Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).

Claims 1-20 of instant Application US 16/369438 are rejected on the ground of provisionary nonstatutory double patenting as being unpatentable over claims 1-20  of co-pending US Application US 16/421842. Although the conflicting claims are not identical, they are not patentably distinct from each other because the claims both in the present application and the US patent discloses a method and systems providing security to application (s) is/are remotely executed in the user device.
The table below shows the comparison of claims of the instant application with that of the US Application US 16/421842. 
Claim No.
Limitations of Instant Application       US16/369438
Limitations of the US patent 16/421842.
Claim No.
1 
A computing apparatus, comprising: a hardware platform, comprising a processor and a memory; and executable instructions encoded in the memory to provide a client- only virtual private network (VPN) comprising a VPN client and a VPN server on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services via the VPN server.
1. A computing apparatus, comprising: a hardware platform, comprising a processor and a memory; and executable instructions encoded in the memory to provide an unencrypted client-only virtual private network (VPN) comprising a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively 

13
13. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a client-only virtual private network (VPN), the instructions to: provide the client-only VPN on a single device, the client-only VPN comprising a VPN client and a VPN server, wherein the VPN client communicates with the VPN server via a local or loopback-only interface..
13. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a client-only virtual private network (VPN), the instructions to: provide the client-only VPN on a single device, the client-only VPN comprising a VPN client and a VPN server implementation, and being unencrypted.
13
19
19. A computer implemented method of providing a client-only virtual private network (VPN), comprising communicatively coupling to a local VPN server to establish a VPN tunnel through the VPN server for Internet protocol (IP) communications for a device local to the VPN server.
19. A computer implemented method of providing a client-only virtual private network (VPN), comprising communicatively coupling to an unencrypted local VPN server to establish a VPN tunnel through the local VPN server for Internet protocol (IP) communications for a device local to the VPN server.


