DETAILED ACTION
1.	Claims 1-6, 8-14, 16-22 and 24 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments
4.	Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.  

Claim Rejections - 35 USC § 112
5.1.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



5.2.	Claims 1, 9 and 17 rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention
5.3.	Claims 1 recites “a method for… the security component has determined that captive portal authentication is enabled and that the connection is compromised: preventing, by the security component, the sending of a report that the connection is compromised,” 
Further claim 1 recite “wherein the report that the connection is compromised would be sent but for the determination that captive portal authentication is enabled:…” . It cannot be ascertained from the scope of the claim what the metes and bounds of the terms are.

5.4.	Claims 9 and 17 contains similar language found in claim 1.

Claim Rejections - 35 USC § 103
6.1.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

6.2.	Claims 1-6, 9-14, 17-22 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20170111269 to Baumgartner et al (“Baumgartner”) in view of CN Patent No. 103107940 issued to Barasubramanian el al., (“Barasubramanian”) further in view of US Patent Application No. 20120250658 to Eisl et al (“Eisl”).

As per claim 1, Baumgartner discloses the method for preventing sending content 
determining, by a security component executing on a processor of a computing device, whether captive portal authentication is enabled for the computing device for a connection ([0070]-[0071]),
requesting, by the security component, a response from a first server over the connection ([0072]);
when the security component has determined that captive portal authentication is enabled and the connection is compromised: preventing, by the security component, the sending of a content 
Furthermore, Baumgartner discloses blocking/preventing sending a content, but Baumgartner do not explicitly disclose, however in the same field of endeavor, Barasubramanian discloses the not sending of a report that the connection is compromised ([0042])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modifying the teaching of Baumgartner with the teaching of Barasubramanian by including the feature of no sending the report, in order for Baumgartner’s system to audit data locally using local detection engine which reduces network resources.
Furthermore, Baumgartner discloses determining, by the security component, from whether the connection is compromised ([0072]), but Baumgartner do not explicitly disclose, however in the same field of endeavor, Eisl discloses the response from the first server the connection is compromised/changes ([0070], also see, [0012], [0135], [0148] also see fig.8 and associated texts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Baumgartner with the teaching of Eisl by including the feature of detecting a change/notification in the connection, in order for Baumgartner’s system to overcome the above mentioned problem of possible changes to a connection of device(s) (preferable mobile devices) to a network caused by for example a malicious user or mobile device. In particular, the present invention provides a method, an apparatus and a related computer program product for detecting changes to a connection of mobile device(s) to a network. If changes to the connection, resulting for example from frequent actions without purpose, are detected measures may be applied in order to for example inhibit such frequent actions or inform the user or network operator about it (Eisl, [0011]).
Examiner note: wherein the report that the connection is compromised would be send but for the determination that determination that captive portal authentication is enabled (It cannot be ascertained from the scope of the claim what the metes and bounds of the terms are. please see above, additionally examiner interpret as a report of connection is compromised will not send because captive portal authentication is enabled which thought by combination of Baumgartner and Barasubramanian please see above). 
As per claim 2, the combination of Baumgartner, Barasubramanian and Eisl discloses the method of claim 1, wherein the indication that the connection is compromised includes: (i) not receiving, by the security component, a response from the first server (Baumgartner,  ([0072], also see [0068]-[0069]), or (ii) when a response from the first server is received, comparing, by the security component, a received component of the response from the first server to an expected component, the comparing resulting in a second determination that the received component of the response is different from the expected component.
As per claim 3, the combination of Baumgartner, Barasubramanian and Eisl discloses the method of claim 1, further comprising, before the requesting, by the security component, a response from a first server over the connection: detecting, by the security component, a change in the connection, wherein the detecting a change in the connection prompts the security component to request the response from the first server over the connection (Eisl, [0012], [0135], [0148] also see fig.8 and associated texts). The motivation regarding the obviousness of claim 1 is also applied to claim 3.
	As per claim 4, the combination of Baumgartner, Barasubramanian and Eisl discloses the method of claim 3, wherein the change includes one or more of: a making of the connection, a change to a protocol of the connection, and a change to a parameter of the connection (Eisl, [0016]). The motivation regarding the obviousness of claim 1 is also applied to claim 4.

As per claim 5, the combination of Baumgartner, Barasubramanian and Eisl discloses the method of claim 1, wherein the determining that the connection is compromised includes determining at least one of: (i)  that services provided by the connection are limited (Baumgartner, [0072]); (ii) that the requesting, by the security component, a response from a known server over the connection was redirected; (iii) that the security component failed to make a pinned network connection to the first server or a second server; (iv) that a self-signed or a host-mismatched certificate was presented to the security component; or (v) that the connection intercepts TLS communications.

As per claim 6, the combination of Baumgartner, Barasubramanian and Eisl discloses the method of claim 1 further comprising: reporting, by the security component, the indication that the connection is compromised to one or more of: a user, an administrator, and a security server (only one of the conditions ever actually occurs at any given time. Therefore, the examiner asserts that only one of the multiple conditions needs to be taught in order to meet the claim, furthermore examiner selected first condition, see above claim 1). 

Claims 9-14, 17-18 and 19-22 are rejected for similar reasons as stated above.

6.3.	Claims 8, 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Baumgartner, Barasubramanian and Eisl as applied to claim above, and in view of US Patent Application No. 20100306432 to Juarez et al (“Juarez”).

As per claim 8, the combination of Baumgartner, Barasubramanian and Eisl discloses the invention as described above. Baumgartner, Barasubramanian and Eisl do not explicitly disclose, however in the same field of endeavor, Juarez discloses the method of claim 1, wherein the requesting a response from a first server over the connection is repeated by the security component with an arbitrary interval between the repeated requests ([0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Baumgartner and Eisl with the teaching of Juarez by including the feature of sending request an arbitrary interval, in order for Baumgartner’s system to increasing the like hood that the requested resources are available. 

Claims 16 and 24 are rejected for similar reasons as stated above.

 		*************************************************

7.1.	Claims 1-6, 9-14, 17-22 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20170111269 to Baumgartner et al (“Baumgartner”) in view of CN Patent No. 101422052 issued to Tjalsma el al., (“Tjalsma”) further in view of US Patent Application No. 20120250658 to Eisl et al (“Eisl”).

As per claim 1, Baumgartner discloses the method for preventing sending content 
determining, by a security component executing on a processor of a computing device, whether captive portal authentication is enabled for the computing device for a connection ([0070]-[0071]),
requesting, by the security component, a response from a first server over the connection ([0072]);
when the security component has determined that captive portal authentication is enabled and the connection is compromised: preventing, by the security component, the sending of a content 
Furthermore, Baumgartner discloses blocking/preventing sending a content, but Baumgartner do not explicitly disclose, however in the same field of endeavor, Tjalsma discloses the not sending of a report that the connection is compromised (Page 5).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modifying the teaching of Baumgartner with the teaching of Tjalsma by including the feature of no sending the report, in order for Baumgartner’s system to audit data locally using local detection engine which reduces network resources.
Furthermore, Baumgartner discloses determining, by the security component, from whether the connection is compromised ([0072]), but Baumgartner do not explicitly disclose, however in the same field of endeavor, Eisl discloses the response from the first server the connection is compromised/changes ([0070], also see, [0012], [0135], [0148] also see fig.8 and associated texts).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Baumgartner with the teaching of Eisl by including the feature of detecting a change/notification in the connection, in order for Baumgartner’s system to overcome the above mentioned problem of possible changes to a connection of device(s) (preferable mobile devices) to a network caused by for example a malicious user or mobile device. In particular, the present invention provides a method, an apparatus and a related computer program product for detecting changes to a connection of mobile device(s) to a network. If changes to the connection, resulting for example from frequent actions without purpose, are detected measures may be applied in order to for example inhibit such frequent actions or inform the user or network operator about it (Eisl, [0011]).
Examiner note: wherein the report that the connection is compromised would be send but for the determination that determination that captive portal authentication is enabled (It cannot be ascertained from the scope of the claim what the metes and bounds of the terms are. please see above, additionally examiner interpret as a report of connection is compromised will not send because captive portal authentication is enabled which thought by combination of Baumgartner and Tjalsma please see above). 
As per claim 2, the combination of Baumgartner, Tjalsma and Eisl discloses the method of claim 1, wherein the indication that the connection is compromised includes: (i) not receiving, by the security component, a response from the first server (Baumgartner,  ([0072], also see [0068]-[0069]), or (ii) when a response from the first server is received, comparing, by the security component, a received component of the response from the first server to an expected component, the comparing resulting in a second determination that the received component of the response is different from the expected component.
As per claim 3, the combination of Baumgartner, Tjalsma and Eisl discloses the method of claim 1, further comprising, before the requesting, by the security component, a response from a first server over the connection: detecting, by the security component, a change in the connection, wherein the detecting a change in the connection prompts the security component to request the response from the first server over the connection (Eisl, [0012], [0135], [0148] also see fig.8 and associated texts). The motivation regarding the obviousness of claim 1 is also applied to claim 3.
As per claim 4, the combination of Baumgartner, Tjalsma and Eisl discloses the method of claim 3, wherein the change includes one or more of: a making of the connection, a change to a protocol of the connection, and a change to a parameter of the connection (Eisl, [0016]). The motivation regarding the obviousness of claim 1 is also applied to claim 4.

