Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  1/24/2019. The instant application has claims 1-20 pending. The system, method and medium for establish an device specific tunnel from two networks. There a total of 20 claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1, 8, and 15 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The term "specific" in the context of   VPN connection and SSL connection in a general sense is specific between two end points only, there nothing extraordinary or special about the connection as it is commonly known in the art. The applicant 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



 Claims 15-20 are rejected under 35 USC § 101 as they recite a software program per se which is non-statutory subject matter. See 2106.03, I see citation below.


2106.03    Eligibility Step 1: The Four Categories of Statutory Subject Matter [R-10.2019]
I.    THE FOUR CATEGORIES
As the courts' definitions of machines, manufactures and compositions of matter indicate, a product must have a physical or tangible form in order to fall within one of these statutory categories. Digitech, 758 F.3d at 1348, 111 USPQ2d at 1719. Thus, the Federal Circuit has held that a product claim to an intangible collection of information, even if created by human effort, does not fall within any statutory category. Digitech, 758 F.3d at 1350, 111 USPQ2d at 1720 (claimed "device profile" comprising two sets of data did not meet any of the categories because it was neither a process nor a tangible product). Similarly, software expressed as code or a set of instructions detached from any medium is an idea without physical embodiment. See Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449, 82 USPQ2d 1400, 1407 (2007); see also Benson, 409 U.S. 67, 175 USPQ2d 675 (An "idea" is not patent eligible). Thus, a product claim to a software program that does not also contain at least one structural limitation (such as a "means plus function" limitation) has no physical or tangible form, and thus does not fall within any statutory category. Another example of an intangible product that does not fall within a statutory category is a paradigm or business model for a marketing company. In re Ferguson, 558 F.3d 1359, 1364, 90 USPQ2d 1035, 1039-40 (Fed. Cir. 2009).


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent No. 6032259 Although the claims at issue are not identical, they are not patentably distinct from each other because the instant claims are obvious over ‘259 patent. That is, the ‘259 patent claims recites a dedicated path between first and second network and provides for start and stop scheme(claim 2), similar to instant claims. The details of verifying the first and second devices are allowed connection found in instant claims is only step that is additional.

US App 16/256004
US Patent 6032259
Comments
1. A method comprising:  2receiving a request 

network, said network security system comprising: 
 

 and,   a second computer to said first computer by means of a dedicated 
communications path, 
 
   wherein said first computer removes a header from said first packet and 
sends the remaining first packet to said second computer through said dedicated 
communication path, and wherein said first computer appends a header to a 
second packet received from said second computer through said dedicated 
communication path to send the second packet and header to said external 
network. 
 
   2.  The network security system as set forth in claim 1, wherein said 
dedicated communication path is configured to support a start transmission 
scheme.
.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over SIMPLE-fying Middlebox Policy Enforcement Using SDN to Qazi in view of US Patent 7389534 to He.


Regarding Claim  1, 8,  15, Qazi discloses A method comprising: receiving a request from a first device connected to a first network to connect to a second device connected to a second network(Fig. 4 (b) Switch tunnel TunS5, TunS2);  establishing a first secure network communications tunnel between the first device and the second device, wherein the first secure network communications tunnel is specific to the first and second devices, and wherein the first device is inhibited from accessing other devices that are connected to the second network using the first secure network communications tunnel(3. Simple system overview, the policy and topology of network being considered for tunnel & 4.2 Compact forwarding tables, TunnelTable used to for Switch Tunnel) ; and  terminating the first secure network communications tunnel in 

Qazi does not disclose the verifying the devices. However, He discloses the in response to verifying that a first connection between the first device and the second device is allowed(Fig. 5 item 50, 52, 54).

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify  Qazi  invention of SDN based policy for traffic steering to include verify the first device and second device in order to provide for have user account associated with user being authenticated as taught in He see Col 4 Ln 6-24.
	

Regarding Claim  2, 9,  16, Qazi discloses the method of claim 1 further comprising:  detecting a termination of a session established between the first device and the second device over the secure network communications tunnel, wherein the termination of the session is the security event that results in the termination of the first secure network communications tunnel(Table 1 “IPS Drop?”) .  

Regarding Claim  3, 10, 17, Qazi discloses the method of claim 1 further comprising:  detecting an intrusion attempt based on an attempted access by the first device to a disallowed device over the first secure network  communications tunnel, 

Regarding Claim  4, 11, 18, Qazi discloses the method of claim 1 further comprising:  receiving a set of expected user behaviors corresponding to a user of the first device (Page 29 1. Processing policy , IP address  and location of ingress packets & Fig. 8 collect pkst, correlate flows and install rules & 6.3 Similarity-based correlation); and  comparing the set of expected user behaviors to a set of current user behaviors corresponding to the user's use of the second device over the first secure network communications tunnel, wherein the security event is based on the comparison(Page 29 1. Processing policy & Fig. 8 collect pkst, correlate flows and install rules & 6.3 Similarity-based correlation).  


Regarding Claim  5, 12, 19,  Qazi discloses the method of claim 1 further comprising:  2receiving a set of expected user behaviors corresponding to a user of the 3first device;  4comparing the set of expected user behaviors to a set of current user 5behaviors corresponding to the user's use of the second device over the 6first secure network communications tunnel, wherein the comparison 7results in a security level(6.3 Similarity-based correlation, packets matched the rules & Fig. 8);  8retrieving a security policy corresponding to the security level (Page 34 Policy-specific optimizations & Page 34 Rule checking); and  9triggering a security event in response to the retrieved security 

Regarding Claim  16, 13, 20,  Qazi discloses the method of claim 1 further comprising:  2receiving a set of expected user behaviors corresponding to a user of the 3first device(Fig. 8 item collect pkts and correlate flows and install rules & 6.2 Flow Correlation);  4comparing the set of expected user behaviors to a set of current user 5behaviors corresponding to the user's use of the second device over the  first secure network communications tunnel(Fig. 8 item correlate flows); and disallowing the connection between the first and second devices based on  the comparison, wherein the disallowing inhibits performance of the 9establishment of the first secure network communications tunnel (Page 34 Policy-specific optimizations & Table 1 “Actions Drop”, drop connections based on IDS or Firewall rules)

Regarding Claim  7, Qazi discloses the  terminating the second secure network communications tunnel in response to a detection of a security event(Page 29 1. Processing policy). 

But Qazi does not disclose the third device connection. However, He discloses  Qazi discloses the method of claim 1 further comprising:   receiving a second request from the first device to connect to a third device that is connected to the second network(Fig. 3 item 22A, 22B);   in response to verifying that a second connection between the first device and the third device is allowed(Fig. 5 item 50,52,54):  establishing a second 

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify  Qazi  invention of SDN based policy for traffic steering to include a third device for tunnel connection in order to provide for multiple devices connected to VPN tunnel connections over multiple networks as taught in He see Fig. 4.

	Conclusion	

The Examiner notes that communication through email is permitted only after authorization with submission of PTO/SB/439 form. Please file this form in EFS or thorough central fax before proceeding to communicate via email with the examiner. The submission of the PTO/SB/439 form via email will NOT be accepted.


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Taxonomy of Conflicts in Network Security Policies to Hamed, which discloses the policy based connection over networks to two hosts.

US Patent Pub 2016/0125422 to Blanco, which discloses the rules set being applied for data storage system access.

US Patent 9164795 to Vincent, which discloses establishing an tunnel connections.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov