DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement

2.	The information disclosure statement (IDS) submitted on 10/05/2022, and 11/01/2022 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


3.	 Pending claims for reconsideration are claims 1-20. 
 

Response to Arguments

4.	Applicant's arguments filed 10/05/222 are moot in view of grounds of new rejection. 
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over  Patent No.: US 10,432,463 B2 to Likar in view of Pub.No.: US 2019/0053049 A1 to Kunz et al(hereafter referenced as Kunz).
Regarding claim 1, Likar discloses “a method comprising: obtaining a request to authenticate (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] and  a user equipment (UE)(NAS client [Col.4/lines 58-63]) for connection to a wireless wide area access network of an enterprise” (obtain device credentials , the wireless device needs to gain initial network access to a communication network e.g., a LTE network , so as to connect to the network [Fig.1a]) “determining that the UE is capable of connecting to a wireless local area access network of the enterprise utilizing a fast transition capability”(wireless station 130 sends a compilation of neighbors , and also IEEE 802 . 11r fast transition parameters to the cloud - based Wi - Fi controller 110  [Col.7/lines 11-16) ; “authenticating the UE for connection to the wireless wide area access network of the enterprise” (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] via a network , a local area network , an enterprise network [Col.3/lines 3-5]), wherein based on determining that the UE is capable of connecting to the wireless local area access network of the enterprise (User Device Connects and authenticates with Radius server [Fig.6/item 620])  utilizing the fast transition capability” (User Device Changes Access Points at New Location across User Domains with Fast BSS Transition using IEEE 802 . 11 Pre - populated Parameters [Fig.6/item 630]).  
Likar does not explicitly disclose “the authenticating includes generating a root security key for the UE for connection to the wireless local area access network of the enterprise; and upon determining that the UE is attempting to access the wireless local area access network of the enterprise, providing the root security key for the UE to the wireless local area access network to facilitate connection of the UE to the wireless local area access network.”
However, Kunz in an analogous art teaches “the authenticating includes generating a root security key for the UE(user end [Fig3a/item 110]) for connection to the wireless local area access network of the enterprise”(receiving a key exchange inclusive of a symmetric root key Kunz [Fig.5/item 520]); “and upon determining that the UE is attempting to access the wireless local area access network of the enterprise”(sending at least  an indication/determinization associated with security capabilities Kunz[Fig.5/item 510]), “providing the root security key for the UE (deriving a non-access stratum security with symmetric root key Kunz[Fig.5/item 540]) to the wireless local area access network to facilitate connection of the UE(user end Kunz [Fig3a/item 110]) to the wireless local area access network(wireless network Kunz [Fig.1/item 120]).
	Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Likar’s fast BSS transition system in a wireless enterprise network with Kunz process in a wireless system to exchange a security key for a restricted service for unauthenticated equipment. One of ordinary skill would have been motivated to combine because Likar teaches a wireless enterprise network containing an radius authentication procedure within a fast BSS transition system, Kunz teaches a wireless system to exchange a security key for a restricted service for unauthenticated equipment, and both are from the same field of endeavor.
Regarding claim 2 in view of claim 1, the references combined disclose “wherein the authenticating is a secondary authentication process (receiving authentication from a secondary access point Likar[Fig.5b/item 120b) performed for the UE(user device authenticates with RADIUS server Likar [Fig.6/item 600]) that is subsequent to a primary authentication process (receiving authentication from a secondary access point Likar[Fig.5b/item 120b) for the UE in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise”(send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]). 
	Regarding claim 3 in view of claim 2, the references combined disclose “wherein the secondary authentication process is an Extensible Authentication Protocol (EAP) authentication process” (Radius Authentication Protocol Likar[Col.4/lines 2931]).
Regarding claim 4 in view of claim 1, the references combined disclose “wherein the authenticating is a primary authentication process performed for the UE (user device authenticates with RADIUS server Likar [Fig.6/item 600] in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise” (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 5 in view of claim 1, the references combined disclose “wherein when the authenticating includes a primary authentication process, the primary authentication process includes a Subscriber Identity Module (SIM) based authentication process or a non-SIM-based authentication process” (the temporary ID of the UE 110 can have the format of International Mobile Subscriber Identity ( IMSI ) or Globally Unique Temporary Identity ( GUTI ) Kunz[par.0041]).
Regarding claim 6 in view of claim 1, the references combined disclose “wherein the root security key is a Master Session Key (MSK)” (UE 110 and the network 130 , such as the MME 132 can be performed to exchange initial credentials , such as the Public Key of the UE 110 and the Public Key of the MME 132 . Additionally , additional credentials , such as Root key or Master key , which can be a symmetric key can be exchanged between the UE 110 and the network 130 Kunz[par.0044]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein the authenticating includes providing a Service Set Identifier (SSID) for the wireless local area access network of the enterprise  to the UE via the wireless wide area access network of the enterprise” (the temporary ID of the UE 110 can have the format of International Mobile Subscriber Identity ( IMSI ) or Globally Unique Temporary Identity ( GUTI ) Kunz[par.0041]). 
