DETAILED ACTION
The final office action is responsive to the reply filed on 10/06/2022. Claims 1-10 and 24-33 are pending; claims 1-10 and 24-33 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-10 and 24-33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-33 of U.S. Patent No. 11,102,216 B2 (hereinafter P216). Although the claims at issue are not identical, they are not patentably distinct from each other.

Examiner maintains the rejection since Applicant does not explicitly point out any deficiency in the rejection.

Claims 1-10 and 24-33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-33 of U.S. Patent No. 10,574,664 B2 (hereinafter P664). Although the claims at issue are not identical, they are not patentably distinct from each other.

Examiner maintains the rejection since Applicant does not explicitly point out any deficiency in the rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 24, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication 2016/0037386 A1 to Pitchaiah et al. (hereinafter Pitchaiah) in view of U.S. Patent Application Publication 2013/0185426 A1 to CHEVILLAT (hereinafter CHEVILLAT).

As to claim 1, Pitchaiah teaches a computer-implemented method performed at a network gateway device (Techniques are described for controlling the data rate of individual or groups of client devices in a network such as a Wireless Local Area Network (WLAN), Pitchaiah, Abstract), comprising:
generating multiple device zones in a local area network of the network gateway (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0041], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone);
measuring a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4); and
assigning a first computing device to at least one device zone based a current measurement of the network bandwidth usage associated with the at least one device zone (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0061]-[0062], Fig. 4).
Pitchaiah does not explicitly disclose wherein the at least one device zone has a specific set of network access privileges.
CHEVILLAT discloses at least one device zone has a specific set of network access privileges (the network controller 112 provides the option to the network administrator 114 to configure, using setup screen 220, the access to each resource in LAN 110 based on the groups. For example, based on the options provided, the network administrator 114 may select to allow users who are in groups Family or Friends in social network B, to use the local network 228 in LAN 110, as indicated in the column 226 corresponding to the resource local network 228. Therefore, when a user attempts to access the local network in LAN 110, the user will be allowed access if the network controller 112 determines that the user is included in either of the groups Family or Friends that are associated with the user account of the network administrator 114 in social network B, CHEVILLAT, [0034]-[0036]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to assign network access privileges to groups as taught by CHEVILLAT to modify the method of Pitchaiah in order to implement fine-grained access to the network resources so that the overhead of managing registration information and authenticating users for network access, is transferred from the network administrator to the provider of the social networking service.

As to claim 2, Pitchaiah-CHEVILLAT discloses the computer-implemented method of claim 1, further comprising: extracting one or more parameters associated with the first computing device, wherein the one or more parameters include a software related parameter or a hardware related parameter of the first computing device (type of device, location of device, priority of access, or type of access to the network (e.g., wired or wireless link), Pitchaiah, [0039]-[0041], [0065]-[0068]).

As to claim 24, Pitchaiah teaches a computer-readable storage medium storing computer-readable instructions (memory 1025 may store computer-readable, computer-executable software 1030 containing instructions that, when executed, cause the processor 1020 to perform various functions described herein, Pitchaiah, [0103]), comprising:
instructions for generating multiple device zones in a local area network of a network gateway device (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0041], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone);
instructions for measuring a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4); and
instructions for assigning a first computing device to at least one of the device zone based on  a current measurement of the network bandwidth usage associated with the at least one device zone (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0061]-[0062], Fig. 4).
Pitchaiah does not explicitly disclose wherein the at least one device zone has a specific set of network access privileges.
CHEVILLAT discloses at least one device zone has a specific set of network access privileges (the network controller 112 provides the option to the network administrator 114 to configure, using setup screen 220, the access to each resource in LAN 110 based on the groups. For example, based on the options provided, the network administrator 114 may select to allow users who are in groups Family or Friends in social network B, to use the local network 228 in LAN 110, as indicated in the column 226 corresponding to the resource local network 228. Therefore, when a user attempts to access the local network in LAN 110, the user will be allowed access if the network controller 112 determines that the user is included in either of the groups Family or Friends that are associated with the user account of the network administrator 114 in social network B, CHEVILLAT, [0034]-[0036]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to assign network access privileges to groups as taught by CHEVILLAT to modify the non-transitory computer-readable storage medium of Pitchaiah in order to implement fine-grained access to the network resources so that the overhead of managing registration information and authenticating users for network access, is transferred from the network administrator to the provider of the social networking service.

