Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 06/01/2022 have been received and entered.  Applicant has amended claims 1, 2, 10, 15, and 16. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 7-11, with respect to the rejection(s) of the independent claims 1, 10, and 15 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Nguyen et al. (US 20060256763), hereinafter Nguyen.
	The rest of applicant’s arguments are moot in view of new grounds of rejection set forth above.
 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 8, 10, 11, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen.
	Regarding Claim 1, CAMMAROTA teaches
	A method, comprising: receiving, by a controller from an access point, a request for joining a network ([Abstract] The apparatus may receive an authentication request from the at least one second AP via the communication link based on the 1905.1 protocol. In certain aspects, the authentication request may include at least a first signed certificate and a first generated value. Para [0037] In an aspect, the RAP 104 (e.g., first AP) may include one or more components for performing various functions. For example, the RAP 104 may include a 1905.1 component 124 to perform procedures related to exchanging messages with a group of APs (e.g., SAPs 114, 118, 204, 304a, 304b, 304c, the communication device 702, 900) using the 1905.1 protocol or 1905.1-related protocol. In certain configurations, the RAP 104 may include a multi-AP controller configured to control and/or communicate with a group of SAPs);
	receiving, by the controller from the access point, the authentication code that is generated by the neighbor access point (Para [0117] FIG. 6 is a functional block diagram of an example communication device 600 that may exchange a message authentication code with a second device. … The processing system 610, the 1905.1 component 624, the transmitter 615, and/or the receiver 605 may be configured to transmit an authentication response to the at least one second AP using the communication link based on the 1905.1 protocol);
	CAMMAROTA does not explicitly teach verifying, by the controller, the access point based on the request for joining the network; in response to verifying the access point, transmitting, by the controller, a neighbor authentication notification to the access point, the neighbor authentication notification for obtaining an authentication code from a neighbor access point that is connected in the network; and responsive to a determination, by the controller, that the authentication code is valid, accepting the access point to join the network.
	In the same field of endeavor, Nguyen teaches
	verifying, by the controller, the access point based on the request for joining the network (Para [0006] “Thus, in FIG. 2A, the STA is associated with AP A using the RADIUS-compliant AAA authentication server (AS) and obtains PMKA to secure the session. The STA then issues an accounting-request (start) message to the accounting server, which causes the accounting server to issue a notify-request message to each of the neighbor APs (B and E) identified in AP A's neighbor graph.  … The STA re-associates [i.e. verifies] with the new AP by generating PMKB (using the MAC address of AP B) and obtaining a PTK using a standard 4-way handshake. After the STA re-associates, AP B updates its neighbor graph, as illustrated in FIG. 2D”);
	in response to verifying the access point, transmitting, by the controller, a neighbor authentication notification to the access point, the neighbor authentication notification for obtaining an authentication code from a neighbor access point that is connected in the network (Para [0036] The present invention provides numerous advantages. Fast roaming is achieved by having a wireless client's PMK distributed to neighboring APs proactively, i.e., before the client arrives at the neighbor AP. Thus, when the client hands-off to the neighbor AP, the PMK is already there so that user data can flow as soon as possible without having to restart authentication and key distribution processes between the client and the authentication server. The service controller assumes initially (at some time to) that each AP is connected to every other AP; as the mobile devices exhibit mobility (and the APs issue re-association notification message updates), the SC learns of the true AP connectivity. As new APs are added (even after time t.sub.0), the SC provides all keys to that AP (by key priming) until additional information can be learned about the AP and its physical proximity (to other APs). In this manner, keys usually are always available at the AP in advance of the STA's arrival); 
	responsive to a determination, by the controller, that the authentication code is valid, accepting the access point to join the network (Para [0030] “The creation of a PMK entry typically is the result of the reception of an IAPP_ADD request from an AP that has detected a client association and the client is authenticated and authorized to use the WLAN”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by CAMMAROTA to incorporate the teachings of Nguyen such that the method of CAMMAROTA includes verifying, by the controller, the access point based on the request for joining the network; in response to verifying the access point, transmitting, by the controller, a neighbor authentication notification to the access point, the neighbor authentication notification for obtaining an authentication code from a neighbor access point that is connected in the network; and responsive to a determination, by the controller, that the authentication code is valid, accepting the access point to join the network.  One would have been motivated to make such combination so that a controller is used to manage the neighbor graph generation and maintenance, as well as PMK notifications; a given STA obtains a PMK when it associates with an AP in the WLAN infrastructure; and a neighbor graph identifies prospective APs to which the STA may then roam (Nguyen, Para [0008]).
	Regarding Claim 2, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,
	The method according to claim 1, further comprising: responsive to verifying the access point, transmitting to the neighbor access point, by the controller, a neighbor authentication command for generating the authentication code by the neighbor access point, the neighbor authentication command comprising a target access point for which the authentication code is generated, an algorithm with which the authentication code is generated, and a seed for generating the authentication code with the algorithm (CAMMAROTA, Para [0039] The 1905.1 component 124 may be configured to transmit one or more messages to the at least one second AP using the communication link based on the 1905.1 protocol. In certain aspects, the MAC may be included in a MAC type length value (TLV) (MAC-TLV) portion of each of the one or more messages. The 1905.1 component 124 may be configured to determine a keyed-hash message authentication code (HMAC) for each of the one or more messages based at least in part on a message header and all type length values (TLVs) excluding the MAC-TLV (i.e. hash algorithm).  [0056] In certain configurations, the public key cryptography may employ elliptic curves, e.g., National Institute of Science and Technology (NIST) curve p-256. Open secure sockets layer (SSL) (OpenSSL) cryptology may provide two command line tools for working with keys suitable for elliptic curve algorithms. Para [0066] In a fourth example, in instances of the extended authentication framework, i.e., Wi-Fi Simple Configuration (e.g., for use over the Wi-Fi backhaul channel), the RAP 202 and the SAP 204 may determine a pairwise secret; expand the pairwise secret using a pseudo-random function to a random number and set it to PMK (e.g., the seed to the pseudo-random function may be nonce-1, nonce-2, different nonces, and/or media access control address(es)).).
	Regarding claim 8, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,	
	The method according to claim 1, further comprising: transmitting to the access point a further neighbor authentication notification for obtaining a further authentication code from a further neighbor access point that is connected in the network (CAMMAROTA, Para [0037] … In certain aspects, the authentication request may include at least a first signed certificate and a first generated value. The 1905.1 component 124 may be configured to determine if the at least one second AP is associated with a same certificate authority as the first AP based on a verification key and the first signed certificate. … In certain other aspects, the authentication response may be transmitted when it is determined that the at least one second AP is associated with the same certificate authority as the first AP. In certain other aspects, the verification key may be a certificate authority digital signature);
	receiving, from the access point, the further authentication code that is generated by the further neighbor access point (CAMMAROTA, Para [0117] FIG. 6 is a functional block diagram of an example communication device 600 that may exchange a message authentication code with a second device. … The processing system 610, the 1905.1 component 624, the transmitter 615, and/or the receiver 605 may be configured to transmit an authentication response to the at least one second AP using the communication link based on the 1905.1 protocol); and 
	in accordance with a determination that the further authentication code is valid, accepting the access point to join the network (Nguyen, Para [0030] “The creation of a PMK entry typically is the result of the reception of an IAPP_ADD request from an AP that has detected a client association and the client is authenticated and authorized to use the WLAN”).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 10, CAMMAROTA teaches
A method, comprising: receiving, from a controller in a network, a neighbor authentication command for generating an authentication code for a target access point, the neighbor authentication command comprising an identification of the target access point being verified by the controller to join the network ([Abstract] The apparatus may receive an authentication request from the at least one second AP via the communication link based on the 1905.1 protocol. In certain aspects, the authentication request may include at least a first signed certificate and a first generated value. Para [0035] “Transmission of a beacon may be divided into a number of groups or intervals. In one aspect, the beacon may include, but is not limited to, such information as timestamp information to set a common clock, a peer-to-peer network identifier, a device identifier, capability information, a superframe duration, transmission direction information, reception direction information, a neighbor list, and/or an extended neighbor list, some of which are described in additional detail below. Thus, a beacon may include information that is both common (e.g., shared) amongst several devices and specific to a given device”.   Para [0037] … In certain aspects, the authentication request may include at least a first signed certificate and a first generated value. The 1905.1 component 124 may be configured to determine if the at least one second AP is associated with a same certificate authority as the first AP based on a verification key and the first signed certificate. … In certain other aspects, the authentication response may be transmitted when it is determined that the at least one second AP is associated with the same certificate authority as the first AP. In certain other aspects, the verification key may be a certificate authority digital signature);
	receiving, from an access point, a request for obtaining an authentication code (Para [0117] FIG. 6 is a functional block diagram of an example communication device 600 that may exchange a message authentication code with a second device. … The processing system 610, the 1905.1 component 624, the transmitter 615, and/or the receiver 605 may be configured to transmit an authentication response to the at least one second AP using the communication link based on the 1905.1 protocol);
	transmitting to the access point the authentication code (Para [0117] FIG. 6 is a functional block diagram of an example communication device 600 that may exchange a message authentication code with a second device. … The processing system 610, the 1905.1 component 624, the transmitter 615, and/or the receiver 605 may be configured to transmit an authentication response to the at least one second AP using the communication link based on the 1905.1 protocol).
