EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with Daniel Osborne (Reg. No. 76,575) on 3/16/21.

The application has been amended as follows:

Rewrite claim 1 as follows:
“1.	(Currently Amended) A system, comprising:
a client device comprising at least one processor; and
a memory comprising machine-readable instructions, wherein the machine-readable instructions, when executed by the at least one processor, cause the client device to at least:
monitor, by a monitoring application executed by the client device, an initialization process executing on the client device to detect system calls from the initialization process;
identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file;
identify an application-specific virtual private network (VPN) configuration based on the application identifier;
wherein the application-specific network adapter [[being]] is configured to use a domain name system (DNS) server and a subnet mask specified by [[an]] the application-specific VPN configuration, the application-specific network adapter being created based on a determination that [[an]] the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process; and
enable, by the monitoring application, a VPN connection on the application-specific network adapter for the application.”;

Rewrite claim 2 as follows:
“2.	(Currently Amended) The system of claim 1, wherein the application-specific VPN configuration specifies a network tunnel adapter or a network tap adapter.

Rewrite claim 4 as follows:
“4.	(Currently Amended) The system of claim 2, wherein the application-specific VPN configuration specifies a media access control (MAC) address for the application-specific network adapter. 

Rewrite claim 8 as follows:
“8.	(Currently Amended) A method, comprising:
monitoring, by a monitoring application executed by a client device, an initialization process executing on the client device to detect system calls from the initialization process;
identifying an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file;
identifying an application-specific virtual private network (VPN) configuration based on the application identifier;
creating and configuring, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter [[being]] is configured to use a domain name system (DNS) server and a subnet mask specified by [[an]] the application-specific VPN configuration, the application-specific network adapter being created based on a determination that [[an]]the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process; and
enabling, by the monitoring application, a VPN connection on the application-specific network adapter for the application.”;

Rewrite claim 9 as follows:
“9.	(Currently Amended) The method of claim 8, wherein the application-specific VPN configuration specifies a network tunnel adapter or a network tap adapter.  

Rewrite claim 11 as follows:
“11.	(Currently Amended) The method of claim 9, wherein the application-specific VPN configuration specifies a media access control (MAC) address for the application-specific network adapter. 

Rewrite claim 15 as follows:
“15.	(Currently Amended) A non-transitory computer-readable medium comprising machine-readable instructions, wherein the machine-readable instructions, when executed by at least one processor, cause a client device to at least:
monitor, by a monitoring application executed by the client device, an initialization process executing on the at least one computing device to detect system calls from the initialization process;
identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file;
identify an application-specific virtual private network (VPN) configuration based on the application identifier;
create and configure, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter [[being]] is configured to use a domain name system (DNS) server and a subnet mask specified by [[an]] the application-specific VPN configuration, the application-specific network adapter being created based on a determination that [[an]]the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process; and
enable, by the monitoring application, a VPN connection on the application-specific network adapter for the application.”;

Rewrite claim 16 as follows:
“16.	(Currently Amended) The non-transitory computer-readable medium of claim 15, wherein the application-specific VPN configuration specifies a network tunnel adapter or a network tap adapter. 

Rewrite claim 18 as follows:
“18.	(Currently Amended) The non-transitory computer-readable medium of claim 16, wherein the application-specific VPN configuration specifies a media access control (MAC) address for the application-specific network adapter.  

Allowable Subject Matter
Claims 1-20 are allowed.

The following is an examiner’s statement of reasons for allowance: the prior art of record does not render obvious nor anticipate the combination of claimed elements, including limitations of “a system, comprising: a client device comprising at least one processor; and a memory comprising machine-readable instructions, wherein the machine-readable instructions, when executed by the at least one processor, cause the client device to at least: identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file; identify an application-specific virtual private network (VPN) configuration based on the application identifier; and create and configure, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter is configured to use a domain name system (DNS) server and a subnet mask specified by the application-specific VPN configuration, the application-specific network adapter being created based on a determination that the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process” in light of other features as recited in independent claim 1 and similarly recited in independent claims 8 and 15. Dependent claims 2-7, 9-14 and 16-20 are allowed at least by virtue of their dependencies from the independent claims.

“Chang” (US 9,608,962) discloses a method that includes monitoring, by a client device, actions initiated by one or more applications installed on the client device, determining, by the client device, whether each of the initiated actions requires a secure data connection to transmit outbound data traffic, in response to detecting that one initiated action requires the secure data connection, automatically establishing, by the client device, the secure data connection to couple the client device to an enterprise network, and transmitting, by the client device, the outbound data traffic via the secure data connection.
Chang does not explicitly disclose a system, comprising: a client device comprising at least one processor; and a memory comprising machine-readable instructions, wherein the machine-readable instructions, when executed by the at least one processor, cause the client device to at least: identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file; identify an application-specific virtual private network (VPN) configuration based on the application identifier; and create and configure, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter is configured to use a domain name system (DNS) server and a subnet mask specified by the application-specific VPN configuration, the application-specific network adapter being created based on a determination that the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process.

“Burger et al.” (US 4,885,789) (Hereinafter Burger) discloses secure systems that provide a mechanism for a user device to establish a trusted path for direct communication with a system’s trusted computing base for security-critical operations.
Burger does not explicitly disclose a system, comprising: a client device comprising at least one processor; and a memory comprising machine-readable instructions, wherein the machine-readable instructions, when executed by the at least one processor, cause the client device to at least: identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file; identify an application-specific virtual private network (VPN) configuration based on the application identifier; and create and configure, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter is configured to use a domain name system (DNS) server and a subnet mask specified by the application-specific VPN configuration, the application-specific network adapter being created based on a determination that the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process.

“Amato” (US PGPUB 2014/0337628) discloses a system and a method for providing authenticated and secure communication between applications with a restricted data access policy that involves a secure data exchange using shared keychains.
Amato does not explicitly disclose a system, comprising: a client device comprising at least one processor; and a memory comprising machine-readable instructions, wherein the machine-readable instructions, when executed by the at least one processor, cause the client device to at least: identify an application identifier for an application based on at least one of: a binary file of the application, or a filesystem path to the binary file; identify an application-specific virtual private network (VPN) configuration based on the application identifier; and create and configure, by the monitoring application, an application-specific network adapter on the client device, wherein the application-specific network adapter is configured to use a domain name system (DNS) server and a subnet mask specified by the application-specific VPN configuration, the application-specific network adapter being created based on a determination that the application has begun execution on the at least one computing device based on detection of a fork call or a spawn call from the initialization process.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Johnny Aguiar whose telephone number is (571)272-3563. The examiner can normally be reached on Monday to Friday 7:30 am - 5:30 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on (571) 272-4036.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JOHNNY B AGUIAR/
Examiner, Art Unit 2447
March 16, 2021