DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 9/19/2022.
In instant Amendment, claims 1, 2, 7, 10, 11, 15, 16 and 20 have been amended; claims 1, 10 and 15 are independent claims. Claims 1-20 have been examined and are pending. This Action is made Final.
The examiner notes the IDSs filed on 9/19/2022 and 10/7/2022 has been considered. 

Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 9/19/2022, with respect to 35 U.S.C. 103, have been fully considered but they are not persuasive.
Applicant Argues: Applicant respectfully reminds the Examiner that to establish a prima facie case of obviousness, three basic criteria must be met. First, there must be some suggestion or motivation; either in the references themselves or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or to combine reference teachings. Second, there must be a reasonable expectation of success. Third, the prior art reference (or references when combined) must teach or suggest all of the claim limitations. 1 
It is respectfully submitted that the rejected claims are patentable over the art of record based on at least the third criterion of obviousness: none of the references alone or in combination teach, suggest, or disclose each claim limitation of the Independent Claims. 
Neither Trim nor Kahn alone or in combination teach, suggest, or disclose features for an "generating, by an authentication node of an enterprise network for an enterprise entity, authentication material for a user equipment (UE) based on the UE being connected to a public wireless wide area (WWA) access network," (emphasis added) as recited in amended Independent Claim 1. Applicant has reviewed Trim and Kahn and finds nothing that would be germane to these features. Further, Huang, Norrman, and Lee do not overcome and are not alleged to overcome the aforementioned deficiencies of Trim and Kahn. 
For at least these reasons, Independent Claim 1 is easily allowable over any cited reference, or combination of references. The other Independent Claims recite features similar, but not identical, to those recited in Independent Claim 1. Therefore, these claims are also allowable, for example, for the same reasons as identified above. Additionally, the corresponding dependent claims from these Independent Claims are also patentably distinct for analogous reasons.
Examiner’s Response:  The examiner respectfully disagrees.  The examiner respectfully notes that the combination of Trim in view of Kahn does in fact disclose the aforementioned feature, more specifically: Trim discloses features of “generating, by an authentication node ...authentication material for a user equipment (UE) based on the UE being connected to a public wireless wide area (WWA) access network.”  Trim discloses in ¶[0029] - Program 150 generate private network (step 208). Program 150 generates one or more private networks utilizing the determined policies and the determined wireless capabilities, as described in step 206. Program 150 utilizes one or more determined policies to create one or more instructions (e.g., network parameters) utilized to generate a conforming private network. In an embodiment, program 150 dictates which users, devices, and applications are allowed on the generated network. In a further embodiment, program 150 dictates allowed protocols, security parameters, and wireless standards for a generated network. For example, program 150 generates a private (e.g., encrypted, password protected, isolated, and unadvertised (e.g., hidden SSID)) wireless network specifically for a user or group in a geographical limited area for an express purpose or application (e.g., email, accessing confidential information, transmitting sensitive data, connecting to a work intranet, etc.)  Further, as depicted in FIG. 1 – Program 150 resides on Server Computer 120, which represents “an authentication node.”  The examiner sought to combine Kahn to teach [concepts of] an authentication node of an enterprise network for an enterprise entity.... (FIG. 2 – Enterprise Network 205 and S/PGW [0021] - The enterprise network 205 is connected to a set of small cells 220, 221, 222 (collectively referred to herein as “the small cells 220-222”), which provide wireless connectivity within a perimeter 225 that defines a boundary of the region associated with the enterprise. The illustrated embodiment of the enterprise network 205 includes a serving gateway and a packet data node (PDN) gateway (S/PGW) 230. The serving gateway portion of the S/PGW 230 routes and forwards user data packets. The serving gateway portion of the S/PGW 230 implements a control plane stacks to support an interface with a mobility management entity (MME), a control and data plane stacks to support an interface with the PGW portion of the S/PGW 230, and a data plane stacks to support an interface with the small cells 220-222 and [0023] - For example, the enterprise network 205 can verify that the wireless-enabled device 210 is authorized using a verification process. The wireless-enabled device 210 is therefore able to access the enterprise network 205 via the small cell 220, e.g., by establishing a connection to the S/PGW 230, which provides connectivity to external networks. The wireless-enabled device 210 can use the connection to receive services provided by the applications 235 implemented in the enterprise network 205.) As reasonably constructed by the examiner the MME (mobile management entity) interface with S/PGW represents an authentication node that enterprise uses to verify that the wireless-enabled device 210 is authorized using a verification process.   Thus based on this construction represents Kahn teaches “an authentication node of an enterprise network for an enterprise entity.”  The examiner respectfully used KSR rationale to combine, and further notes such features of Kahn’s an authentication node of an enterprise network for an enterprise entity can be predictably combined to the authentication node of Trim.\
