DETAILED ACTION
This action is in response to the initial claims filed 2/19/2021.  Claims 1-20 are pending.  Independent claims 1, 8 and 15, and corresponding dependent claims are directed towards a system, method and non-transitory computer-readable physical storage for management of network intercept portals for network devices with durable and non-durable identifiers.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Drawings
The drawings are objected to because:	Fig. 3 item 300 is not described in the specification;	Fig. 4 item 400 is not described in the specification;	Fig. 4 steps (5) and (18) have a leading “/”;	Fig. 5 item 518 is not described in the specification;	Fig. 6 item 600 is not described in the specification;	Fig. 6 steps (5), (10.2) and (19) have a leading “/”; and	Fig. 8 and Fig. 9 none of the items 902, 904, 906, 908, 910, 911, 912, 914 and 916 are described in the specification.	Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Incorporation by Reference
Per 7 C.F.R. 1.57 (f), The examiner may require the applicant to supply a copy of the material incorporated by reference. If the Office requires the applicant to supply a copy of material incorporated by reference, the material must be accompanied by a statement that the copy supplied consists of the same material incorporated by reference in the referencing application.
As Examiner is unable to readily locate a copy of the “HS 2.0 Specification (“Release 3”)” incorporated in its entirety in [0015], Examiner requires the applicant supply a copy for evaluation.
Specification
The disclosure is objected to because of the following informalities:	[0014] the first recitations of the acronyms URL, EAP, SIM, AKA, ITLS and TLS are not expanded;	[0019] the first recitation of the acronym PDA is not expanded;	[0019] l. 13 “access points 121, 123, 125, 127” should also include “129” per Fig. 1;	[0020] the first recitation of the acronym SSID is not expanded;	[0023] the first recitation of the acronym PSK is not expanded;	[0025] l. 1 and [0027] l. 1, Referring to Fig. 3, “100” should most likely be “300”, this change also requires “100” be placed elsewhere in the specification (suggest [0019]) as there are no other recitations of item “100” of Fig. 1;	[0032] l. 9 “causes the user device 402 to redirect to another network resource” for missing verbiage;	[0033] the first recitation of the acronym HTTP is not expanded;	[0035] the first recitation of the acronym CPU is not expanded;	[0043] l. 2 “transmitting” should read “transmits”;	[0044] l. 1 “block 516” should be “block 518”;	[0047] l. 8 “At (10,4)” should read “At (10.4)”;	[0047] ll. 11-12 “causes the user device 602 to redirect to another network resource” for missing verbiage; and	[0051] l. 1 “in response to (5), (10.2), and/or (13)” should most likely read “in response to (5), (10.2), and/or (19)”, per Fig. 6.	Appropriate correction is required.
Claim Objections
Claim 1 is objected to because of the following informalities, shown with suggested amendments:	Claim 1 l. 3 the first recitation of the acronym “RADIUS” is not expanded.	Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. § 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claim 1, the claimed invention is drawn to a “system” comprising a “cloud network management server”, and a “network management device”.  Which can be broadly interpreted as various types of software (software modules, virtualized hardware (e.g. virtual machines/devices, virtual processors, etc.), data, programming code, etc.).  Thus, it is not clear whether the claimed elements of the “system” are tangibly-embodied structural features, or software, per se.  As such the invention does not fall within at least one of the four categories of patent eligible subject matter recited in 35 U.S.C § 101 (process, machine, manufacture or composition of matter).  Examiner recommends including some form of a “hardware processor” (e.g. hardware processor, microprocessor, microcontroller, etc.) or “memory” (i.e. medium, RAM, ROM, etc.) as a claimed element of the “cloud network management server”, “network management device” or “system” as neither a “hardware processor” or “memory” can be broadly interpreted as software.
Claims 2-7 further fail to recite any positive structural limitations to overcome the 35 U.S.C. §101 issues of claim 1 discussed above, and are also rejected.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-5, 7-8, 11-12, 14-15, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian et al. (US 2015/0089594 A1), published Mar. 26, 2015, in view of Huang et al. (US 2013/0291068 A1), published Oct. 31, 2013, in view of Williams et al. (US 2019/0124041 A1), published Apr. 25, 2019.