Regarding claim 8 in view of claim 1, the references combined disclose “wherein determining that the UE (wireless device 60 [Fig.1])  is capable of connecting to the wireless local area access network of the enterprise utilizing the fast transition capability includes obtaining an indication from the UE that the UE is capable of the fast transition capability“(system 100 can be applied to other types of networks including IEEE 802 . 11 variants , Global System for Mobile communication ( GSM ) , General Packet Radio Services ( GPRS ) Kunz[par.0016]).
Regarding claim 9 in view of claim 1, the references combined disclose “wherein determining that the UE is capable of connecting to the wireless local area access network of the enterprise utilizing the fast transition capability (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]); “includes obtaining subscription information indicating that the UE is capable of the fast transition capability.” (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 10 in view of claim 1, the references combined disclose “further comprising: providing, by the wireless local area access network, an indication to the UE that the wireless local area access network supports the fast transition capability” (system 100 can be applied to other types of networks including IEEE 802 . 11 variants , Global System for Mobile communication ( GSM ) , General Packet Radio Services ( GPRS ) Kunz[par.0016]).
Regarding claim 11 in view of claim 10, the references combined disclose “wherein the indication is provided via at least one of a broadcast by at least one wireless local area access network node and a probe response transmitted by at least one wireless local area access network node.” (the UE 110 can have received the Public Key of the MME 132 in a broadcast message or within Broadcasted System Information ( SIB ) and then can include the Public Key of the UE 110 in the NAS ATTACH message Kunz[par.0024]).
Regarding claim 12, Likar discloses “one or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform operations, comprising: obtaining a request to authenticate a user equipment (UE) for connection to a wireless wide area access network of an enterprise” (obtain device credentials , the wireless device needs to gain initial network access to a communication network e.g., a LTE network , so as to connect to the network [Fig.1a]); “determining that the UE is capable of connecting to a wireless local area access network of the enterprise utilizing a fast transition capability” (wireless station 130 sends a compilation of neighbors , and also IEEE 802 . 11r fast transition parameters to the cloud - based Wi - Fi controller 110  [Col.7/lines 11-16);  “authenticating the UE for connection to the wireless wide area access network of the enterprise” (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] via a network , a local area network , an enterprise network [Col.3/lines 3-5]),, “wherein based on determining that the UE(wireless device 60 [Fig.1])  is capable of connecting to the wireless local area access network of the enterprise utilizing the fast transition capability” (User Device Changes Access Points at New Location across User Domains with Fast BSS Transition using IEEE 802 . 11 Pre - populated Parameters [Fig.6/item 630]).  
Likar does not explicitly disclose “the authenticating includes generating a root security key for the UE for connection to the wireless local area access network of the enterprise; and upon determining that the UE is attempting to access the wireless local area access network of the enterprise, providing the root security key for the UE to the wireless local area access network to facilitate connection of the UE to the wireless local area access network.”
However, Kunz in an analogous art teaches “the authenticating includes generating a root security key for the UE(user end [Fig3a/item 110]) for connection to the wireless local area access network of the enterprise”(receiving a key exchange inclusive of a symmetric root key Kunz [Fig.5/item 520]); “and upon determining that the UE is attempting to access the wireless local area access network of the enterprise”(sending at least  an indication/determinization associated with security capabilities Kunz[Fig.5/item 510]), “providing the root security key for the UE (deriving a non-access stratum security with symmetric root key Kunz[Fig.5/item 540]) to the wireless local area access network to facilitate connection of the UE(user end Kunz [Fig3a/item 110]) to the wireless local area access network(wireless network Kunz [Fig.1/item 120]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Likar’s fast BSS transition system in a wireless enterprise network with Kunz process in a wireless system to exchange a security key for a restricted service for unauthenticated equipment. One of ordinary skill would have been motivated to combine because Likar teaches a wireless enterprise network containing an radius authentication procedure within a fast BSS transition system, Kunz teaches a wireless system to exchange a security key for a restricted service for unauthenticated equipment, and both are from the same field of endeavor.
Regarding claim 13 in view of claim 12, the references combined disclose “wherein the authenticating is a secondary authentication process (receiving authentication from a secondary access point Likar[Fig.5b/item 120b) performed for the UE(user device authenticates with RADIUS server Likar [Fig.6/item 600]) performed for the UE (receiving authentication from a secondary access point Likar[Fig.5b/item 120b) that is subsequent to a primary authentication process (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] via a network , a local area network , an enterprise network [Col.3/lines 3-5]) for the UE in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise” (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 14 in view of claim 12, the references combined disclose “wherein the authenticating is a primary authentication process performed for the UE user device authenticates with RADIUS server Likar [Fig.6/item 600] in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise”(send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 15 in view of claim 12, the references combined disclose “wherein when the authenticating includes a primary authentication process, the primary authentication process includes a Subscriber Identity Module (SIM) based authentication process or a non-SIM-based authentication process.” (the temporary ID of the UE 110 can have the format of International Mobile Subscriber Identity ( IMSI ) or Globally Unique Temporary Identity ( GUTI ) Kunz[par.0041]).
