an AP from the data provided by the RF signal integration module 234. Therefore, it is possible for a network administrator [i.e. applicant’s user of the client device] to acquire not only information regarding the flow of traffic but also information regarding the state of an AP by mapping traffic information generated for each AP and detailed AP information obtained as a result of RF signal monitoring and integrating the results of mapping into event information], restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

	Jeong does not teach clearly…….. and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;
	…………… extracting at least one value based on measurement of the…………….. the active access point being an access point that is administrated by a party other than a user of the client device…………..;
	 ………. the at least one extracted value from at least one of the at least one expected value defined by the…………

	However, Nedkov does teach…………… extracting at least one value based on measurement of the…………….. the active access point being an access point that is administrated by a party other than a user of the client device……………[Figure # 1A and col. 4, lines 28 – 32, FIG. 1A shows a client device 102 that has entered a region 103 of service to a public data network 104. The public data network 104 could be the internet or, generally, any network accessible at multiple access points operated by different "access providers". Then further of Nedkov, at col. 6, lines 54 – 57, Upon recognizing the attempt of the client device 102 to access the public data network 104 [i.e. applicants, extracting at least one value based on measurement……etc.], the gateway 118 sends a message stream 14 to the client device 102 redirecting it to the visited network server 120].
 
	It would have been obvious to one ordinary skilled in the art before the effective filing date of applicants claimed invention to combine the teachings of Jeong and Nedkov in order for the a network security monitoring device that monitors specific attributes of a network activities: packet traffic patterns and radio frequency data of a user of Jeong to include requesting and monitoring the user credentials of Nedkov, which would allow for the network provider to authenticate the user before access to the requested provider network. See col. 2, lines 15 – 33 of Nedkov.

	Jeong and Nedkov do not clearly teach…….. and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;


………. the at least one extracted value from at least one of the at least one expected value defined by the…………

	However, Bhattacharya does teach…….. and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication of the client device with the access point;

………. the at least one extracted value from at least one of the at least one expected value defined by the………… [col. 3, lines 46 – 54, The present invention provides a method of processing a stream of event messages sent to a network security monitor [i.e. applicant’s based on a measurement] from a plurality of security devices in a real-time and on-line fashion. 
An event message generated by a security device, e.g., an intrusion detection sensor (IDS), is characterized by a set of event parameters [i.e. applicant’s the at least one extracted value from at least one of the at least one expected value ….] that specify the details about the generation of an event.
Then at figure # 6 and col. 7, lines 17 – 21, If the new event message satisfies the intra-event constraint of a leaf node (605-Yes), the process moves to step 613. In step 613, the process checks the event parameters of the incoming message against value sets [i.e. applicant’s defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication] associated with the leaf node, if any.
Where at Figure #3 and col. 4, lines 45 – 51, a network communication module 318 that is used for connecting monitor 300 to various security devices or client computers (not shown) and possibly to other servers or computers via one or more communication networks (wired or wireless) [i.e. applicants during wireless communication], such as the Internet, other wide area networks, local area networks, metropolitan area networks, and so on].
It would have been obvious to one ordinary skilled in the art before the effective filing date of applicants claimed invention to combine the teachings of Jeong as modified and Bhattacharya in order for the network security monitoring device that monitors specific attributes of network activities: packet traffic patterns and radio frequency data of a user of Jeong as modified to include a network security monitor that employs multiple intrusion detection systems of Bhattacharya. This would allow for the detection of intrusions in the network activities in real – time, which allows for the detection and mitigation of an attack before the attack can damage network and network devices that are connected thereto. See col. 1, lines 60 – 67 and col. 2, lines 1 – 3 of Bhattacharya.   
As per apparatus claim 10 that includes all the same or similar claim limitations as method claim 1, and is similarly rejected.
****The examiner notes that applicant’s recited computer processor of a client device, function receiver, parameter measurer, threat determiner implemented on said computer processor is taught by Jeong at paragraph 0052, lines 9 – 12, computer systems, can execute the instructions of the distributed computer readable recording medium in a decentralized manner.
As per non – transitory medium claim 11 that includes all the same or similar claim limitations as method claim 1, and is similarly rejected.
***The examiner notes that applicant's claimed non - transitory medium is taught by the prior art of Jeong at paragraph 0052.


Claim [s] 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong
et al. [US PGPUB # 2010/0162392] in view of Nedkov et al. [US PAT # 8191128] and Bhattacharya et al. [US PAT # 7483972] as applied to the rejection of claim # 1 above,
further in view of Bettini et al. [US PGPUB # 2013/0347094]

As per claim 2. Jeong and Nedkov and Bhattacharya do teach what is taught in the rejection of claim 1 above. 
Jeong and Nedkov and Bhattacharya do not teach clearly the method of claim 1, further comprising restricting the communication with the active access point according to the detected deviation.
However, Bettini does teach the method of claim 1, further comprising restricting the communication with the active access point according to the detected deviation [paragraph: 0037, lines 5 - 15].
It would have been obvious to one of ordinary skill in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Jeong as modified and Bettini in order for the monitoring of the access points and the wireless clients of the wireless network of Jeong as modified to include monitoring the applications resident on the access point and client devices of the wireless network of Bettini. This would allow for in - filtering of operations of the applications of the wireless devices and access points on the wireless network. See paragraph: 0039 of Bettini.
Claim[s] 3 — 7, 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong et al. [US PGPUB # 2010/0162392] in view of Nedkov et al. [US PAT # 8191128] and Bhattacharya et al. [US PAT # 7483972] as applied to the rejection of claim # 1 above, further in view of Ponnampalam et al. [US PGPUB # 2016/0014613]

As per claim 3.  Jeong and Nedkov and Bhattacharya do teach what is taught in the rejection of claim 1 above. 
Jeong and Nedkov and Bhattacharya do not teach clearly the method of claim 1, further comprising detecting the deviation according to global data mapping a plurality of reference values at least according to time and location.
However, Ponnampalam does teach the method of claim 1, further comprising detecting the deviation according to global data mapping a plurality of reference values at least according to time and location [paragraph 0037, lines 5 – 7].
It would have been obvious to one of ordinary skill in the before the effective filing date of applicant’s claimed invention to combine the teachings of Jeong as modified and Ponnampalam in order for the effective operation of the access points and the wireless clients of the wireless network to communicate of Jeong modified to include sending specific performance parameters to the access points and wireless clients of Ponnampalam. This would allow for the wireless devices and access points to communicate over the wireless network in a specific and efficient manner. See paragraph: 0005, lines 1 - 9 of Ponnampalam.

As per claim 4. Jeong as modified does teach the method of claim 1, further comprising a preliminary step of sending data indicating a location of the client device to the server computer, wherein at least one of the received reference sets is selected by the server computer at least according to the indicated location [Ponnampalam, paragraph: 0050, lines 1 – 14, to improve wireless coverage of a network, the access point that communicates with one or more wireless radio client devices, retrieve with a processor spectrum information of a database of the wireless radio devices in the area of the access point, where the spectrum information profiles the location of the wireless radio devices and different timing settings of the operating frequencies of wireless radio devices].

As per claim 5. Jeong does teach the method of claim 1, wherein at least one of the received reference sets is selected by the server computer at least according to time [Jeong, paragraph 0043, lines 1 – 7, in this manner, a network administrator may determine whether an abnormal phenomenon has occurred in a wireless network based on the source IP dispersion, the source port number dispersion, the destination port number dispersion, the destination IP dispersion and the traffic quantity dispersion of traffic generated over a predetermined period of time].

As per claim 6. Jeong as modified does teach the method of claim 1, further comprising a preliminary step of sending data indicating location of the client device to the server computer, wherein at least one of the reference sets is selected by the server computer at least according to both time and the indicated location [Ponnampalam, paragraph: 0050, lines 1 – 14, to improve wireless coverage of a network, the access point that communicates with one or more wireless radio client devices, retrieve with a processor spectrum information of a database of the wireless radio devices in the area of the access point, where the spectrum information profiles the location of the wireless radio devices and different timing settings of the operating frequencies of wireless radio devices].

As per claim 7. Jeong does teach the method of claim 1, wherein at least one of the reference sets is selected by the server computer at least according to the active access point [Jeong, paragraph 0035, lines 11 – 19, in addition, it is possible to obtain detailed information regarding the current state of an AP from the data provided by the RF signal integration module 234. Therefore, it is possible for a network administrator to acquire not only information regarding the flow of traffic but also information regarding the state of an AP by mapping traffic information generated for each AP and detailed AP information obtained as a result of RF signal monitoring and integrating the results of mapping into event information].

As per claim 9. Jeong as modified does teach the method of claim 1, wherein each one of the received reference sets is derived by the server computer from a plurality of parameter sets, each parameter set pertaining to respective client device [Jeong, paragraph 0008, lines 3 – 5, Then, the administration server may display statistical data [i.e. applicant’s reference set of values] regarding the collected traffic on a screen] and comprising at least one value extracted based on measurement of at least one parameter [Bhattacharya, col. 3, lines 46 – 54, The present invention provides a method of processing a stream of event messages sent to a network security monitor [i.e. applicant’s based on a measurement] from a plurality of security devices in a real-time and on-line fashion. An event message generated by a security device, e.g., an intrusion detection sensor (IDS), is characterized by a set of event parameters [i.e. applicant’s extracting at least one value based on measurement of the….] that specify the details about the generation of an event. Then further of Bhattacharya, at figure # 6 and col. 7, lines 17 – 21, If the new event message satisfies the intra-event constraint of a leaf node (605-Yes), the process moves to step 613. In step 613, the process checks the event parameters of the incoming message against value sets [i.e. applicant’s and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication] associated with the leaf node, if any] during wireless communication between the access point and the client device [Jeong, paragraph 0008, lines 1 – 3, in the second method, an AP or an event collecting agent for collecting RF signals may collect wireless traffic [i.e. applicant’s previously] and may transmit the collected traffic to an administration server. Where further of Jeong, at paragraph 0035, lines 11 – 19, in addition, it is possible to obtain detailed information regarding the current state of an AP from the data provided by the RF signal integration module 234. Therefore, it is possible for a network administrator to acquire not only information regarding the flow of traffic but also information regarding the state of an AP by mapping traffic information generated for each AP and detailed AP information obtained as a result of RF signal monitoring and integrating the results of mapping into event information].

Claim[s] 12, 16, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. [US PGPUB # 2015/0110077] in view of Jeong et al. [US PGPUB # 2010/0162392], further in view of Bhattacharya et al. [US PAT # 7483972]

As per claim 12. Lee does teach a computer implemented method of wireless communications access security, the method comprising steps a server computer is programmed to perform [Lee, paragraph: 0009], the steps comprising:

	from each one of a plurality of client devices remote from the server computer, receiving at least one parameter set, each parameter set pertaining to a respective access point administrated by a party other than a user of the client device, and comprising at least one…………….during wireless communication between the client device and the access point [paragraph 0029, lines 3 – 9, preparing a reference information request including type information of the wireless communication terminal and identification information of one or more access points found from a search of the wireless data network for access points transmitting the prepared reference information request to the remote server of which address information for access is pre-assigned];

	deriving a reference set of values for each respective one of the access points from the received………….pertaining to the access point [paragraph 0029, lines 10 – 16, receiving from the remote server reference information which is a response to the transmitted reference information request; calculating, for each of at least one access point found from searching the wireless data network, relative strength of a signal strength of the each access point with respect to a reference value of each access point written in the received reference information]………… 


	Lee does not clearly teach and providing at least one of the derived reference sets of values to a client device in remote communication with the server computer, thereby allowing the client device in remote communication with the server computer, to detect a deviation of at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point, and based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client device, restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.