As to claims 1, 8 and 15, Subramanian substantially discloses a system (Subramanian Fig. 1 item 100; [0025] subscriber network with devices), method (Subramanian [0008] method performed by policy server involving service router and subscriber network) and non-transitory computer-readable physical storage (Subramanian [0068]), hereinafter referred to as a system, for enabling a captive portal using durable and non-durable device identifiers, the system comprising:	a RADIUS server (Subramanian Fig. 1 item 180 policy server; [0034] policy server may be RADIUS server) to authenticate user devices (Subramanian Fig. 1 items 110, 120, 130 and 140; [0025] customer equipment including devices and residential gateway); and	a network management device (Subramanian Fig. 1 item 160 service router) configured to:		receive a request from a user device to access a first network resource on an external network (Subramanian [0062] user device behind residential gateway sends HTTP get request to service router 160 requesting website; [0032] network 165 connected to Internet);		transmit an access request to the RADIUS server (Subramanian [0059] service router sends RADIUS request to policy server), wherein the access request includes a durable identifier associated with the user device (Subramanian [0049] access request message sent to policy server includes subscriber identifier; [0025] customer equipment associated with subscriber identifier identifying account name) and a non-durable identifier associated with the user device (Subramanian [0049] access request message sent to policy server includes MAC address);		receive, from the RADIUS server, a first indication that the access request has been granted and a second indication that an additional user input is requested by a service provider (Subramanian [0060] policy server determines device is certified or allowed, but subscriber unknown, sends access-accept message (first indication) to service router with default profile (second indication) that redirects all HTTP requests to service portal 190 which requires user input; [0034] policy server is controlled by service provider for managing a subscriber network; [0065] service portal requiring user input selection of subscriber plan (i.e. terms of service, payment, billing information etc.));		forward the first indication to a wireless controller (Subramanian [0029] residential gateway providing wireless) associated with the user device (Subramanian [0061] after receiving access-accept response from policy server, service router works to facilitate request; Fig. 5 item 530 DHCP between residential gateway and DHCP server (i.e. customer equipment would receive the indication that access has been accepted)), without forwarding the second indication (Subramanian [0055] default profile is for use at service router, and it would not be forwarded to customer equipment);		receive an accounting start request to forward, to the RADIUS server, an indication that network access granted to the user device has been initiated (Subramanian [0060] accounting start message sent from service router to policy server (RADIUS server) in response to gateway receiving IP address from DHCP); and		cause the user device to be directed to a second network resource configured to receive the additional user input requested by the service provider (Subramanian Fig. 5 item 540-570 [0062]-[0065] HTTP Get redirected to service portal for user selection of service plan).	Subramanian fails to explicitly disclose a cloud network management server  configured to communicate with a RADIUS server; and causing the user device to be directed to a second network resource without forwarding the accounting start request to the RADIUS server.	Huang describes methods for managing cloud zones.	With this in mind, Huang discloses a cloud network management server (Huang Fig. 5 item 510; [0065]-[0066] cloud management server) configured to communicate with a RADIUS server (Huang [0031] server 106 can be RADIUS server for authentication service; [0067] cloud management server sending commands to resources in zones (servers)).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the cloud management server of Huang with the subscriber network of Subramanian, such that the policy server (RADIUS server) is a server managed by a cloud management server, as it would advantageously provide a single resource for managing groups of resources, improving scalability and reducing maintenance (Huang [0069]).	Subramanian and Huang fail to explicitly disclose causing the user device to be directed to a second network resource without forwarding the accounting start request to the RADIUS server.	Williams describes regulation of network media access.	With this in mind, Williams discloses causing the user device to be directed to a second network resource without forwarding the accounting start request to the RADIUS server (Williams Fig. 4 steps 9-10; [0070] HTTP Get is redirected to authentication portal (step 9-10); Fig. 4 step 15; [0071] accounting start request message is sent (occurring after portal redirect)).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the portal redirect of Williams with the portal redirect of Subramanian and Huang, such that an accounting start message is not sent until after the consumer has completed the redirect portal, as it would advantageously provide media content controls to regulate/limit viewer access to content (Williams [0021] & [0023]).