	CAMMAROTA does not explicitly teach in accordance with a determination that the access point matches the target access point identified in the neighbor authentication command, generating the authentication code based on the neighbor authentication command.
	In the same field of endeavor, Nguyen teaches
	in accordance with a determination that the access point matches the target access point identified in the neighbor authentication command, generating the authentication code based on the neighbor authentication command (Para [0023] “For the first association and after a successful authentication and authorization phase with the AAA server, the AP sends the PMK to the service controller, preferably via the IAPP protocol over the secure link (between the AP and service controller). This was illustrated in FIG. 3A. The AP also maintains a local cache of PMKs supplied by the service controller (one PMK per STA per session). During a re-association, the AP searches its local cache and tries to locate a PMK for a re-associated client. As illustrated in FIG. 3C above, upon successfully completing the 4-way handshake that implicitly provides the authenticity of the STA, the AP also notifies the service controller of the re-association event (with the BSSID of the last AP and the BSSID of the new AP) so that the service controller can use these unique identifiers to update the neighborhood graph (and then distribute the key to each neighbor of the new AP)”. Para [0035] “FIG. 4 is a signaling message diagram showing the message sequence when a client completes its first association and authentication with a given AP and the subsequent key information update of the satellite PMK cache by the service controller”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by CAMMAROTA to incorporate the teachings of Nguyen such that the method of CAMMAROTA includes verifying, by the controller, the access point based on the request for joining the network; in response to verifying the access point, transmitting, by the controller, a neighbor authentication notification to the access point, the neighbor authentication notification for obtaining an authentication code from a neighbor access point that is connected in the network; and responsive to a determination, by the controller, that the authentication code is valid, accepting the access point to join the network.  One would have been motivated to make such combination so that a controller is used to manage the neighbor graph generation and maintenance, as well as PMK notifications; a given STA obtains a PMK when it associates with an AP in the WLAN infrastructure; and a neighbor graph identifies prospective APs to which the STA may then roam (Nguyen, Para [0008]).
Regarding Claim 11,
Claim 11 is rejected for similar reasons as in claim 2.
Regarding Claim 15,
Claim 15 is rejected for similar reasons as in claim 1. 
	Additionally, CAMMAROTA teaches
	An authentication device in a network, comprising: a processor; and a memory coupled to the processor, the memory storing instructions to cause the processor to implement acts comprising (Para [0092] The communication device 402 may include a processor 404 which controls operation of the communication device 402. The processor 404 may also be referred to as a central processing unit (CPU). Memory 406, which may include both read-only memory (ROM) and random access memory (RAM), may provide instructions and data to the processor 404. A portion of the memory 406 may also include non-volatile random access memory (NVRAM)).
Regarding Claim 16,
Claim 16 is rejected for similar reasons as in claim 2.
  Claims 3, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen in view of Faccin et al. (US 20140293780), hereinafter Faccin.
	Regarding claim 3, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 and claim 2 above,	
	The combination of CAMMAROTA and Nguyen does not explicitly teach wherein accepting the access point comprises: generating a local authentication code based on the algorithm and the seed; and in accordance with a determination that the authentication code matches the local authentication code, accepting the access point to join the network.
