DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 06/09/2022, which has an effective filing date of 04/06/2018.  Claims 35, 37, and 39 have been amended.  Claims 35-44 are pending and are directed towards method for Device Default WIFI Credentials for Simplified and Secure Configuration of Networked Transducers.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 06/09/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations claim 35, that Smadja, Lapidous, Oczkowski, and Nix fail to teach or suggest “a method for a first Wi-Fi access point to configure a device for authenticating with a second Wi-Fi access point, the method performed by the first Wi-Fi access point” and “there is no teaching for the use of two access points” (page 6-7 of the present response) have been fully considered but they are not persuasive. 
	Regarding A) Oczkowski teaches a method for a first Wi-Fi access point to configure a device for authenticating with a second Wi-Fi access point, the method performed by the first Wi-Fi access point (Fig. 12 and col. 19, line 58-67 and col. 20, line 20-40; Fig. 12 shows wireless access point 1202 and wireless access point 120 used in configuring and authenticating a headless device 106).  Therefore, the prior art teach the claimed feature of the limitation in question.
B) Applicant’s arguments, with respect to the amended limitations claim 35, that Smadja, Lapidous, Oczkowski, and Nix fail to teach or suggest “a) storing … (iii) device default credentials for a hidden Wi-Fi network, wherein a service set identifier (SSID) from the device default credentials is not broadcast in the hidden Wi-Fi network” and “b) establishing, via a radio network comprising the second Wi-Fi access point, a secure session with the configuration system using at least the domain name and the identification information for the owner” (page 7-8 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 
C) Applicant’s arguments, with respect to the amended limitations claim 35, that Smadja, Lapidous, Oczkowski, and Nix fail to teach or suggest “c) receiving from the configuration system a set of configuration parameters, wherein the set of configuration parameters specify the first Wi-Fi access point operates the hidden Wi-Fi network (i) with the (SSID) from the device default credentials, (ii) without wireless encryption and authentication, and (iii) with a firewall to restrict connectivity to approved IP addresses”, “d) establishing (i) the hidden Wi-Fi network and (ii) a connection with the device through the hidden Wi-Fi network” , and “wherein a service set identifier (SSID) from the device default credentials is not broadcast in the hidden Wi-Fi network” (page 8-9 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 
D) Applicant’s arguments, with respect to the amended limitations claim 35, that Smadja, Lapidous, Oczkowski, and Nix fail to teach or suggest “e) receiving, via the radio network, an encrypted set of credentials … wherein the set of credentials includes (i) the wireless network identity for the second Wi-Fi access point and (ii) a Wi-Fi Protected Access 2 pre-shared key (WPA2-PSK) for the wireless network identity” and “g) sending the encrypted set of credentials to the device through the hidden Wi-Fi network” (page 9 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Objections
2.	Claim 35 is objected to because of the following informalities:  
A.	Claim 35, line 13, recites “the (SSID)” when it should recite “the SSID”.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.	Claims 35-39 and 41-44 are rejected under 35 U.S.C. 103 as being unpatentable over Oczkowski et al. (US Patent 10,148,495), hereinafter Oczkowski, filed on Jun. 9, 2014 in view of Averbuch et al. (US Pub. 2013/0039213), hereinafter Averbuch, filed Aug. 9, 2011 and Nix (US Pub. 2015/0143125) filed Nov. 19, 2013.
Regarding claim 35, Oczkowski teaches a method for a first Wi-Fi access point to configure a device for authenticating with a second Wi-Fi access point, the method performed by the first Wi-Fi access point, the method comprising (Fig. 12 and col. 19, line 58-67 and col. 20, line 20-40; Fig. 12 shows wireless access point 1202 and wireless access point 120 used in configuring and authenticating a headless device 106):
a) storing (i) a domain name for a configuration system, (ii) identification information for an owner of the device, and (iii) device credential for a hidden Wi-Fi network, wherein a service set identifier (SSID) from the device credential is not broadcast in the hidden Wi-Fi network (col. 4, line 49-61 and col. 5, line 45-50 and col. 10, line 46-62; configuration application 108 with particular URI (e.g. domain name) connect to distributed computing device 112 through DNS, may include user credentials to authenticate the user 104, and contain the particular SSID where the wireless network may be a hidden network such that its SSID is not broadcast); 
Oczkowski does not teach device default credentials
Averbuch teaches device default credentials (para 47, line 1-22 and para 49, line 1-16; network ID 234 (SSID) and network password 236 (WPA2 password) may be default settings associated with a wireless client link configured during the manufacture)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski to incorporate the teachings of Averbuch to provide network ID 234 (SSID) and network password 236 (WPA2 password) may be default settings associated with a wireless client link configured during the manufacture.  Doing so would allow for a device configured as a wireless access point to provide basic connectivity for a computer or client devices, as recognized by Averbuch. 
Oczkowski teaches b) establishing, via a radio network comprising the second Wi-Fi access point, a secure session with the configuration system using at least the domain name and the identification information for the owner (col. 4, line 49-61 and col. 10, line 46-62 and col. 19, line 58-67; configuration application 108 access distributed computing device 112 through particular URI (e.g. domain name) and user credentials to authenticate the user 104 via wireless access point 1202); 
c) receiving from the configuration system a set of configuration parameters, wherein the set of configuration parameters specify the first Wi-Fi access point operates the hidden Wi-Fi network (i) with the (SSID) from the device credential, (ii) without wireless encryption and authentication (col. 5, line 28-50 and col. 6, line 4-17 and col. 15, line 16-47; receiving the generated token 118 from the configuration and registration service module 116 of distributed computing device 112, where the token 118 is associated with HTTPS session ID and other identifiers and the token 118 allows for unencrypted wireless network connection with headless device via wireless access point 120 using SSID), and 
Oczkowski and Averbuch do not teach (iii) with a firewall to restrict connectivity to approved IP addresses;
Nix teaches (iii) with a firewall to restrict connectivity to approved IP addresses (para 65, line 1-31 and para 69, line 1-22; firewall may be used to secure communication and filter packets in network address translation where any valid IP addresses can be used in performing secure connections); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide firewall may be used to secure communication and filter packets in network address translation where any valid IP addresses can be used in performing secure connections.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Oczkowski teaches d) establishing (i) the hidden Wi-Fi network and (ii) a connection with the device through the hidden Wi-Fi network (col. 5, line 28-50; provide a hidden wireless network via the wireless network access point 120 with headless device 106 and user device 102); 
e) receiving, via the hidden Wi-Fi network and from the device, a list of available Wi-Fi networks which includes a wireless network identity for the second Wi-Fi access point, and sending the list to the configuration system through the radio network (col. 6, line 1-34 and col. 23, line 1-14 and col. 24, line 24-39; headless device 106 scans for a list of available wireless networks, where wireless network access point 1202 is within range of headless device 106 and user device 102 for connecting with received network SSID and send the list to configuration application); 
f) receiving, via the radio network, an encrypted set of credentials for the device from the configuration system, wherein the set of credentials are encrypted by the configuration system using at least a cryptography key exchange with a public key for the device, and wherein the set of credentials includes (i) the wireless network identity for the second Wi-Fi access point and (ii) a Wi-Fi Protected Access 2 pre-shared key (WPA2-PSK) for the wireless network identity (col. 6, line 1-17 and col. 11, line 10-26 and col. 24, line 24-39; various devices of environment 100, such as wireless network access point, configuration application, and distributed computing device, communicate credentials that may be encrypted using public cryptographic key along with WPA2 wireless network security as well as received network SSID for wireless network access point 1202); and 
Oczkowski and Averbuch do not teach an elliptic curve cryptography (ECC) key exchange
Nix teaches an elliptic curve cryptography (ECC) key exchange (para 121, line 1-17 and para 123, line 1-25; elliptic curve cryptography (ECC) algorithms using public key infrastructure techniques for secure communications)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide elliptic curve cryptography (ECC) algorithms using public key infrastructure techniques for secure communications.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Oczkowski teaches g) sending the encrypted set of credentials to the device through the hidden Wi-Fi network (col. 10, line 9-39 and col. 11, line 10-26; sending network credentials, received from configuration and registration process involving user device 102 and distributed computing device 112, via wireless network access point 120 to headless device 106).  