As to claims 4 and 11, Subramanian, Huang and Williams disclose the invention as claimed as described in claims 1 and 8, respectively, including the second network resource is a Web page (Subramanian [0035] portal is web portal accessed via HTTP), and the external network is the Internet (Subramanian [0032] network 165 connected to other networks forming part of the Internet).
As to claims 5, 12 and 18, Subramanian, Huang and Williams disclose the invention as claimed as described in claims 1, 8 and 15, respectively, including wherein the additional input requested by the cloud network management server comprises a user acceptance of an updated protocol associated with the network access to be granted to the user device (Subramanian [0034] service level agreements).
As to claims 7, 14 and 20, Subramanian, Huang and Williams disclose the invention as claimed as described in claims 1, 8 and 15, respectively, including wherein the non-durable identifier associated with the user device is a media access control (MAC) address of the user device (Subramanian [0010] identifier is MAC address).
Claims 6, 13 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian et al. (US 2015/0089594 A1), published Mar. 26, 2015, in view of Huang et al. (US 2013/0291068 A1), published Oct. 31, 2013, in view of Williams et al. (US 2019/0124041 A1), published Apr. 25, 2019, in view of Pularikkal et al. (US 2017/0230905 A1), published Aug. 10, 2017.
As to claims 6, 13 and 19 Subramanian, Huang and Williams substantially disclose the invention as claimed as described in claims 1, 8 and 15, respectively, including wherein the durable identifier associated with the user device is a parameter included in a user profile stored in the user device (Subramanian [0049] access request message sent to policy server includes subscriber identifier; [0025] customer equipment associated with subscriber identifier identifying account name).	Subramanian, Huang and Williams fail to explicitly disclose wherein the user profile is according to the Hotspot 2.0 Specification.	Pularikkal describes a system for hotspot onboarding of user equipment in a network environment.	With this in mind, Pularikkal discloses wherein the user profile is according to the Hotspot 2.0 Specification (Pularikkal [0015]-[0016] Hotspot 2.0 network creates user profile which is downloaded to subscriber’s UE and used to access other Wi-Fi AP of Hotspot 2.0 network).  It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to combine the Hotspot 2.0 network/subscriber profile of Pularikkal with the subscriber profile of Subramanian, Huang and Williams, such that the subscriber identifier used is a Hotspot 2.0 profile, as it would advantageously provide for seamless user experience when connecting to networks (Pularikkal [0014]).
Allowable Subject Matter
Claims 2-3 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. § 101, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
Claims 9-10 and 16-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
Regarding claims 2, 9 and 16, and their dependent claims, the prior art of record fails to disclose or fairly suggest, in combination, a system, method, or non-transitory computer-readable physical storage, in which a network management device establishes initial network access authorization with a RADIUS server for a user equipment using durable and non-durable identifiers, the access resulting in a redirect, without forwarding of a received accounting start request, to a second resource for input of additional input, as shown in claims 1, 8 and 15, and further wherein a third indication is received from a cloud management network server that additional input has been provided by a user device at a second resource (capture portal) to which the user device has been redirected, in the specific manner and combination as recited in claims 2, 9 and 16.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Cisco, “Understanding RADIUS” an incorporated reference is related to the RADIUS protocol.
Vercellone et al. (US 2009/0125995 A1) is related to web portals and time based accounting of access services.
Chambers et al. (US 2014/0068030 A1) is related to access control policies.
Kasper et al. (US 2009/0183247 A1) is related to biometric network security including capture portals and RADIUS servers.
Pichna et al. (US 2011/0302643 A1) is related to captive portal and AAA server usage.
Spencer (US 2019/0253409 A1) is related to captive portal authentication.
Han et al. (US 2015/0089592 A1) is related to captive portals and RADIUS servers on a cloud.
Short et al. (US 2006/0239254 A1) is related to accounting starts and captive portals.
Noro et al. (US 2012/0290724 A1) is related to network redirection.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ERIC W SHEPPERD whose telephone number is (571)270-5654.  The examiner can normally be reached on Monday - Thursday, Alt. Friday, 7:30AM - 5:00PM, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Eric W Shepperd/Primary Examiner, Art Unit 2492