DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1:
In step 1 of the claim, it is unclear as to what is the function performed. The step recites functions of connecting of the authentication box and apparatus, exchange of information and receiving of information. The claim is unclear in reciting which of these functions is a step.
In step 2 of the claim, it does not recite function to be performed as part of the method step. The step describes how the connecting apparatus and intermediary server are connected but does not describe the function to be performed.
In step 3 of the claim, it does not recite function to be performed as part of the method step. Step 3 describes that a virtual hub is created by the intermediary server, authentication box and the connecting apparatus but does describe the function to be performed.
claim 2:
	The claim is indefinite because it recites “simultaneously in step 1” but fails to describe during which part of step 1 is the request code transmitted simultaneously to, especially when Step 1 of claim recites multiple functions as mentioned in the 112(b) rejection of claim 1. The specification paragraphs [0048] and [0054], and fig. 1b, 2b and 3a are also silent in providing clarity as to which action of step 1 in claim 1 is simultaneous to request code.
Regarding claim 4:
	The claim recites that the authentication box and the connecting apparatus access to each other via the internet directly after step 4. The claim is indefinite because it fails to point out whether the authentication box and the connecting apparatus directly access each other via the internet or whether they access each other via the internet, directly after step 4. 

Claims 3 and 5-9 are also rejected based on their dependency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.





Claims 1-3 and 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pat. Appl. Publ’n No. 2011/0202988 A1 to Otranen et al. hereinafter(“Otranen”), in view of source SoftEther VPN Project 3.4 Virtual Functions, hereinafter (“SoftetherVPN”)

Regarding claim 1, Otranen teaches:
	A device authentication method comprising:
step 1: an authentication box (Otranen, Fig. 1, authentication server 105) and a connecting apparatus (Otranen, Fig. 1, UE 103) are electrically connected to a trusted network (Otranen, Fig. 1, ¶ [0028], communication network 109 includes one or more networks where one of the networks may be trusted network like LAN or WAN) through which information is exchanged between the authentication box and the connecting apparatus and authentication information is received by the connecting apparatus (Otranen, Fig. 3, information exchange 501-505 between client application 111, part of UE, and the authentication server 105. Client receives authentication information in the form of authentication context which includes token or cookie); 
step 2: the connecting apparatus is electrically connected to an extranet (Otranen, Fig. 1, ¶ [0028], communication network 109 includes one or more networks where one of the networks may be extranet such as metropolitan area network, WAN, wireless network such as EDGE, GSM etc.) through which both the connecting apparatus and an intermediary server (Otranen, Fig. 1, proxy server 101 is the intermediary server) are electrically connected with each other (Otranen, Fig. 1, communication network 109 has to be electrically connected to the devices in the network); 
…
step 4: the connecting apparatus is authenticated by the authentication box based on the authentication information (Otranen, Fig. 5, ¶ [0051], client application 111 of the UE is authenticated by the authentication server 105 based on the authentication information).
Otranen does not teach the limitation that a virtual hub network is created by the intermediary server and electrically connected with both the authentication box and the connecting apparatus. SoftetherVPN remedies and teaches that a virtual hub network can be created by the proxy server connected with the authentication server and the client (SoftetherVPN, page 3, vpn client in smartphones connected to virtual hub through VPN tunnel that connects to existing servers and PCs or cascades to other servers that can perform authentication, see page 2 for authentication functions performed by SoftEther VPN). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Otranen with the teachings of SoftetherVPN to have a virtual hub network created by the proxy server connected to the authentication server and client with the motivation to virtualize the communication between client and the application servers accessed by the client for the purpose of secure traffic across the network and information exchange among devices on different networks.

Regarding claim 2, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein a request code is transmitted to the authentication box by the connecting apparatus simultaneously in step 1 (Otranen, Fig. 5, ¶[0049], request code in the form of credentials are transmitted to the authentication server 105 by UE client application 111).