Regarding claim 16, Stahl discloses “a system comprising: at least one memory element for storing data; and at least one processor for executing instructions associated with the data, wherein executing the instructions causes the system to perform operations, comprising: obtaining a request to authenticate (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] and  a user equipment (UE)(NAS client [Col.4/lines 58-63]) a user equipment (UE) for connection to a wireless wide area access network of an enterprise” (obtain device credentials , the wireless device needs to gain initial network access to a communication network e.g., a LTE network , so as to connect to the network [Fig.1a]); “determining that the UE is capable of connecting to a wireless local area access network of the enterprise utilizing a fast transition capability” (wireless station 130 sends a compilation of neighbors , and also IEEE 802 . 11r fast transition parameters to the cloud - based Wi - Fi controller 110  [Col.7/lines 11-16)); “authenticating the UE  for connection to the wireless wide area access network of the enterprise” (radius server authenticates wireless stations and client devices [Col.4/lines 50-59] via a network , a local area network , an enterprise network [Col.3/lines 3-5]) wherein based on determining that the UE is capable of connecting to the wireless local area access network of the enterprise(User Device Connects and authenticates with Radius server [Fig.6/item 620]) utilizing the fast transition capability” (User Device Changes Access Points at New Location across User Domains with Fast BSS Transition using IEEE 802 . 11 Pre - populated Parameters [Fig.6/item 630]).
Likar does not explicitly disclose “the authenticating includes generating a root security key for the UE for connection to the wireless local area access network of the enterprise; and upon determining that the UE is attempting to access the wireless local area access network of the enterprise, providing the root security key for the UE to the wireless local area access network to facilitate connection of the UE to the wireless local area access network.”
However, Kunz in an analogous art teaches “the authenticating includes generating a root security key for the UE(user end [Fig3a/item 110]) for connection to the wireless local area access network of the enterprise”(receiving a key exchange inclusive of a symmetric root key Kunz [Fig.5/item 520]); “and upon determining that the UE is attempting to access the wireless local area access network of the enterprise”(sending at least  an indication/determinization associated with security capabilities Kunz[Fig.5/item 510]), “providing the root security key for the UE (deriving a non-access stratum security with symmetric root key Kunz[Fig.5/item 540]) to the wireless local area access network to facilitate connection of the UE(user end Kunz [Fig3a/item 110]) to the wireless local area access network(wireless network Kunz [Fig.1/item 120]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Likar’s fast BSS transition system in a wireless enterprise network with Kunz process in a wireless system to exchange a security key for a restricted service for unauthenticated equipment. One of ordinary skill would have been motivated to combine because Likar teaches a wireless enterprise network containing an radius authentication procedure within a fast BSS transition system, Kunz teaches a wireless system to exchange a security key for a restricted service for unauthenticated equipment, and both are from the same field of endeavor.
Regarding claim 17 in view of claim 16, the reference combined disclose “wherein the authenticating is a secondary authentication process (receiving authentication from a secondary access point Likar[Fig.5b/item 120b)  performed for the UE(user device authenticates with RADIUS server Likar [Fig.6/item 600]) that is subsequent to a primary authentication process  (receiving authentication from a secondary access point Likar[Fig.5b/item 120b) for the UE in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise” (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 18 in view of claim 16, the reference combined disclose “wherein the authenticating is a primary authentication process performed for the UE  (user device authenticates with RADIUS server Likar [Fig.6/item 600]) in which the primary authentication process enables the UE to connect to the wireless wide area access network of the enterprise” (send command to initiate fast transition of user device to new preferred access point Likar[Fig.7/item 740]).
Regarding claim 19 in view of claim 16, the reference combined disclose “wherein when the authenticating includes a primary authentication process, the primary authentication process includes a Subscriber Identity Module (SIM) based authentication process or a non-SIM-based authentication process.” (the temporary ID of the UE 110 can have the format of International Mobile Subscriber Identity ( IMSI ) or Globally Unique Temporary Identity ( GUTI ) Kunz[par.0041]).
Regarding claim 20 in view of claim 16, the reference combined disclose “wherein executing the instructions causes the system to perform further operations, comprising: providing, by the wireless local area access network, an indication to the UE that the wireless local area access network supports the fast transition capability.” (system 100 can be applied to other types of networks including IEEE 802 . 11 variants , Global System for Mobile communication ( GSM ) , General Packet Radio Services ( GPRS ) Kunz[par.0016]).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MICHAEL D ANDERSON/Examiner, Art Unit 2433               

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433