	In the same field of endeavor, Faccin teaches
	wherein accepting the access point comprises: generating a local authentication code based on the algorithm and the seed; and in accordance with a determination that the authentication code matches the local authentication code, accepting the access point to join the network (Para [0017] A computer program product, comprising a non-transitory computer-readable medium comprising code for causing a computer to receive an authentication load indicator from an access point (AP), and determine whether to attempt authentication with a network entity based at least in part on the authentication load indicator.  Para [0063] If the ANQP retry indicator is a timer value, then the UE may set a timer based on the timer value and send the ANQP query when the timer expires. If the ANQP retry indicator is a seed value, then the UE may input the seed value into an algorithm to calculate a timer value and set the timer according to the calculated timer value. For example, the algorithm may implement a hash function, and the seed value and a mobile identification (ID) of the UE may be input into the hash function to calculate the timer value. Para [0045] … Upon receiving the ANQP response, the UE may determine whether a service provider to which the UE has credentials matches one of the service providers listed in the ANQP response. If there is a match, the UE automatically authenticates to the matching service provider via the AP to gain network access).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of CAMMAROTA and Nguyen to incorporate the teachings of Faccin such that the method of the combination of CAMMAROTA and Nguyen includes wherein accepting the access point comprises: generating a local authentication code based on the algorithm and the seed; and in accordance with a determination that the authentication code matches the local authentication code, accepting the access point to join the network.  One would have been motivated to make such combination in order to provide an authentication load indicator from an access point (AP), and determining whether to attempt authentication with a network entity based at least in part on the authentication load indicator (Faccin, Para [0008]).
Regarding Claim 17,
Claim 17 is rejected for similar reasons as in claim 3. 
Claims 6, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen in view of Cohen et al. (US 200600393397), hereinafter Cohen. 
	Regarding claim 6, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,	
	The combination of CAMMAROTA and Nguyen does not explicitly teach the method according to claim 1, further comprising: obtaining states of a plurality of access points that are connected in the network, a state in the states comprising any of: a location, an online time duration, a previous authentication, a health state, and a device type for an access point in the plurality of access points; and selecting the neighbor access point based on the states of the plurality of access points.
	In the same field of endeavor, Cohen teaches
	The method according to claim 1, further comprising: obtaining states of a plurality of access points that are connected in the network, a state in the states comprising any of: a location, an online time duration, a previous authentication, a health state, and a device type for an access point in the plurality of access points; and selecting the neighbor access point based on the states of the plurality of access points (Para [0049] … A hello message communicated from the single requesting client station 104 may comprise information that identifies the single requesting client station 104. A beacon message communicated from the AP 102 may comprise information related to the status of the limited time window that indicates whether the AP 102 is ready to configure a single requesting client station 104. [0050] Based on the authentication information exchange, the AP 102 may authenticate the recognized single requesting client station 104. The AP 102 may add the single requesting client station 104 to an approved list. As a result of addition of the single requesting client station 104 to the approved list by the AP 102, the AP 102 may configure the client station).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of CAMMAROTA and Nguyen to incorporate the teachings of Cohen such that the method of the combination of CAMMAROTA and Nguyen includes obtaining states of a plurality of access points that are connected in the network, a state in the states comprising any of: a location, an online time duration, a previous authentication, a health state, and a device type for an access point in the plurality of access points; and selecting the neighbor access point based on the states of the plurality of access points.  One would have been motivated to make such combination in order to provide registering a client station with an access point (Cohen, [Abstract]).
Regarding Claim 19,
Claim 19 is rejected for similar reasons as in claim 6. 
Claims 7, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen in view of FYKE et al. (US 20120077431), hereinafter FYKE. 
	Regarding claim 7, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,	
	The combination of CAMMAROTA and Nguyen does not explicitly teach the method according to claim 1, further comprising: in accordance with a determination that the authentication code is invalid, rejecting the access point to join the network.