Regarding claim 3, Otranen in view of SoftetherVPN teaches: 
The device authentication method as claimed in claim 1 wherein the authentication information transmitted to the intermediary server by the connecting apparatus (Otranen, Fig. 5, ¶ [0050], authentication context is transmitted to the proxy server 101 by UE client application 111 at request 507) is checked and authenticated in the intermediary server by the authentication box (Otranen, Fig. 5, ¶ [0050-0052], at requests 507-515 the authentication information is checked and authenticated in the proxy server by the authentication box by verifying the token/cookie) first after step 2.
 
Regarding claim 6, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein an electric connection is available via a wired or wireless network (Otranen, ¶ [0028], communication network 109 includes one or more networks where networks may be LAN or WAN or wireless communications like GPRS, GSM, WiMAX, WLAN etc.)

claim 7, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein encryption communications is available between the authentication box and the connecting apparatus (Otranen, ¶ [0041-0042], cookie generated and sent by the authentication server to the UE client is encrypted which means that encryption communication is available between the authentication server and UE client).

Regarding claim 8, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein the authentication information matches information about a physical address of the connecting apparatus (Otranen, ¶ [0022], authentication information may include credentials like network address filtering, biometrics and so on.).

Regarding claim 9, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein the authentication box is configured to link multiple back-end resources (Otranen, ¶ [0019], authentication server communication with backend resources such as application server for verification and validation allowing authentication server to communicate with such backend resources).

Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pat. Appl. Publ’n No. 2011/0202988 A1 to Otranen et al. hereinafter(“Otranen”), in view of source SoftEther VPN Project 3.4 Virtual Functions, hereinafter (“SoftetherVPN”), further in view of U.S. Pat. Appl. Publ’n No. 2013/0046976  A1 to Rosati et al. hereinafter(“Rosati”)
Regarding claim 4, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 1 wherein the authentication box and the connecting apparatus access to each other … after step 4 (Otranen, Fig. 5, ¶ [0050-0051], UE client application and authentication server in communication after authentication step).
(Rosati, Fig. 9, ¶ [0042], user device 10 accesses authentication server 12 directly over public network 8). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Otranen and SoftetherVPN with the teachings of Rosati to enable mobile device outside of a private network establish communication with private network over public network that could be wired or wireless with the motivation of utilizing various protocols and utilizing various interfaces like WAN, LAN or PAN(personal area network) using public/private key cryptography to connect devices on different networks. (Rosati, ¶ [0025-0026])

Regarding claim 5, Otranen in view of SoftetherVPN teaches:
The device authentication method as claimed in claim 4.
The combination of Otranen and SoftetherVPN does not teach the limitation that a privacy network or privacy equipment is accessed by the connecting apparatus through the authentication box. Rosati remedies and teaches that a privacy network or privacy equipment is accessed by the connecting apparatus through the authentication box (Rosati, Fig. 9, ¶ [0031 and 0042], private network is accessed by mobile computing device through authentication server 12). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Otranen and SoftetherVPN with the teachings of Rosati to enable mobile device outside of a private network establish communication with private network over public network that could be wired or wireless with the motivation of utilizing various protocols and utilizing various interfaces like WAN, LAN or PAN(personal area network) using public/private key cryptography to connect devices on different networks establishing a virtual private network to allow access to applications and/or servers in the private network through the authentication server of the virtual network. (Rosati, ¶ [0025-0026, 0042])


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Venkatanaranappa et al., U.S. Pat. Appl. Publ’n No. 2015/0121500 A1 discloses a system of network devices that require multiple authentication levels for accessing networks
Segre et al., U.S. Pat. Appl. Publ’n No. 2011/0252230 A1 discloses a system, method and computer program product to provide secure access to a private network through public network
Glazemakers et al., U.S. Patent No. 9,148,408 B1 discloses systems and methods for creating tunnel VPN to access backend resources through gateway where user is authenticated first via authentication server outside of the network tunnels.
Ahmed et al., U.S. Pat. Appl. Publ’n No. 2013/0227291 A1 discloses method of establishing secure communications between user device, a proxy, a Kerberos authentication server and application servers in the backend using Kerberos authentication server and Kerberos ticket granting server.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NIRAV SHAH whose telephone number is (408)918-7592.  The examiner can normally be reached on Monday - Thursday and alternate Fridays, 7:30-4:30 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/N.C.S./Examiner, Art Unit 2493  

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493