	However, Jeong does teach and providing at least one of the derived reference sets of values to a client device in remote communication with the server computer [Jeong, paragraph 0008, lines 1 – 3, in the second method, an AP or an event collecting agent for collecting RF signals may collect wireless traffic [i.e. applicant’s previously]……………….., and based on the detected deviation, to carry out at least one step of the group consisting of: alerting on a threat indication to a user of the client device [paragraph 0036, The abnormal phenomenon detection module 242 of network security monitoring apparatus 200 [i.e. applicant’s client device] may determine whether an abnormal phenomenon [i.e. applicant’s threat indication] has occurred in each of a plurality of APs by analyzing event information provided by the event information mapping module 232 for a corresponding AP. The abnormal phenomenon detection module 242 may notify the security event information display module 242 of abnormal wireless network device information indicating whichever of the APs is an abnormal AP where an abnormal phenomenon is detected [i.e. applicant’s alerting on the threat indication]. Where at paragraph 0037 lines 7 – 11, In addition, the security event information display module 244 may display the abnormal wireless network device information provided by the abnormal phenomenon detection module 242 so as to be easily recognizable. 
	Where, further of Jeong, at paragraph 0035, lines 11 – 19, in addition, it is possible to obtain detailed information regarding the current state of an AP from the data provided by the RF signal integration module 234. Therefore, it is possible for a network administrator [i.e. applicant’s user of the client device] to acquire not only information regarding the flow of traffic but also information regarding the state of an AP by mapping traffic information generated for each AP and detailed AP information obtained as a result of RF signal monitoring and integrating the results of mapping into event information], restricting the communication of the client device with the active access point, diverting the communication of the client device with the active access point, and suspending the communication of the client device with the active access point.
It would have been obvious before the effective filing date of applicants claimed invention to combine the teachings of Lee and Jeong in order for the collecting of information of access points in a network by a remote server of Lee to include collecting the status data of the access point of Jeong. This would allow for the administrator of the remote server to determine the state of the access point, before communicating with it. See paragraph 0035, lines 11 – 19 of Jeong.
Lee and Jeong do not clearly teach…………… value extracted based on measurement of at least one parameter…….;
 ……..at least one parameter set………………….. the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point. 
………at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point…………….;
However, Bhattacharya does teach…………… value extracted based on measurement of at least one parameter…….;
 ……..at least one parameter set………………….. the reference set defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication with the access point. 
………at least one value extracted by the client device based on measurement of the at least one parameter during the wireless communication of the client device with the access point when the access point is active, from at least one of the at least one expected value defined by the provided reference set of values pertaining to the active access point……………. [col. 3, lines 46 – 54, The present invention provides a method of processing a stream of event messages sent to a network security monitor [i.e. applicant’s based on a measurement] from a plurality of security devices in a real-time and on-line fashion. 
An event message generated by a security device, e.g., an intrusion detection sensor (IDS), is characterized by a set of event parameters [i.e. applicant’s extracting at least one value based on measurement of the….] that specify the details about the generation of an event.
Then at figure # 6 and col. 7, lines 17 – 21, If the new event message satisfies the intra-event constraint of a leaf node (605-Yes), the process moves to step 613. In step 613, the process checks the event parameters of the incoming message against value sets [i.e. applicant’s and defining at least one value expected to be extracted based on measurement of at least one parameter during wireless communication] associated with the leaf node, if any.
Where at Figure #3 and col. 4, lines 45 – 51, a network communication module 318 that is used for connecting monitor 300 to various security devices or client computers (not shown) and possibly to other servers or computers via one or more communication networks (wired or wireless) [i.e. applicants during wireless communication], such as the Internet, other wide area networks, local area networks, metropolitan area networks, and so on].
 It would have been obvious before the effective filing date of applicants claimed invention to combine the teachings of Lee as modified and Bhattacharya in order for the collecting and monitoring of information of access points in a network by a remote server of Lee as modified to include a network security monitor that employs multiple intrusion detection systems on such access points of Bhattacharya. This would allow for the detection of intrusions in the network activities of the access points in real – time, which allows for the detection and mitigation of the attack before the attack can damage the network and network devices. See col. 1, lines 60 – 67 and col. 2, lines 1 – 3 of Bhattacharya.

As per claim 16. Lee does teach the method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to an active access point in communication with the client device that is in remote communication with the server computer for said providing [Lee, paragraph: 0015,  lines 16 – 28, and an access point selecting unit configured to receive from a remote server reference information containing one or more reference values regarding at least one access point by transmitting a request for access point reference information through one network among the plurality of heterogeneous networks, the request including type information of the wireless communication terminal and identification information of one or more access points belonging to the wireless data network, calculate, for each of one or more access points found from searching the wireless data network, relative strength of a signal strength of the each access point with respect to a reference values of the each access point written in the received reference information].