	In the same field of endeavor, FYKE teaches
	The method according to claim 1, further comprising: in accordance with a determination that the authentication code is invalid, rejecting the access point to join the network (Para [0014] … The security system may also include at least one mobile wireless communications device comprising a second NFC sensor, a wireless receiver, and a second controller. The second controller may be configured to communicate a security code via the second NFC sensor to the first NFC sensor based upon proximity therewith, and to receive a corresponding access denial electronic message from the first controller via the wireless receiver based upon the security code being invalid. As such, the system advantageously provides an approach for using mobile wireless communications devices to provide personnel access based upon NFC security code exchange and while providing denial electronic messages to the mobile wireless communication devices, allowing for explanations of denied access, for example).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of CAMMAROTA and Nguyen to incorporate the teachings of FYKE such that the method of the combination of CAMMAROTA and Nguyen includes in accordance with a determination that the authentication code is invalid, rejecting the access point to join the network.  One would have been motivated to make such combination in order to generate an access denial electronic message(s) based upon receiving an invalid security code (FYKE, [Abstract]). 
Regarding Claim 20,
Claim 20 is rejected for similar reasons as in claim 7.
Claims 9, 12-14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen in view of Sayed (US 20210251019), hereinafter Sayed. 
 	Regarding claim 9, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,
	The combination of CAMMAROTA and Nguyen does not explicitly teach wherein the method is implemented at a controller of the network, and the neighbor access point comprises any of a router device, a switch device and a Wi-Fi hotspot device.
	In the same field of endeavor, Sayed teaches
	The method according to claim 1, wherein the method is implemented at a controller of the network, and the neighbor access point comprises any of a router device, a switch device and a Wi-Fi hotspot device (Para [0047] … Wi-Fi access point 102 may include any number and type(s) of access point, router, hotspot, or other device(s) configured to allow Wi-Fi devices 104 to connect to the relevant network. For example, in a home or small office environment, Wi-Fi access point 102 may include an integrated router/access point connected to the customer premises equipment (CPE) of an internet service provider (ISP) via a wired Ethernet connection and configured to wirelessly connect with Wi-Fi devices 104 to provide Wi-Fi devices 104 a connection to the Internet and/or to other Wi-Fi devices 104 connected to the integrated router/access point (i.e., other Wi-Fi devices 104 in the same LAN). As another example, in larger business or enterprise, Wi-Fi access point 102 may include a network of access points and switches).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of CAMMAROTA and Nguyen to incorporate the teachings of Sayed such that the method of the combination of CAMMAROTA and Nguyen includes wherein the method is implemented at a controller of the network, and the neighbor access point comprises any of a router device, a switch device and a Wi-Fi hotspot device.  One would have been motivated to make such combination in order for provisioning (connection) of Wi-Fi devices to a Wi-Fi network in which another Wi-Fi device is already provisioned (connected) to the network (Sayed, Para [0011]).
	Regarding claim 12, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,
	The method according to claim 10, wherein generating the authentication code comprises: adding a timestamp to the authentication code based on a time point when the authentication code is generated (Sayed, Para [0084] Later, an Enrollee Device 108A may be introduced to be added to the network. If the provisioned Registrar Device 106 is still present in the network, a user may attempt to initiate an automated provisioning of Enrollee Device 108A, as indicated by encircled number 3A. In one embodiment, to attempt an automated provisioning, the user may (a) enable the Registrar AP Mode of the Registrar Device 106 by actuating a registration mode input device 136 on Registrar Device 106 (e.g., pressing a designated button), which may start a registration timer of a defined time-out duration (e.g., 2 minutes); and then (b) prior to expiration of the registration timer, enable the enrollment mode of the Enrollee Device 108A by powering-up the Enrollee Device 108A or by actuating an enrollment mode input device 176 on Enrollee Device 108A (e.g., pressing a designated button), depending on the particular configuration of Enrollee Device 108A).
	The motivation/rationale to combine the references is similar to claim 9 above.
	Regarding claim 13, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 above,
	The method according to claim 10, wherein the neighbor authentication command further comprises an expiration time duration, and generating the authentication code further comprises: refreshing the authentication code based on the expiration time duration (Sayed, Para [0084] Later, an Enrollee Device 108A may be introduced to be added to the network. …; and then (b) prior to expiration of the registration timer, enable the enrollment mode of the Enrollee Device 108A by powering-up the Enrollee Device 108A or by actuating an enrollment mode input device 176 on Enrollee Device 108A (e.g., pressing a designated button), depending on the particular configuration of Enrollee Device 108A).