Therefore the examiner finds this argument not persuasive.  
Applicant Argues: Further with regard to the rejection of dependent Claim 2, Examiner points to a matching processes that is performed by Kahn's "wireless-enabled device" based on an APN stored at Kahn's "wireless-enabled device," as described at Kahn paragraph [0040]-[0041]. Neither Trim nor Kahn alone or in combination teaches, suggests, or discloses features for "a secondary authentication process for the UE performed via the authentication node," (emphasis added) as recited in dependent Claim 2, as amended herein. Huang, Norrman, and Lee do not overcome and are not alleged to overcome the aforementioned deficiencies of Trim and Kahn. Thus, for at least this additional reason, Applicant respectfully submits that dependent Claim 2, as amended herein, is allowable over the cited references. Further, Applicant respectfully submits that dependent Claims 11 and 16, as amended herein, are allowable for analogous reasons. Notice to this effect is respectfully requested in the form of a full allowance of these claims.
	Examiner’s Response:  The examiner respectfully disagrees.  The examiner respectfully notes it is the combination of Trim in view of Kahn that discloses the aforementioned future,  more specifically: Trim discloses wherein the generating is performed based on a ... authentication process for the UE performed via the authentication node ([0024] and [0029] - For example, program 150 generates a private (e.g., encrypted, password protected, isolated, and unadvertised (e.g., hidden SSID)) wireless network specifically for a user or group in a geographical limited area for an express purpose or application (e.g., email, accessing confidential information, transmitting sensitive data, connecting to a work intranet, etc.).).  The examiner cited to Kahn to teach further is... performed based on a secondary authentication process authentication process for the UE  performed via the authentication node ([0021] - The enterprise network 205 is connected to a set of small cells 220, 221, 222 (collectively referred to herein as “the small cells 220-222”), which provide wireless connectivity within a perimeter 225 that defines a boundary of the region associated with the enterprise. The illustrated embodiment of the enterprise network 205 includes a serving gateway and a packet data node (PDN) gateway (S/PGW) 230. The serving gateway portion of the S/PGW 230 routes and forwards user data packets. The serving gateway portion of the S/PGW 230 implements a control plane stacks to support an interface with a mobility management entity (MME), a control and data plane stacks to support an interface with the PGW portion of the S/PGW 230, and a data plane stacks to support an interface with the small cells 220-222 and [0023] - For example, the enterprise network 205 can verify that the wireless-enabled device 210 is authorized using a verification process. The wireless-enabled device 210 is therefore able to access the enterprise network 205 via the small cell 220, e.g., by establishing a connection to the S/PGW 230, which provides connectivity to external networks. The wireless-enabled device 210 can use the connection to receive services provided by the applications 235 implemented in the enterprise network 205 and [0040]-[0041] - For example, the wireless-enabled device can compare a stored APN that indicates an enterprise network that is authorized the wireless-enabled device to information identifying an enterprise network associated with the small cell. If the information matches, indicating that the wireless-enabled device is authorized for private access to the enterprise network, the method 600 flows to block 615,where the wireless-enabled device attempts to establish a connection with the enterprise network via the small cell, e.g., by transmitting an access request to the small cell that includes information identifying the enterprise network and the requested access is verified against subscription data and [0042] - At decision block 620, the wireless-enabled device compares the information in the broadcast signals to be stored configuration information to determine whether the wireless-enabled device is subscribed to one of the MNOs that share access to the small cell. For example, the wireless-enabled device can compare a stored PLMN that identifies an MNO subscription to broadcast information indicating the PLMNs of the MNOs that share access to the small cell.) that is subsequent to a primary authentication process for the UE in which the primary authentication process enables the UE to be connected to the public WWA access network (Kahn, [0015] - As used herein, the term “public network” refers to a network that does not restrict access to a particular group of wireless-enabled devices. For example, any wireless-enabled device that has subscribed to receive services from MNO-1 can access the MNO-1 network 120 and any wireless-enabled device that has subscribed to receive services from MNO-2 can access the MNO-2 network 125. Access to a public network is referred to as “public access” and [0022] - The MNO network 215 is connected to a macrocell 240 for providing wireless connectivity. The MNO network 215 includes a home subscriber server (HSS) 245 that is a central database that contains user and subscription related information to support mobility management, call and session establishment support, user authentication, and access authorization).  