As per claim 5, the combination of Baumgartner, Tjalsma and Eisl discloses the method of claim 1, wherein the determining that the connection is compromised includes determining at least one of: (i)  that services provided by the connection are limited (Baumgartner, [0072]); (ii) that the requesting, by the security component, a response from a known server over the connection was redirected; (iii) that the security component failed to make a pinned network connection to the first server or a second server; (iv) that a self-signed or a host-mismatched certificate was presented to the security component; or (v) that the connection intercepts TLS communications.

As per claim 6, the combination of Baumgartner, Tjalsma and Eisl discloses the method of claim 1 further comprising: reporting, by the security component, the indication that the connection is compromised to one or more of: a user, an administrator, and a security server (only one of the conditions ever actually occurs at any given time. Therefore, the examiner asserts that only one of the multiple conditions needs to be taught in order to meet the claim, furthermore examiner selected first condition, see above claim 1). 
Claims 9-14, 17-18 and 19-22 are rejected for similar reasons as stated above.

7.2.	Claims 8, 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Baumgartner, Tjalsma and Eisl as applied to claim above, and in view of US Patent Application No. 20100306432 to Juarez et al (“Juarez”).

As per claim 8, the combination of Baumgartner, Tjalsma and Eisl discloses the invention as described above. Baumgartner, Tjalsma and Eisl do not explicitly disclose, however in the same field of endeavor, Juarez discloses the method of claim 1, wherein the requesting a response from a first server over the connection is repeated by the security component with an arbitrary interval between the repeated requests ([0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Baumgartner and Eisl with the teaching of Juarez by including the feature of sending request an arbitrary interval, in order for Baumgartner’s system to increasing the like hood that the requested resources are available. 

Claims 16 and 24 are rejected for similar reasons as stated above.

8.          The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892). 
a.)  U.S. patent no. 9077546 issued to Rakshit el al., discloses methods and apparatuses for authenticating a secure sockets layer certificate (SSL) certificate are described herein. The methods include receiving the SSL certificate associated with a website, identifying a chain of trust associated with the SSL certificate, transmitting, to a security manager, a validation request based on the SSL certificate and a certificate in the chain of trust, receiving a validation response from the security manager, and presenting an indication of trustworthiness, to a user, based on the validation response. The apparatuses are provided to implement the methods.

b.)  U.S. patent application no. 20130305369 to Karta discloses a method for a wireless network. The network includes at least a server and a plurality of computer devices wirelessly connected to the server. At least one of the computer devices is under attack by an `attacker` device. The method provides for detection and reporting of the attack as to the location of the attack. The method includes detecting an attack by one of the computer devices, using a zCore module and transmitting an `attack report` to the server. The report includes at least the attack location. The method also includes notifying at least one of the plurality of computer devices and an external computer device that the network is compromised.

c). U.S. patent application no. 20160212139 to Pike discloses [0049] Additionally, splitting security into security tiers over time does not necessarily prevent the session/connection manager module 152 from running high security all the time. Different sets of security rules may simply be applied during different security tiers 202, 204, 206 and 208. This prevents false positives while also allowing computing resources to be focused on hacked sessions/connections which typically last longer than non -hacked sessions/connections. For example, security tier B 204 may also include a set of rules that applies deep packet inspection, but only if the IP lookup indicates the IP is a suspicious IP.

Conclusion

9.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a US/HARUNUR RASHID/                                                                                                                                                                                                        PTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497