As to claim 32, Pitchaiah teaches a system for managing device zones, comprising:
a memory configured to store non-transitory computer readable instructions (memory 1025 may store computer-readable, computer-executable software 1030 containing instructions that, when executed, cause the processor 1020 to perform various functions described herein, Pitchaiah, [0102]-[0103]); and a processor communicatively coupled to the memory (a processor 1020, Pitchaiah, [0102]-[0103]), wherein the processor, when executing the non-transitory computer readable instructions, is configured to:
generate multiple device zones in a local area network of a network gateway device (The AP (e.g. network gateway) may group client devices (e.g. devices) based on data usage, geographic location, service requirements, priority, randomly, or based on other organization schemes. The AP may group the client devices to enable different types of priority access to the served WLAN of the AP, for example, by device type, by price or level of service purchased by users of the client devices in the WLAN, etc. The AP may additionally or alternatively group the client devices based on minimum service requirements, to maintain fairness or equality of bandwidth usage in the WLAN, to manage the congestion level in the WLAN, etc, Pitchaiah, [0028]-[0029], [0039]-[0041], [0065]-[0068], Fig. 2. Note: 1. Fig. 2 shows two groups; 2. Pitchaiah’s group reads on claimed zone);
measure a network bandwidth usage associated with the multiple device zones in the local area network (AP 105-e may access data usage information (e.g. network bandwidth usage) for the client device 110-n and/or for the other client devices served by AP 105-e (e.g., client devices 110-l and 110-m) at 430. In some examples, the data usage information may include the amount or type of data communicated by a client device 110 relative to a time of a day or reference clock, information of the applications most frequently used by a client device 110 and the type/amount of data, periodic sleep cycles of a client device 110, and other similar data usage information, Pitchaiah, [0060], Fig. 4); and
assign a first computing device to at least one device zone based on a current measurement of the network bandwidth usage associated with the at least one device zone (The AP 105-e may then determine at least one channel characteristic threshold for the client device 110-n based on the accessed data usage information and/or the traffic information at 435 and assign the client device 110-n to the first group based on the information accessed at 430 and the determined channel characteristic threshold(s) at 445, Pitchaiah, [0061]-[0062], Fig. 4).
Pitchaiah does not explicitly disclose wherein the at least one device zone has a specific set of network access privileges.
CHEVILLAT discloses at least one device zone has a specific set of network access privileges (the network controller 112 provides the option to the network administrator 114 to configure, using setup screen 220, the access to each resource in LAN 110 based on the groups. For example, based on the options provided, the network administrator 114 may select to allow users who are in groups Family or Friends in social network B, to use the local network 228 in LAN 110, as indicated in the column 226 corresponding to the resource local network 228. Therefore, when a user attempts to access the local network in LAN 110, the user will be allowed access if the network controller 112 determines that the user is included in either of the groups Family or Friends that are associated with the user account of the network administrator 114 in social network B, CHEVILLAT, [0034]-[0036]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to assign network access privileges to groups as taught by CHEVILLAT to modify the system of Pitchaiah in order to implement fine-grained access to the network resources so that the overhead of managing registration information and authenticating users for network access, is transferred from the network administrator to the provider of the social networking service.

Claims 3-4, 6-10, and 25-31 are rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by CHEVILLAT as applied to claims 2, 24, and 32 above, and further in view of U.S. Patent Application Publication 2007/0011725 A1 to Sahay et al. (hereinafter Sahay).

As to claim 3, Pitchaiah-CHEVILLAT substantially discloses a computer-implemented method as set forth in claim 2 above.
Pitchaiah-CHEVILLAT does not explicitly disclose assigning the first computing device to a new device zone in an event the first computing device is not in a known-devices list, wherein the new device zone restricts the first computing device from accessing other resources in the local area network while providing limited access to the external network.
Sahay discloses assigning a first computing device to a new device zone in an event the first computing device is not in a known-devices list, wherein the new device zone restricts the first computing device from accessing other resources in local area network while providing limited access to external network (Sahay, [0042]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-CHEVILLAT in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network.

As to claim 4, Pitchaiah-CHEVILLAT-Sahay discloses the computer-implemented method of claim 3 further comprising: determining a type of the first computing device based on the one or more parameters; and assigning the first computing device from the new device zone to one of the multiple device zones based on the type of the first computing device (Pitchaiah, [0039]-[0041], [0065]-[0068]; Sahay, [0042], [0046]).

As to claim 6, Pitchaiah-CHEVILLAT-Sahay discloses the computer-implemented method of claim 3, wherein providing the limited access to the external network includes limiting an available network bandwidth to the first computing device (Pitchaiah, [0059]).

As to claim 7, Pitchaiah-CHEVILLAT-Sahay discloses the computer-implemented method of claim 4, wherein assigning the first computing device to one of the device zones includes assigning the first computing device to a PC zone if the first computing device is of a personal computer type, wherein the PC zone allows the first computing device to access other computing devices in the PC zone, at least some other resources in the local area network, and the external network (Sahay, [0041]-[0043], [0031]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-CHEVILLAT-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network.

