DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 10/18/2018.
Claims 1-13 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Should applicant desire to obtain the benefit of foreign priority under 35 U.S.C. 119(a)-(d) prior to declaration of an interference, a certified English translation of the foreign application must be submitted in reply to this action.  37 CFR 41.154(b) and 41.202(e).
Failure to provide a certified translation may result in no benefit being accorded for the non-English application. 



Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 11/20/2018, 12/27/2018 and 07/01/2019 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Claim Objections
Claims 12-13 are objected to because of the following informalities: these claims recites the limitation “The VPN control device of claim 11”.  It should be changed to “The control device of claim 11” for consistency.  Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:


The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
The limitations “the terminal configured to send…”, “the router gateway … configured to send a first handshake” and “the VPN device…configured to receive the first handshake…, determine a session parameter…, attempt to authenticate…, set an IP address… and notify the terminal…” in claim 6.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification (see paragraphs 0048, 0088 and 0111 of the Applicant’s specification) as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claimed invention does not direct to any concrete thing consisting of parts or devices.  Claim 11 recites a control device which comprises a communication interface and processor.  The specification as originally filed fails to set forth the metes and bounds of what is meant to be encompassed by the terms “processor” and “communication interface”.  As such, it is reasonable to interpret the term “processor” as software per se (see Computer Desktop Encyclopedia), and the term “communication interface” as also software per se.  Therefore, claim 11 is not patent-eligible subject matter.
The dependent claims 12-13 are depended on the rejected base claim, and are rejected for the same rationales.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 6, 8-9, 11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Mudigonda el al. (US 20160087941) (hereinafter Mudigonda) in view of Martini (US 20150052345) (hereinafter Martini).

    PNG
    media_image1.png
    667
    1066
    media_image1.png
    Greyscale

comprising: 
receiving, by a VPN control device, a first handshake message from a router gateway, the first handshake message being received from the router gateway (Mudigonda: paragraphs 0006 and 0076, “a second connection is established between the proxy server and a VPN gateway configured to support the tenant. In an embodiment, a second connection 310 may be established in response to proxy server 304a receiving URI 120 and identifying VPN gateway 306a according to the tenant portion of URI 120. Connection 310 is established between proxy server 304a and VPN gateway 306a in the current example”) after the router gateway receives a second handshake message from the terminal, and the second handshake message initiating a negotiation process of a first Secure Sockets Layer (SSL) session to the VPN control device (Mudigonda: paragraphs 0006, 0071 and 0074, “a first connection is established between the client device and a proxy server according to the secure communications protocol. In an embodiment, a first connection 308 may be established in response to receiving URI 120. Connection 308 is established between client device 102a and proxy server”   “This may include performing authentication, agreeing on encryption according to an encryption layer of SSL/TLS (perform a SSL/TLS handshake over the TCP connection) to protect data traffic”); 
determining, by the VPN control device according to the first handshake message, a session parameter of the first SSL session by negotiating with the terminal (Mudigonda: paragraphs 0006, 0080 and 0083, “a SSTP handshake is performed between the client device and the VPN gateway configured to support the tenant. …When a client tries to establish a SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer between the client device and the proxy server (e.g., see step 604 of FIG. 6 described above). Over this HTTPS layer, an SSTP handshake may be performed to enable communications to be made over the VPN tunnel using SSTP. The SSTP handshake may involve the VPN gateway communicating with the client device to determine authentication and/or other procedures performed during an SSTP handshake”); 
attempting, by the VPN control device, to authenticate the terminal using the first SSL session (Mudigonda: paragraphs 0006, 0080 and 0083, “a SSTP handshake is performed between the client device and the VPN gateway …The SSTP 
determining, by the VPN control device, an Internet Protocol (IP) address of a first VPN gateway to which the terminal is allowed to connect after the terminal is authenticated (Mudigonda: paragraphs 0006, 0042, 0075, 0080 and 0082-0083, “The tenant portions of the connection strings are mapped to corresponding gateways. A gateway to which a connection string is mapped is enabled to establish a tunnel between the corresponding client device and corresponding identified tenant”…“after VPN tunnel 122 (FIG. 1) is established between client app 128a and VPN gateway 306a, application traffic may flow between tenant 112a at application server(s) 106a and client app 128a through VPN gateway 306a”); and 
Mudigonda does not explicitly disclose the following limitation which is disclosed by Martini, notifying, by the VPN control device, the terminal of the IP address of the first VPN gateway (Martini: paragraphs 0024 and 0047-0048, “the network gateway 102 may select the MitM gateway 104 for the communication between the browser device 106 and the server 118 and thus may return a redirect to the network address of the MitM gateway 104 to the browser device”).  Mudigonda and Martini are analogous art because they are from the same field of endeavor, secure communication.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Mudigonda and Martini before him or her, to modify the system of Mudigonda to include notifiying an IP address of a selected gateway to the terminal (i.e., the browser device) of Martini.  The 

Regarding claim 6, claim 6 discloses a system claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 6 and rejected for the same reasons.

Regarding claim 11, Regarding claim 11, claim 11 discloses a device claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 11 and rejected for the same reasons.

Regarding claims 3, 8 and 13, Mudigonda as modified discloses comprising, by the VPN control device, the first VPN gateway of an IP address of the terminal and the session parameter of the first SSL session, the first VPN gateway storing the IP address of the terminal and the session parameter of the first SSL session, and the session parameter comprising a session key, a session identifier, and an encryption algorithm (Mudigonda: paragraphs 0074 and 0082-0083, “a HTTPS handshake is performed between the proxy server and the client device. In an embodiment, where HTTPS is the secure communications protocol, a HTTPS handshake may be performed between client app 128a and proxy server 304a to establish the HTTPS connection over first connection 308. This may include performing 

Regarding claims 4 and 9, Mudigonda as modified discloses sending, by the terminal, a third handshake message to the first VPN gateway, the third handshake message initiating a negotiation process of a second SSL session to the first VPN gateway, the third handshake message carrying the session identifier and a ciphertext, and the ciphertext being generated by encrypting the IP address of the terminal using the session key and the encryption algorithm (Martini: paragraphs 0048 and 0050, “The browser device 106 requests an encrypted connection with the device at the received address, which is the MitM gateway 104 (310). For example, the browser device 106 may send to the MitM gateway 104 an SSL Hello or other encryption handshake message. In another example, the MitM gateway 104 may have multiple network addresses, each associated with known destination URLs. When a connection request is received at one of the multiple addresses, the MitM gateway 104 may look up the associated URL. The browser device 106 and the MitM gateway 104 establish a first encrypted connection”… “The browser device 106 generates traffic, encrypts the traffic into a first encrypted form, and passes the traffic to the MitM gateway 104 (318). For example, the browser device can create a HTTP Get request for the data object. The browser device can encrypt the HTTP Get request according to the requirements of the encrypted connection with the MitM gateway 104 and pass the encrypted HTTP Get request to the MitM gateway”).

Allowable Subject Matter
Claims 2, 5, 7, 10 and 12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/TRANG T DOAN/Primary Examiner, Art Unit 2431