Regarding claim 36, Oczkowski, Averbuch, and Nix teach method of claim 35.
	Oczkowski and Averbuch do not teach establishing the secure session using the set of credentials before receiving the encrypted set of credentials.
Nix teaches establishing the secure session using the set of credentials before receiving the encrypted set of credentials (para 117, line 1-17; module 101 may include a pre-shared secret key 129 for wireless connection before module 101 begins communication with server).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide module 101 may include a pre-shared secret key 129 for wireless connection before module 101 begins communication with server.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Regarding claim 37, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski teaches establishing the hidden Wi-Fi network using a network interface, wherein the first Wi-Fi access point uses the network interface for both the radio network and the hidden Wi-Fi network (col. 5, line 46-67 and col. 6, line 1-17; connect to the wireless hidden network using a network interface via the wireless network access point 120).
Oczkowski and Averbuch do not teach using a radio
Nix teaches using a radio (para 67, line 1-17; wireless network can communicate using a radio and antenna)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide wireless network can communicate using a radio and antenna.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Regarding claim 38, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski teaches the configuration system comprises a discovery server, and the set of configuration parameters specifies a configuration application for at least establishing the hidden Wi-Fi network (col. 4, line 1-21 and col. 5, line 28-50; the token 118 is associated with HTTPS session ID and other identifiers are used to establish hidden wireless network using configuration application 108, where the configuration application 108 is provided by web server executing on the distributed computing device 112).  
Regarding claim 39, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski does not teach the first Wi-Fi access point operates within a unit comprising nonvolatile memory 
Averbuch teaches the first Wi-Fi access point operates within a unit comprising nonvolatile memory (para 48, line 1-11 and para 49, line 1-16; a wireless access point may be a configured smart network host device 120 with non-volatile memory 240)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski to incorporate the teachings of Averbuch to provide a wireless access point may be a configured smart network host device 120 with non-volatile memory 240.  Doing so would allow for a device configured as a wireless access point to provide basic connectivity for a computer or client devices, as recognized by Averbuch. 
Oczkowski and Averbuch teach for conducting step a) (see rejection for claim 1).  
Regarding claim 41, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski and Averbuch do not teach the set of credentials are encrypted with a symmetric ciphering key, wherein the configuration system encrypts the symmetric ciphering key using the public key for the device, wherein the device decrypts the symmetric key using a corresponding private key for the device, and wherein the device decrypts the set of credentials with the symmetric ciphering key.  
Nix teaches the set of credentials are encrypted with a symmetric ciphering key, wherein the configuration system encrypts the symmetric ciphering key using the public key for the device, wherein the device decrypts the symmetric key using a corresponding private key for the device, and wherein the device decrypts the set of credentials with the symmetric ciphering key (para 73, line 1-12 and para 113, line 1-10 and para 306, line 1-18; receiving module public key 111 signed by a certificate authority 118 using a shared public key and cryptographic algorithms include encrypting data using public keys, decrypting data using private keys, and verifying signatures using public keys).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide module public key 111 signed by a certificate authority 118 using a shared public key and cryptographic algorithms include encrypting data using public keys, decrypting data using private keys, and verifying signatures using public keys.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Regarding claim 42, Oczkowski, Averbuch, and Nix teach method of claim 41.
Oczkowski teaches the hidden Wi-Fi network (col. 5, line 28-50; where the wireless network may be a hidden network such that its SSID is not broadcast)
Oczkowski and Averbuch do not teach wherein the configuration system digitally signs the set of credentials with a configuration system private key, and wherein the device verifies the digitally signed set of credentials using at least a certificate authority public key, and wherein the device records the certificate authority public key before the gateway device establishes the Wi-Fi network.