	The motivation/rationale to combine the references is similar to claim 9 above.
Regarding Claim 14,
Claim 14 is rejected for similar reasons as in claim 9.	
	Regarding claim 18, the combination of CAMMAROTA and Nguyen teaches all the limitations of claim 1 and claim 16 above,
	The authentication device according to claim 16, wherein rejecting the access point comprises: in accordance with a determination that a timestamp of the authentication code exceeds an expiration time duration specified by the neighbor authentication command, rejecting the access point to join the network (Sayed, Para [0084] Later, an Enrollee Device 108A may be introduced to be added to the network. If the provisioned Registrar Device 106 is still present in the network, a user may attempt to initiate an automated provisioning of Enrollee Device 108A, as indicated by encircled number 3A. In one embodiment, to attempt an automated provisioning, the user may (a) enable the Registrar AP Mode of the Registrar Device 106 by actuating a registration mode input device 136 on Registrar Device 106 (e.g., pressing a designated button), which may start a registration timer of a defined time-out duration (e.g., 2 minutes); and then (b) prior to expiration of the registration timer, enable the enrollment mode of the Enrollee Device 108A by powering-up the Enrollee Device 108A or by actuating an enrollment mode input device 176 on Enrollee Device 108A (e.g., pressing a designated button), depending on the particular configuration of Enrollee Device 108A).
	The motivation/rationale to combine the references is similar to claim 9 above.
Claims 4, and 5 are rejected under 35 U.S.C. 103 as being unpatentable over CAMMAROTA et al. (US 20180278625), hereinafter CAMMAROTA in view of Nguyen et al. (US 20060256763), hereinafter Nguyen in view of FYKE et al. (US 20120077431), hereinafter FYKE in view of Sayed (US 20210251019), hereinafter Sayed.
	Regarding claim 4, the combination of CAMMAROTA, Nguyen, and Faccin teaches all the limitations of claim 1 and claim 2 and claim 3 above,
	wherein accepting the access point to join the network further comprises: in accordance with a determination that a timestamp of the authentication code is within an expiration time duration for the authentication code, accepting the access point to join the network (Sayed, Para [0084] Later, an Enrollee Device 108A may be introduced to be added to the network. If the provisioned Registrar Device 106 is still present in the network, a user may attempt to initiate an automated provisioning of Enrollee Device 108A, as indicated by encircled number 3A. In one embodiment, to attempt an automated provisioning, the user may (a) enable the Registrar AP Mode of the Registrar Device 106 by actuating a registration mode input device 136 on Registrar Device 106 (e.g., pressing a designated button), which may start a registration timer of a defined time-out duration (e.g., 2 minutes); and then (b) prior to expiration of the registration timer, enable the enrollment mode of the Enrollee Device 108A by powering-up the Enrollee Device 108A or by actuating an enrollment mode input device 176 on Enrollee Device 108A (e.g., pressing a designated button), depending on the particular configuration of Enrollee Device 108A).
	The motivation/rationale to combine the references is similar to claim 3 and claim 9 above.
	Regarding claim 5, the combination of CAMMAROTA, Sayed, and Faccin teaches all the limitations of claim 1 and claim 2, claim 3 and claim 4 above,
	wherein the neighbor authentication command further comprises: an expiration time duration for instructing the neighbor access point to refresh the authentication code (Sayed, Para [0084] Later, an Enrollee Device 108A may be introduced to be added to the network. …; and then (b) prior to expiration of the registration timer, enable the enrollment mode of the Enrollee Device 108A by powering-up the Enrollee Device 108A or by actuating an enrollment mode input device 176 on Enrollee Device 108A (e.g., pressing a designated button), depending on the particular configuration of Enrollee Device 108A).
	The motivation/rationale to combine the references is similar to claim 3 and claim 9 above.
 Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAMID TALAMINAEI/Examiner, Art Unit 2436 
                                                                                                                                                                                                       /FATOUMATA TRAORE/Primary Examiner, Art Unit 2436