19


	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, 5-7, 8, 13, 16 & 19 are rejected under 35 USC 103 as being unpatentable over Szabo (US20170339729 as mentioned IDS dated 7-16-2020 ) in view of Chanak (US 20180270201) 
Regarding Claim 1, :Szabo teaches:
a computing apparatus, comprising: a hardware platform, comprising a processor and a memory; and executable instructions encoded in the memory to provide a client- only virtual private network (VPN) comprising a VPN client and a VPN server on a single physical device, [0101] In the scenario of FIG. 7, the VPN service running on the user terminal 100 may thus be configured to provide both the VPN client and the VPN server 700 so as to locally establish the VPN tunnel 300. Thus, VPN tunnel establishment does in no way effect the network side, but provides the same advantages with respect to VPN-based analysis of end-to-end encrypted data traffic. Thus, packets of any further applications 1046 in the uplink can be accessed in the embodiment illustrated in FIG. 7 without requiring any support in the operator network, and the user terminal 100 may locally enforce the quality enhancement requirement (see step S1-32 in FIG. 2).
wherein the VPN client is configured to communicatively couple to the VPN server and to provide Internet protocol (IP) communication services via the VPN server.  [0100] With reference to FIG. 7, the VPN server 700 on the user terminal 100 could be realized in a similar manner as a TCP/UDP proxy terminates the flows received via the VPN tunnel 300 and creates protected flows going outside the VPN tunnel 300 (e.g., on-demand). The corresponding operations may be performed using a full TCP stack functionality in the VPN server 700 or a more simple mechanism, for example by copying the TCP stack states as deduced from the application flows.   
Although Szabo teaches VPN service, he does not teach explicitly, however, Chanak teaches to provide proxied Internet protocol (IP) communications, [0050] Referring to FIG. 5, in an exemplary embodiment, a flowchart illustrates a VPN method 500 for an intelligent, cloud-based global VPN. The VPN method 500 can be implemented through the VPN architecture 400. The VPN method 500 includes the client 410 connecting to the cloud system 100 through authentication (step 510). Once the authentication is complete, a VPN is established between the client 410 and a VPN server in the cloud system 100 and DNS for the client 410 is set to a DNS proxy 460 (step 520). Now, the client 410 has a secure VPN connection to the cloud system 100. Subsequently, the client 410 sends a request to the cloud system 100 via the DNS proxy 460 (step 530). Here, the request can be anything--request for the enterprise 404, the Internet 104, the SaaS/public cloud systems 402, etc. The DNS proxy 460 contacts the topology controller 450 with the identity of the user and the request (step 540). That is, whenever the client 410 wishes to reach a destination (Internet, Intranet, SaaS, etc.), it will consult the DNS proxy 460 to obtain the address of the destination.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Szabo with the disclosure of Chanak. The motivation or suggestion would have been to implement a system that will provide a efficient techniques provide a safe path from the cloud back to  data center (para 0002-0005 Chanak)  
Regarding Claims 5 & 16, Szabo teaches wherein the instructions are further to provide an operating system, and wherein the VPN server is to replace a built-in IP protocol stack for the operating system. [0075] Many operating systems (such as Android since Android version 4.0) provide a VPN service (including VPN tunnel establishment) have a built-in VPN service. VPN tunnel establishment therefore does not require any level of support in the user terminal 100 from, for example, its (e.g., cellular) network interfaces 106, 108. As such, the quality enhancement application 104A can be implemented as a program in conventional user memory 104 (such as an app downloadable for different types of user terminals 100 such as smartphones and tablet computers). 
Regarding Claim 6, Szabo teaches wherein the operating system is a closed operating system. [0075] Many operating systems (such as Android (closed operating system) since Android version 4.0) provide a VPN service (including VPN tunnel establishment) have a built-in VPN service.] 
Regarding claim 7,  although teaches VPN service, he does not teach, however,  Chanak teaches  wherein the instructions are further to provide a client-only DNS lookup via the VPN server. [0050] Referring to FIG. 5, in an exemplary embodiment, a flowchart illustrates a VPN method 500 for an intelligent, cloud-based global VPN. The VPN method 500 can be implemented through the VPN architecture 400. The VPN method 500 includes the client 410 connecting to the cloud system 100 through authentication (step 510). Once the authentication is complete, a VPN is established between the client 410 and a VPN server in the cloud system 100 and DNS for the client 410 is set to a DNS proxy 460 (step 520). Now, the client 410 has a secure VPN connection to the cloud system 100. Subsequently, the client 410 sends a request to the cloud system 100 via the DNS proxy 460 (step 530). Here, the request can be anything--request for the enterprise 404, the Internet 104, the SaaS/public cloud systems 402, etc. The DNS proxy 460 contacts the topology controller 450 with the identity of the user and the request (step 540). That is, whenever the client 410 wishes to reach a destination (Internet, Intranet, SaaS, etc.), it will consult the DNS proxy 460 to obtain the address of the destination.]
 Motivation is same as claim 2.
Regarding Claim 8, Szabo teaches wherein the VPN server provides a near-zero delay in establishing a VPN tunnel.  [0098] In the following, further embodiments of the present disclosure will be discussed that rely on the VPN service to signal the quality enhancement requirement towards the network. In these embodiments, a VPN tunnel 300 will also be established. However, the VPN tunnel 300 does not stretch into the network. Rather, the VPN tunnel 300 is terminated at the user terminal 100. It is obvious delay in establishing will be almost zero in time value]
Regarding claims 13 & 19, these claims are interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.