Nix teaches wherein the configuration system digitally signs the set of credentials with a configuration system private key, and wherein the device verifies the digitally signed set of credentials using at least a certificate authority public key, and wherein the device records the certificate authority public key before the gateway device establishes the Wi-Fi network (para 113, line 1-10 and para 118, line 1-21 and para 128, line 1-11; processing signatures using private keys, verifying signatures using public keys by a certificate authority, and the public key of the certificate authority can be a pre-shared secret key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide processing signatures using private keys, verifying signatures using public keys by a certificate authority, and the public key of the certificate authority can be a pre-shared secret key.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
Regarding claim 43, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski teaches the list is encrypted by the device using the public key for the device before the configuration unit receives the list (col. 6, line 1-34 and col 11, line 1-17; send the list, which may be encrypted using a public key, to configuration application).
Regarding claim 44, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski teaches the hidden Wi-Fi network (col. 5, line 28-50; where the wireless network may be a hidden network such that its SSID is not broadcast)
Oczkowski and Averbuch do not teach the device verifies a digital signature for the wireless network identity using at least a certificate authority public key, and wherein the device records the certificate authority public key before the configuration unit establishes the Wi-Fi network.
Nix teaches the device verifies a digital signature for the wireless network identity using at least a certificate authority public key, and wherein the device records the certificate authority public key before the configuration unit establishes the Wi-Fi network (para 113, line 1-10 and para 118, line 1-21 and para 128, line 1-11; verifying signatures using public keys by a certificate authority and the public key of the certificate authority can be a pre-shared secret key).  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski and Averbuch to incorporate the teachings of Nix to provide verifying signatures using public keys by a certificate authority and the public key of the certificate authority can be a pre-shared secret key.  Doing so would allow for secure communications at the data link, network, transport, and/or application layers of communication using an IP network, as recognized by Nix.
5.	Claim 40 is rejected under 35 U.S.C. 103 as being unpatentable over  Oczkowski in view of Averbuch, Nix, and Smadja et al. (US Pub. 2016/0337354), hereinafter Smadja, filed on Nov. 28, 2014.
Regarding claim 40, Oczkowski, Averbuch, and Nix teach method of claim 35.
Oczkowski, Averbuch, and Nix do not teach the set of credentials includes (i) at least one of a symmetric key and a certificate for the wireless network and (ii) a wireless network configuration.
Smadja teaches the set of credentials includes (i) at least one of a symmetric key and a certificate for the wireless network and (ii) a wireless network configuration (para 108, line 1-10 and para 147, line 1-12 and para 156, line 1-13; the generated keys in the new access token to the M2M device can be a symmetric key and includes new session data for communication with M2M device and digital certificate).  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Oczkowski, Averbuch, and Nix to incorporate the teachings of Smadja to provide the generated keys in the new access token to the M2M device can be a symmetric key and includes new session data for communication with M2M device and digital certificate.  Doing so would allow for end-to-end security for machine-to-machine communications, as recognized by Smadja. 
Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Dattagupta et al. (US Pub. 2012/0317619) discloses a host device for a wireless network may be configured to implement at least two virtual access points for connecting client devices to the wireless network and an user virtual access point enables a client device to connect to the wireless network and transmit network traffic to other devices connected to the wireless network; Van Oost et al. (US Pub. 2018/0077022) discloses automatically configuring wireless local area network (WLAN) devices of a wireless residential access network, where an automatic authorization process initiated by an access point is enabled by utilizing a back-end-network and results in the activation of a basic service set identifier (BSSID); Yepez et al. (US Pub. 2010/0309815) discloses perform a preliminary scan for information automatically transmitted by available wireless access points, where the information transmitted by access points (e.g., identity information) is used to prioritize the available wireless access points. 
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492