As to claim 8, Pitchaiah-CHEVILLAT-Sahay discloses the computer-implemented method of claim 4, wherein assigning the first computing device to one of the device zones includes assigning the first computing device to a mobile device zone if the first computing device is of a mobile device type, wherein the mobile device zone allows the first computing device to access the external network while restricting the first computing device from accessing other resources in the local area network other than a portion of the data storage system (Sahay, [0046], [0041]-[0043], [0031]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-CHEVILLAT-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network.

As to claim 9, Pitchaiah-CHEVILLAT substantially discloses a computer-implemented method as set forth in claim 2 above.
Pitchaiah-CHEVILLAT does not explicitly disclose determining from the one or more parameters that the first computing device failed an integrity or a security check, and moving the first computing device to a timeout zone, wherein the timeout zone restricts the first computing device from accessing other resources in the local area network while permitting limited access to the external network.
Sahay discloses determining from one or more parameters that a first computing device failed an integrity or a security check, and moving the first computing device to a timeout zone, wherein the timeout zone restricts the first computing device from accessing other resources in local area network while permitting limited access to external network (Sahay, [0041]-[0042]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah-CHEVILLAT-Sahay in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network.

As to claim 10, Pitchaiah-CHEVILLAT-Sahay discloses the computer-implemented method of claim 9 further comprising: generating an alert to indicate a user associated with the network gateway device that the first computing device failed the integrity or security check (Sahay, [0041]-[0042]). It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to establish plural access zones with different access privileges and to assign client devices to different access zones accordingly as taught by Sahay to modify the method of Pitchaiah in order to provide means to detect the corrupted device or to prevent it from compromising the security of the entire network.

As to claims 25-31, the same reasoning applies mutatis mutandis to the corresponding non-transitory computer-readable storage medium claims 25-31. Accordingly, claims 25-31 are rejected over Pitchaiah in view of CHEVILLAT and Sahay.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by CHEVILLAT and Sahay as applied to claim 4 above, and further in view of U.S. Patent Application Publication 2016/0212099 A1 to Zou et al. (hereinafter Zou).

As to claim 5, Pitchaiah-CHEVILLAT-Sahay substantially disclose a computer-implemented method as set forth in claim 4.
Pitchaiah-CHEVILLAT-Sahay does not explicitly disclose generating, by the network gateway device, a notification recommending a specified zone to which the first computing device is to be assigned, and receiving an approval from a user associated with the network gateway device to assign the first computing device to the specified zone.
Zou disclose generating a notification recommending a specified zone to which a first computing device is to be assigned, and receiving an approval from a user associated with a network gateway device to assign the first computing device to the specified zone (Zou, [0056]).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to use device and user profiles to build traffic rules/filters as taught by Zou to modify the method of Pitchaiah-CHEVILLAT-Sahay in order to prevent attacks against IoT devices and to ensure that such devices are not compromised.

Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Pitchaiah modified by CHEVILLAT as applied to claim 32 above, and further in view of U.S. Patent 10,177,933 B2 to Burks et al. (hereinafter Burks).

As to claim 33, Pitchaiah-CHEVILLAT substantially discloses a system as set forth in claim 32 above.
Pitchaiah-CHEVILLAT does not explicitly disclose the network gateway device is a set-top box.
Burks discloses a network gateway device is a set-top box (coordinator 1310 can be implemented in a desktop computer, a Wi-Fi or access-point unit, a dedicated accessory-control base station, a set-top box for a television or other appliance (which can implement base station functionality in addition to interacting with the television or other appliance), or any other electronic device as desired, Burks, Col. 29, Line 20-40).
It would have been obvious to one having ordinary skill in the art at the time the application of the invention was filed to use set-top box as taught by Burks to modify the system of Pitchaiah-CHEVILLAT in order to provide same services with less devices.

Response to Arguments
Applicant's arguments filed 10/06/2022 have been fully considered but they are not persuasive.
Regarding Applicant’s argument “Applicant is willing to consider filling a Terminal Disclaimer for U.S. Patent No. 11,102,216 and 10,574,664 to address the double patent rejections once all other rejections are fully addressed” on page 7, Examiner respectfully disagrees.
Examiner noticed that Applicant’s willingness to file Terminal Disclaimer to address the double patent rejections. However, without actually filing Terminal Disclaimer and explicitly pointing out any deficiency in the rejection by Applicant, Examiner maintains the rejections.

Applicant’s arguments with respect to the rejection to claim(s) 1, 2, 24 and 32 under 35 U.S.C. § 102(a)(1) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RUOLEI ZONG whose telephone number is (571)270-7522. The examiner can normally be reached Monday-Friday 9:00AM-5:30PM IFP.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached on (571)272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RUOLEI ZONG/Primary Examiner, Art Unit 2441                                                                                                                                                                                                        11/23/2022