Claims 2-4, 9-12, 14-15, 17-18 & 20 are rejected under 35 USC 103 as being unpatentable over Szabo in view of Chanak and   Song, Y., ("Privacy Guard: A VPN-based Platform to Detect Information Leakage on Android Devices,"  as mentioned in IDS dated 7-16-2020)
Regarding Claims 2, 14 & 20, Szabo and Chanak although teach VPN service, they do not teach, however,  Song teaches wherein the VPN server is a full VPN server configured to intercept all IP traffic on the device.  [Section 1.0, page 16, left column: We present the design of PrivacyGuard, which we believe to be the first open-source1 VPN-based platform for Android that can intercept the network traffic of applications without requiring a remote VPN server.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Szabo and Chanak with the disclosure of Song. The motivation or suggestion would have been to implement a system that will provide a efficient techniques  detecting leaked information in higher percentage. (abstract, song)  
Regarding Claims 3 & 15,  Szabo and Chanak although teach VPN service, they do not teach, however,  Song teaches wherein the VPN server is a split VPN server configured to intercept only selected IP traffic on the device. [section:  2.2 Access Interception :We next discuss approaches that intercept an application's
access to sensitive data (selected IP traffic) and that block these accesses or modify the data before handing it over to applications.
Motivation is same as claim 2.
Regarding claim 4, Szabo and Chanak although teach VPN service, they do not teach, however, Song teaches wherein the instructions are to post the VPN server on a loopback network interface. [section 3.4 : We can use the VPNService class provided by the Android SDK starting with version 4.0. The VPNService class is abase class for applications to extend and build their own VPN solutions. In general, it creates a virtual network interface, configures addresses and routing rules, and returns a file descriptor to the application. Each read from the descriptor retrieves an outgoing packet that was routed to the interface. Each write to the descriptor injects an incoming packet such as that received from the interface. The interface is running on the IP layer, so packets always start with IP headers.]
Motivation is same as claim 2.
Regarding claim 9,  Szabo and Chanak although teach VPN service, they do not teach, however, Song teaches wherein the VPN server is configured to modify an outgoing packet before sending the outgoing packet. [ section 4.5.2 & fig 3: // change the request or response to shadow data public String modifyRequest(String request); public String modifyResponse(String response);]
Motivation is same as claim 2.
  Regarding claim 10,  Szabo and Chanak although teach VPN service, they do not teach, however,  Song teaches  wherein the VPN server is configured to intercept a response packet, and to modify the response packet before forwarding the response packet to an application. [ section 4.5.2 & fig 3: // change the request or response to shadow data public String modifyRequest(String request); public String modifyResponse(String response);]
Motivation is same as claim 2.
Regarding Claims 11 & 17,  Szabo and Chanak although teach VPN service, they do not teach, however, Song teaches  wherein the instructions are further to provide a security agent, wherein the security agent is to provide network security via the VPN server. [section 4.5.2: page 21, left column: Our source code for certificate generation and hostname lookup is from SandroProxy6 The usage of TLS interception has been controversial [20]. However, there are many benevolent use cases for TLS interception [15], and we argue that PrivacyGuard is one of them. First, we are transparent about PrivacyGuard and its purpose, and we let the phone owner himself/herself decide whether to install it. Second, PrivacyGuard uses the default TLS routines in Java for certificate checking and does not replace them with weakened ones, as is still done by many applications [16]. In turn, this implies that for many applications PrivacyGuard actually increases their security.]
Motivation is same as claim 2.
Regarding claims 12 & 18,  Szabo and Chanak although teach VPN service, they do not teach, however, Song teaches wherein the security agent is a sandboxed application in a closed operating system.  [section 4.5.2: page 21, left column: Our source code for certificate generation and hostname lookup is from SandroProxy6 The usage of TLS interception has been controversial [20]. However, there are many benevolent use cases for TLS interception [15], and we argue that PrivacyGuard is one of them. First, we are transparent about PrivacyGuard and its purpose, and we let the phone owner himself/herself decide whether to install it. Second, PrivacyGuard uses the default TLS routines in Java for certificate checking and does not replace them with weakened ones, as is still done by many applications [16]. In turn, this implies that for many applications PrivacyGuard actually increases their security. It is obvious to a skilled person that SandroProxy is installed in Android version 4.0 ( closed operating system) in VPN environment hence its is sandboxed with VPN environment.]
Motivation is same as claim 2.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497