As reasonably constructed from above, a UE will be authenticated first by the MNO network (i.e., primary) and, if/when a signal, is detected from a small cell from an enterprise an enterprise, the enterprise performs can verify that the wireless-enabled device 210 is authorized using a verification process.  Thus, this represents a secondary authentication process performed by the authentication node that is subsequent to the primary authentication process (i.e., by the MNO network).  Similar rationale and motivation is noted for the combination of Claim 2.  Therefore, the examiner finds this argument not persuasive. 
Applicant Argues: Additionally, with regard to the rejection of dependent Claim 7 involving Trim in view of Kahn, further in view of Huang, and further in view of Lee, Examiner points to Lee description of a "roaming information code" as allegedly describing features for broadcasting "a fast roaming support indicator," as recited in dependent Claim 7. 
As noted in M.P.E.P. § 2141.02 (VI), "[a] prior art reference must be considered in its entirety, i.e., as a whole, including portions that would lead away from the claimed invention."2 
Applicant respectfully submits that Lee does not describe features involving "the private WWA access network is at least one of a private cellular access network and a private Citizens Broadband Radio Service (CBRS) access network," as recited in dependent Claim 7, as amended herein. 
Lee's transmission of a "roaming information code" is described with reference to the "IEEE 802.11 standard," as described at Lee Col. 10, line 56-7 and Col. 11, line 3. Applicant respectfully submits that Lee does not describe any features involving broadcasts for cellular or CBRS access networks. 
Accordingly, even if Kahn generally describes broadcast signals as noted by the Examiner in the present Office Action, Lee does not describe any features involving broadcasts for cellular or CBRS access networks. Rather, Lee teaches away from broadcasts for cellular or CBRS access networks in that Lee specifically describes transmissions for the IEEE 802.11 standard. Kahn, Huang, Norrman, and Trim do not overcome and are not alleged to overcome the aforementioned deficiencies of Lee. 
Thus, for at least this additional reason, Applicant respectfully submits that dependent Claim 7 is allowable over the cited references. Further, Applicant respectfully submits that dependent Claim 20, as amended herein, is allowable for analogous reasons. Notice to this effect is respectfully requested in the form of a full allowance of these claims. 
Examiner’s Response:  The examiner respectfully disagrees.  The examiner respectfully notes that it is the combination of Trim in view of Kahn and Haung and Lee that disclose the aforementioned features.  Kahn was shown to teach the newly amended features of  techniques broadcasting, via the private WWA access network, [a signal], wherein the private WWA access network is at least one of a private cellular access network and a Citizens Broadband Radio Service (CBRS) access network (Khan, [0041] - Providing cellular coverage and capacity inside of buildings therefore often requires deploying additional hardware such as repeaters, distributed antenna systems, or small cells within the building and  [0015] - As used herein, the term “private network” refers to a network that restricts access to a particular group of authorized wireless-enabled devices. For example, a private network implemented by an enterprise can restrict access to the wireless-enabled devices that are owned by the enterprise or registered with the enterprise, which then verifies authorization of the wireless-enabled devices for access and [0017] - However, the macrocells 130, 135 are not necessarily able to provide wireless connectivity within the perimeter 110, e.g., due to path loss caused by distance, environmental conditions, obstructions such as walls and windows, and the like. The small cell 105 is therefore configured to support shared connectivity with the MNO-1 network 120, the MNO-2 network 125, and the enterprise network 115 so that wireless-enabled devices with subscriptions to MNO-1 and MNO-2 are able to gain public access to the corresponding networks 120, 125 via the small cell 105 and wireless-enabled devices that are authorized by the enterprise can gain private access to the enterprise network 115 via the small cell 105 and [0040]-[0041]).  The examiner sought to combine Lee to teach known concepts of involving broadcasting... a fast roaming support indicator (Lee, FIG. 8A-B and col.10, lines 49-64 – In this embodiment the SSID IE of the beacons ... will carrying RIC (i.e., roaming information code) and/or col. 10, lines 65-col. 11, lines 9).  The examiner notes Lee does note issues of selection and discovery of service information are common across different types of wireless technologies (col. 3, lines 45-59).  Thus, the concept involving broadcasting... a fast roaming support indicator, as taught by Lee, and as constructed by one of ordinary skill in the art, can be applied to other wireless technologies and thus be applicable to Kahn. Applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Therefore, the examiner finds this argument not persuasive. 







Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-3, 10-11, and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trim et al. (US 2021/0281445 A1) in view of Kahn et al. (US 2018/0262978 A1)




Regarding Claim 1;
Trim teaches a method comprising: 
generating, by an authentication node, ... authentication material for a user equipment (UE) based on the UE being connected to a public wireless wide area (WWA) access network (FIG. 1 – Server Computer and [0024] – realm identifier.... company1, realm, division, or group.... and [0027] - Program 150 determines associated policies (step 206). Program 150 determines one or more policies (e.g., policies 124) that are controlling or associated with a given user (e.g., user preferences), realm (e.g., company preferences), application, device, geographical region, etc. and [0029] - Program 150 generate private network (step 208). Program 150 generates one or more private networks utilizing the determined policies and the determined wireless capabilities, as described in step 206. Program 150 utilizes one or more determined policies to create one or more instructions (e.g., network parameters) utilized to generate a conforming private network. In an embodiment, program 150 dictates which users, devices, and applications are allowed on the generated network. In a further embodiment, program 150 dictates allowed protocols, security parameters, and wireless standards for a generated network. For example, program 150 generates a private (e.g., encrypted, password protected, isolated, and unadvertised (e.g., hidden SSID)) wireless network specifically for a user or group in a geographical limited area for an express purpose or application (e.g., email, accessing confidential information, transmitting sensitive data, connecting to a work intranet, etc.) and [0034] - userA connects to a public wireless network located in a busy store), wherein the public WWA access network... ([0012]).
obtaining, by the authentication node, an indication that the UE is attempting to access a private ... access network associated with an enterprise entity (0012] - For example, private network 104 will only allow connections from an authenticated and authorized user and [0027] -...realm.... For example, if a user is attempting to access confidential information located on a private server utilizing a public network, then program 150 retrieves an associated policy that requires all data to be transmitted over a virtual private network (VPN) or an equivalent encrypted network (e.g., IPSEC, etc.). In this example, program 150 prevents the user from accessing said information from any network that is not generated by program 150. Further in this example, program 150 will subsequently generate a private network that presents one or more unadvertised, isolated, and encrypted private networks for the user, while implementing network parameters and preferences that force, a policy dictated, VPN connection from one or more network providers to one or more destination servers and services and [0029] - In an embodiment, program 150 continuously generates one or more private networks indefinitely or until a user logs off or ceases utilizing one or more permitted devices, a user leaves a geographical region (e.g., building, office, town, city, state, country, etc.), subject to one or more restrictions dictated by one or more policies (e.g., temporal restrictions, data caps, etc.), or by action of an administrator...); and 
providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private ... access network ([0012] and [0032] - Program 150 transmit network information (step 210). Responsive to determining and generating a private network based on user, realm, and network preferences, program 150 transmit one or more sets of connection information (e.g., SSID, authentication details (e.g., required keys or passwords), etc.) to a user. In an embodiment, program 150 applies a generated network templates, containing all required information and details, to one or more computing devices associated with a user in a particular network, location, or geographical region);
Trim fails to explicitly disclose
an authentication node of an enterprise network for an enterprise entity... wherein the public WWA access network is associated with a mobile network operator, and ... the UE are associated with the enterprise entity;
 obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity;
However, in an analogous art, Kahn teaches
[concepts of] an authentication node of an enterprise network for an enterprise entity.... (FIG. 2 – Enterprise Network 205 and S/PGW [0021] - The enterprise network 205 is connected to a set of small cells 220, 221, 222 (collectively referred to herein as “the small cells 220-222”), which provide wireless connectivity within a perimeter 225 that defines a boundary of the region associated with the enterprise. The illustrated embodiment of the enterprise network 205 includes a serving gateway and a packet data node (PDN) gateway (S/PGW) 230. The serving gateway portion of the S/PGW 230 routes and forwards user data packets. The serving gateway portion of the S/PGW 230 implements a control plane stacks to support an interface with a mobility management entity (MME), a control and data plane stacks to support an interface with the PGW portion of the S/PGW 230, and a data plane stacks to support an interface with the small cells 220-222 and [0023] - For example, the enterprise network 205 can verify that the wireless-enabled device 210 is authorized using a verification process. The wireless-enabled device 210 is therefore able to access the enterprise network 205 via the small cell 220, e.g., by establishing a connection to the S/PGW 230, which provides connectivity to external networks. The wireless-enabled device 210 can use the connection to receive services provided by the applications 235 implemented in the enterprise network 205.) As constructed the MME interface with S/PGW represents an authentication node that enterprise uses to verify that the wireless-enabled device 210 is authorized using a verification process [and] wherein the public WWA access network is associated with a mobile network operator, and ... the UE are associated with [an] enterprise entity (FIG. 1 – 120/130 and 125/135 and [0015] - the small cell 105 provides shared access to a private network that is associated with the enterprise (referred to herein as the enterprise network 115) and a plurality of public networks that are owned or operated by a corresponding plurality of mobile network operators, MNO-1 network 120 and MNO-2 network 125 and [0016] - The enterprise network 115 is shown within the perimeter 110 to indicate that the enterprise network 115 is associated with the enterprise and access to the enterprise network 115 is restricted to wireless-enabled devices that are authorized by the enterprise. For example, wireless-enabled devices that are owned by (or issued to) employees can be configured as authorized wireless-enabled devices for accessing the enterprise network 115, as discussed herein and 
 ...the UE is attempting to access a private WWA access network associated with the enterprise entity ([0015] - As used herein, the term “private network” refers to a network that restricts access to a particular group of authorized wireless-enabled devices. For example, a private network implemented by an enterprise can restrict access to the wireless-enabled devices that are owned by the enterprise or registered with the enterprise, which then verifies authorization of the wireless-enabled devices for access and [0041]).
  It would have been obvious to one of ordinary still before the effective filing data of the claimed invention to include to the public WWA access network and authentication of a private... access network of Jones the environment comprising an authentication node of an enterprise network for an enterprise entity... [and] public WWA access network that is associated with a mobile network operator, and ... the UE are associated with the enterprise entity and further ...[a] UE is attempting to access a private WWA access network associated with the enterprise entity as taught by Kahn, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable (i.e., applying the “generated” authentication of Jones within an environment composed of on a public WWA access network and a private WWA access network associated with an enterprise of Kahn).