As per apparatus claim 18 that includes all the same or similar claim limitations as method claim 12, and is similarly rejected.
***The examiner notes that applicant’s recited computer processor of a server computer is taught by Lee at paragraph 0162, lines 1 – 10. And applicant's recited parameter receiver, function deriver, function provider is taught by the prior art of Lee at paragraph 0163, lines 1 – 16. 

As per non – transitory medium claim 19 that includes all the same or similar claim limitations as method claim # 12, and is similarly rejected.
***The examiner notes that the prior art of Jeong does teach applicants recited non – transitory medium, instructions, processor at paragraph 0052.



Claim[s] 13 — 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. [US PGPUB # 2015/0110077] in view of Jeong et al. [US PGPUB # 2010/0162392], and Bhattacharya et al. [US PAT # 7483972] as applied in the rejection of claim #12 above, further in view of Ponnampalam et al. [US PGPUB # 2016/001 4613]

As per claim 13. Lee and Jeong and Bhattacharya do teach what is taught in the rejection of claim 12 above.
Lee and Jeong and Bhattacharya do not clearly teach the method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to location of the client device in communication with the server computer.
However, Ponnampalam does teach the method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to location of the client device in communication with the server computer [Ponnampalam, paragraph: 0050, lines 1 – 14, to improve wireless coverage of a network, the access point that communicates with one or more wireless radio client devices, retrieve with a processor spectrum information of a database of the wireless radio devices in the area of the access point, where the spectrum information profiles the location of the wireless radio devices and different timing settings of the operating frequencies of wireless radio devices].
It would have been obvious before the effective filing date of applicants claimed invention to combine the teachings of Lee as modified and Ponnampalam in order for the collecting of information of access points in a network by a remote server of Lee as modified to include sending specific performance parameters to the remote server of Ponnampalam. This would allow for the remote server and the wireless devices and access points to communicate with each other over the wireless network in a specific and efficient manner. See paragraph: 0005, lines 1 - 9 of Ponnampalam.

As per claim 14. Lee as modified does teach the method of claim 12, further comprising a step of selecting the derived reference
set for said providing, at least according to time [Ponnampalam, paragraph 0043, lines 1 – 7, in this manner, a network administrator may determine whether an abnormal phenomenon has occurred in a wireless network based on the source IP dispersion, the source port number dispersion, the destination port number dispersion, the destination IP dispersion and the traffic quantity dispersion of traffic generated over a predetermined period of time].
As per claim 15. Lee as modified does teach the method of claim 12, further comprising a step of selecting the derived reference set for said providing, at least according to both location of the client device in communication with the server computer and time[Ponnampalam, paragraph: 0050, lines 1 – 14, to improve wireless coverage of a network, the access point that communicates with one or more wireless radio client devices, retrieve with a processor spectrum information of a database of the wireless radio devices in the area of the access point, where the spectrum information profiles the location of the wireless radio devices and different timing settings of the operating frequencies of wireless radio devices].

Allowable Subject Matter
Claim[s] 8, 17 contain allowable subject matter, but as allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).
Claim[s] 8, 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Viegas et al., who does teach collecting access point messages to be used for recognition or classification purposes by a wireless message sniffer module. The set of desired access point message types to be used for recognition or classification purposes is filtered by a message filter module. The features are extracted by a feature extraction module from the access point messages to be used for recognition or classification purposes. The access point characteristics to be used for external solutions are recognized by an access point characteristic recognition module. The access point characteristics to be used for external solutions are classified by an access point characteristic classification module.
	GAO et al., who does teach detecting by a first access point of the multiple access points. The signal strength is compared with a threshold and if the signal strength is less than the threshold. The client device is disconnected from the first access point by the first access point. A signal indicating the disconnection of the client device is transmitted to an access controller by the first access point. The connection status information is updated to indicate the disconnection of the client device from the first access point by the access controller. The connection status information of the client device to the access points is transmitted by the access controller. The client device is connected with the second access point of the access points in response to receiving the connection status information that indicates the disconnection of the client device from the first access point by a second access point of the access points.
	Kapoor et al., who does teach determining a first and second received signal strength values of a first and second probe requests transmitted from a client device to a first and second access points. A first change is computed in signal strength value corresponding to wireless communication between client device and first access point based on first signal strength value and second signal strength value. The first access point is instructed from multiple access points to provide network access to client device based on first change in signal strength value. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434