Regarding Claim 2;
Trim and Kahn disclose the method to Claim 1.
	Trim discloses wherein the generating is performed based on a ... authentication process for the UE performed via the authentication node ([0024] and [0029] - For example, program 150 generates a private (e.g., encrypted, password protected, isolated, and unadvertised (e.g., hidden SSID)) wireless network specifically for a user or group in a geographical limited area for an express purpose or application (e.g., email, accessing confidential information, transmitting sensitive data, connecting to a work intranet, etc.).).
Kahn further teaches further is... performed based on a secondary authentication process authentication process for the UE performed via the authentication node ([0021] - The enterprise network 205 is connected to a set of small cells 220, 221, 222 (collectively referred to herein as “the small cells 220-222”), which provide wireless connectivity within a perimeter 225 that defines a boundary of the region associated with the enterprise. The illustrated embodiment of the enterprise network 205 includes a serving gateway and a packet data node (PDN) gateway (S/PGW) 230. The serving gateway portion of the S/PGW 230 routes and forwards user data packets. The serving gateway portion of the S/PGW 230 implements a control plane stacks to support an interface with a mobility management entity (MME), a control and data plane stacks to support an interface with the PGW portion of the S/PGW 230, and a data plane stacks to support an interface with the small cells 220-222 and [0022] -  The MNO network 215 is connected to a macrocell 240 for providing wireless connectivity. The MNO network 215 includes a home subscriber server (HSS) 245 that is a central database that contains user and subscription related information to support mobility management, call and session establishment support, user authentication, and access authorization. The MNO network 215 also includes an MME 250 that supports paging, bearer activation/deactivation, authentication, and the like.  and [0023] - For example, the enterprise network 205 can verify that the wireless-enabled device 210 is authorized using a verification process. The wireless-enabled device 210 is therefore able to access the enterprise network 205 via the small cell 220, e.g., by establishing a connection to the S/PGW 230, which provides connectivity to external networks. The wireless-enabled device 210 can use the connection to receive services provided by the applications 235 implemented in the enterprise network 205 and [0040]-[0041]) that is subsequent to a primary authentication process for the UE in which the primary authentication process enables the UE to be connected to the public WWA access network (Kahn, [0015] - As used herein, the term “public network” refers to a network that does not restrict access to a particular group of wireless-enabled devices. For example, any wireless-enabled device that has subscribed to receive services from MNO-1 can access the MNO-1 network 120 and any wireless-enabled device that has subscribed to receive services from MNO-2 can access the MNO-2 network 125. Access to a public network is referred to as “public access” and [0022] - The MNO network 215 is connected to a macrocell 240 for providing wireless connectivity. The MNO network 215 includes a home subscriber server (HSS) 245 that is a central database that contains user and subscription related information to support mobility management, call and session establishment support, user authentication, and access authorization).  As reasonably constructed from above, a UE will be authenticated first by the MNO network (i.e., primary) and, if/when a signal, is detected from a small cell from an enterprise an enterprise, the enterprise performs can verify that the wireless-enabled device 210 is authorized using a verification process.
Similar rationale and motivation is noted for the combination of Kahn to Trim and Kahn, as per Claim 1, above.


Regarding Claim 3;
Trim and Kahn disclose the method to Claim 2.
Trim further discloses wherein the ... authentication process is performed based on subscription information associated with the UE ([0023] and [0024] - In example, a user provides a user id in the following format: userA@company1.com. In this example, program 150 recognizes the “@” as the start of a realm identifier, here userA is associated with the company1 realm, division, or group. In various embodiments, individual companies and vendors create specific extensions and procedures and export the extensions to an authentication system (e.g., RADIUS) utilizing vendor-specific attributes (VSA). VSA can be utilized to create or adjust one or more policies contained within policies 124).
Kahn further teaches wherein the secondary authentication process is performed based on subscription information associated with the UE (Kahn, [0041]-[0042] – subscription). 

Regarding Claim(s) 10-11; claim(s) 10-11 is/are directed to a/an media associated with the method claimed in claim(s) 1-2.  Claim(s) 10-11 is/are similar in scope to claim(s) 1-2, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 15-16; claim(s) 15-16 is/are directed to a/an system associated with the method claimed in claim(s) 1-2. Claim(s) 15-16 is/are similar in scope to claim(s) 1-2, and is/are therefore rejected under similar rationale.










Claim(s) 4-5, 12-13, and 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trim et al. (US 2021/0281445 A1) in view of Kahn et al. (US 2018/0262978 A1) and further in view of Norrman (US 2019/0007376 A1).

Regarding Claim 4;
Trim and Kahn disclose the method to Claim 2.
Trim further discloses wherein the ... authentication process ... ([0023] and [0024] - In example, a user provides a user id in the following format: userA@company1.com. In this example, program 150 recognizes the “@” as the start of a realm identifier, here userA is associated with the company1 realm, division, or group. In various embodiments, individual companies and vendors create specific extensions and procedures and export the extensions to an authentication system (e.g., RADIUS) utilizing vendor-specific attributes (VSA). VSA can be utilized to create or adjust one or more policies contained within policies 124).
Kahn further teaches wherein the secondary authentication process ... (Kahn, [0041]-[0042] – subscription). 
Trim and Kahn fail to explicitly disclose wherein the secondary authentication process is an Extensible Authentication Protocol (EAP) authentication process.
However, in an analogous art, Norrman teaches wherein the ... authentication process is an Extensible Authentication Protocol (EAP) authentication process ([0049] – roam and [0067]-[0068] – EAP)
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Norrman to the secondary authentication of Trim and Kahn to include wherein the ... authentication process is an Extensible Authentication Protocol (EAP) authentication process.
One would have been motivated to combine the teachings of Norrman to Trim and Kahn  to do so as it provides / allows protecting privacy of subscribers (Norrman, [0001]). 

Regarding Claim 5;
Trim and Kahn and Norrman disclose the method to Claim 4.
	Norrman further teaches wherein the authentication material is at least one of: an Access Security Management Entity Key ([0063] and [0067]-[0068] – KASME); and an Access and Mobility Management Function Key.

Regarding Claim 12;
Trim and Kahn disclose the media of Claim 11.
Trim further discloses wherein the ... authentication process is performed based on subscription information associated with the UE ([0023] and [0024] - In example, a user provides a user id in the following format: userA@company1.com. In this example, program 150 recognizes the “@” as the start of a realm identifier, here userA is associated with the company1 realm, division, or group. In various embodiments, individual companies and vendors create specific extensions and procedures and export the extensions to an authentication system (e.g., RADIUS) utilizing vendor-specific attributes (VSA). VSA can be utilized to create or adjust one or more policies contained within policies 124).
Kahn further teaches wherein the secondary authentication process is performed based on subscription information associated with the UE (Kahn, [0041]-[0042] – subscription). 
Trim and Kahn fail to explicitly disclose wherein the secondary authentication process is an Extensible Authentication Protocol (EAP) authentication process.
However, in an analogous art, Norrman teaches wherein the ... authentication process is an Extensible Authentication Protocol (EAP) authentication process ([0049] – roam and [0067]-[0068] – EAP)
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Norrman to the secondary authentication of Trim and Kahn to include wherein the ... authentication process is an Extensible Authentication Protocol (EAP) authentication process.
One would have been motivated to combine the teachings of Norrman to Trim and Kahn to do so as it provides / allows protecting privacy of subscribers (Norrman, [0001]). 

Regarding Claim 13;
Trim and Kahn and Norrman disclose the media to Claim 12.
	Norrman further teaches wherein the authentication material is at least one of: an Access Security Management Entity Key ([0063] and [0067]-[0068] – KASME); and an Access and Mobility Management Function Key.

Regarding Claim(s) 17-18; claim(s) 17-18 is/are directed to a/an system associated with the media claimed in claim(s) 12-13.  Claim(s) 17-18 is/are similar in scope to claim(s) 12 and 13 and is/are therefore rejected under similar rationale.

Claim(s) 6, 14, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trim et al. (US 2021/0281445 A1) in view of Kahn et al. (US 2018/0262978 A1) and further in view of Huang et al. (US 8,036,222 B1).

Regarding Claim 6;
Trim and Kahn disclose the method to Claim 2.
Trim further discloses generating, by an authentication node, authentication material... (FIG. 1, [0029] and [0034]).
Trim and Kahn fail to explicitly disclose further comprising: generating, by the authentication node, an authentication success message based on successful generation of the authentication material for the secondary authentication process for the UE, wherein the authentication success message comprises an identifier for the UE and an identifier for the authentication node; and transmitting, by the authentication node, the authentication success message toward the UE.
However, in an analogous art, Huang teaches comprising: generating, by the authentication node, an authentication success message based on successful generation of the authentication material for the secondary authentication process for the UE, wherein the authentication success message comprises [parameters] (FIG. 2 and col. 4, lines 29-45 and col. col. 4, lines 67 – parameters and col,. 5, lines 9-15); and transmitting, by the authentication node, the authentication success message toward the UE (FIG. 2 and col. 4, lines 29-45 and col. col. 4, lines 67 – parameters and col,. 5, lines 9-15).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Huang to the authentication material of Trim and Kahn to include comprising: generating, by the authentication node, an authentication success message based on successful generation of the authentication material for the secondary authentication process for the UE, wherein the authentication success message comprises [parameters]; and transmitting, by the authentication node, the authentication success message toward the UE
One would have been motivated to combine the teachings of Huang to Trim and Kahn  to do so as it provides / allows ensure that data is properly transferred among network elements (Huang, col. 2, lines 27-31).
Further, Huang teaches concepts of where a message comprises an identifier for the UE and an identifier for the authentication node (Huang, col. 4, lines 54-60).
  It would have been obvious to one of ordinary still before the effective filing data of the claimed invention to include an identifier for the UE and an identifier for the authentication node of Huang to the success message as taught by Trim and Kahn and Huang, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable (i.e., further adding  an identifier for the UE and an identifier for the authentication node of Huang to the success message of Trim and Kahn and Huang).

Regarding Claim(s) 14; claim(s) 14 is/are directed to a/an media associated with the method claimed in claim(s) 6.  Claim(s) 14 is/are similar in scope to claim(s) 6, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 19; claim(s) 19 is/are directed to a/an system associated with the method claimed in claim(s) 6.  Claim(s) 19 is/are similar in scope to claim(s) 6, and is/are therefore rejected under similar rationale.

Claim(s) 7-9 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trim et al. (US 2021/0281445 A1) in view of Kahn et al. (US 2018/0262978 A1) and Huang et al. (US 8,036,222 B1) and further in view of Lee (US 8,725,138).

Regarding Claim 7;
Trim and Kahn and Huang disclose the method to Claim 6.
Kahn further techniques broadcasting, via the private WWA access network, [a signal], wherein the private WWA access network is at least one of a private cellular access network and a Citizens Broadband Radio Service (CBRS) access network (Khan, [0041] - Providing cellular coverage and capacity inside of buildings therefore often requires deploying additional hardware such as repeaters, distributed antenna systems, or small cells within the building and  [0015] - As used herein, the term “private network” refers to a network that restricts access to a particular group of authorized wireless-enabled devices. For example, a private network implemented by an enterprise can restrict access to the wireless-enabled devices that are owned by the enterprise or registered with the enterprise, which then verifies authorization of the wireless-enabled devices for access and [0017] - However, the macrocells 130, 135 are not necessarily able to provide wireless connectivity within the perimeter 110, e.g., due to path loss caused by distance, environmental conditions, obstructions such as walls and windows, and the like. The small cell 105 is therefore configured to support shared connectivity with the MNO-1 network 120, the MNO-2 network 125, and the enterprise network 115 so that wireless-enabled devices with subscriptions to MNO-1 and MNO-2 are able to gain public access to the corresponding networks 120, 125 via the small cell 105 and wireless-enabled devices that are authorized by the enterprise can gain private access to the enterprise network 115 via the small cell 105 and [0040]-[0041]).
Trim and Kahn and Huang fail to disclose broadcasting... a fast roaming support indicator.
However, in an analogous art, Lee teaches broadcasting... a fast roaming support indicator (Lee, FIG. 8A-B and col.10, lines 49-64 – In this embodiment the SSID IE of the beacons ... will carrying RIC (i.e., roaming information code) and/or col. 10, lines 65-col. 11, lines 9).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Lee to the broadcasting of Trim and Kahn and Huang to include broadcasting... a fast roaming support indicator.
One would have been motivated to combine the teachings of Lee to Trim and Kahn  to do so as it provides / allows discovering service information usable for selecting a wireless network service provider offered at a public wireless hotspot (Lee, col. 1, lines 5-11).






Regarding Claim 8;
Trim and Kahn and Huang and Lee disclose the method to Claim 7.
	Kahn teaches... enabling the UE to attempt to connect to the private WWA access network (Khan, [0040]-[0041]).
Similar rationale and motivation is noted for the combination of Kahn to Trim and Kahn and Huang and Lee, as per Claim 1, above.
	Huang teaches enabling... to connect... using, at least in part, the identifier for the UE and the identifier for the authentication node (FIG. 2 – Associate Auth Node ID with User ID and MIP Access Request/MIP Access Accept, MIP Reply, and MIP Session Accept).
Similar rationale and motivation is noted for the combination of Huang to Trim and Kahn and Huang and Lee, as per Claim 6, above.
	Lee further teaches wherein the fast roaming support indicator enables the UE to attempt to connect to [a] access network (Lee, FIG. 8A-B).
	Similar rationale and motivation is noted for the combination of Lee to Trim and Kahn and Huang and Lee, as per Claim 7, above.

Regarding Claim 9;
Trim and Kahn and Huang and Lee disclose the method to Claim 8.
Kahn teaches... connection establishment between the UE and private WWA access network (Khan, [0040]-[0041]).
Huang further teaches further comprising: obtaining, by a mobility management node associated with the enterprise entity, the identifier for the UE and the identifier for the authentication node (FIG. 2 – Associate Auth Node ID with User ID); obtaining, by the mobility management node from the authentication node, the authentication material for the UE (FIG. 2 – MIP Request and col. 5, lines 11-16); and facilitating, by the mobility management node, the connection establishment between the UE and the ... access network based, at least in part on the authentication material obtained from the authentication node (FIG. 2 – Associate Auth Node ID with User ID and MIP Access Request/MIP Access Accept, MIP Reply, and MIP Session Accept).

Regarding Claim(s) 20 claim(s) 20 is/are directed to a/an system associated with the method claimed in claim(s) 7-9. Claim(s) 20 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.



Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439