Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action

Claim(s) 1-6 and 8-21 is/are pending in this office action.
Claim(s) 6 is/are amended.
Claim(s) 21 is/are new.
Claim(s) 7 is/are cancelled.
Claim(s) 1-6 and 8-21 is/are rejected. Claim(s) 7 is/are cancelled. 
The indicated allowability of claims 8, 9, 12 and 13 are withdrawn in view of the newly discovered reference(s) to US Patent Publication No. 2018/0213574 issued to Bareket et al.  Rejections based on the newly cited reference(s) follow.

Response to Arguments
Applicant’s arguments, see pp.7-9, filed 10-23-2020, with respect to the rejection(s) of claim(s) 1-7, 10, 11 and 14-20 under 35 USC 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of US Patent Publication No. 2018/0213574 issued to Bareket et al.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-6 and 8-21 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US Patent Publication No. 2018/0213574 issued to Bareket et al. (Applicant IDS)

Regarding claim 1, Bareket teaches a non-transitory computer readable storage medium comprising instructions which, when executed, cause a machine to at least: 
in response to a first instruction from an operating system to establish a network tunnel, transmit a probe request to a server (¶35 - attempt may be detected by probing, for example, attaching, hooking and/or monitoring one or more services provided by an Operating System (OS) executed by the mobile device, […], services that are related to the network interface(s) of the mobile device may be probed to detect the attempt to connect to the wireless network; ¶36 - probing may be periodically repeated at pre-defined time intervals to monitor possible changes in the network connection, for example, establishing a valid internet connection after leaving a captive portal; ¶37 - connection to the VPN server is determined to be feasible (accessible), a VPN client may be automatically initialized (invoked, launched)); and 
in response to not receiving, from the server, a probe response to the probe request, report that the network tunnel has been established to prevent the operating system from transmitting subsequent instructions to establish the network connection until a response to a probe request is received (¶68 - probe agent 222 may further prevent transmission of data over the unsecure wireless network 210 while the VPN link is not operational due to one or more operational conditions, for example, the VPN client 224 and/or the VPN link is initializing, connecting, disconnecting, reconnecting, failed, the VPN server 214 is not available and/or the like; ¶71 - probe agent 222 stores at least some of the data that is prevented from being transmitted over the unsecure wireless network 210 while the VPN link is not operational. The stored data may be saved and transmitted to one or more remote locations on the internet 212, for example, a server, a cloud service and/or the like when the internet 212 is available for the mobile device).
 
Regarding claim 14, Bareket teaches an apparatus to implement a virtual private network with probe for network connectivity, the apparatus comprising: 
an interface to, in response to a first instruction from an operating system to establish a network tunnel (¶35-37 - services that are related to the network interface(s) of the mobile device may be probed to detect the attempt to connect to the wireless network), transmit a probe request to a server (¶35 - attempt may be detected by probing, for example, attaching, hooking and/or monitoring one or more services provided by an Operating System (OS) executed by the mobile device, […], services that are related to the network interface(s) of the mobile device may be probed to detect the attempt to connect to the wireless network; ¶36 - probing may be periodically repeated at pre-defined time intervals to monitor possible changes in the network connection, for example, establishing a valid internet connection after leaving a captive portal; ¶37 - connection to the VPN server is determined to be feasible (accessible), a VPN client may be automatically initialized (invoked, launched)); and 
a controller to, in response to not receiving, from the server, a probe response to the probe request, report that the network tunnel has been established to prevent the operating system from transmitting subsequent interactions to establish the network connection until a response to a probe request is received (¶68 - probe agent 222 may further prevent transmission of data over the unsecure wireless network 210 while the VPN link is not operational due to one or more operational conditions, for example, the VPN client 224 and/or the VPN link is initializing, connecting, disconnecting, reconnecting, failed, the VPN server 214 is not available and/or the like; ¶71 - probe agent 222 stores at least some of the data that is prevented from being transmitted over the unsecure wireless network 210 while the VPN link is not operational. The stored data may be saved and transmitted to one or more remote locations on the internet 212, for example, a server, a cloud service and/or the like when the internet 212 is available for the mobile device). 

Regarding claim 19, Bareket teaches a method to implement a virtual private network with probe for network connectivity, the method comprising: 
in response to a first instruction to establish a network tunnel, transmitting a probe request to a server (¶35 - attempt may be detected by probing, for example, attaching, hooking and/or monitoring one or more services provided by an Operating System (OS) executed by the mobile device, […], services that are related to the network interface(s) of the mobile device may be probed to detect the attempt to connect to the wireless network; ¶36 - probing may be periodically repeated at pre-defined time intervals to monitor possible changes in the network connection, for example, establishing a valid internet connection after leaving a captive portal; ¶37 - connection to the VPN server is determined to be feasible (accessible), a VPN client may be automatically initialized (invoked, launched)); and 
in response to not receiving, from the server, a probe response to the probe request, reporting, by executing an instruction with a processor, that the network tunnel has been established (¶68 - probe agent 222 may further prevent transmission of data over the unsecure wireless network 210 while the VPN link is not operational due to one or more operational conditions, for example, the VPN client 224 and/or the VPN link is initializing, connecting, disconnecting, reconnecting, failed, the VPN server 214 is not available and/or the like; ¶71 - probe agent 222 stores at least some of the data that is prevented from being transmitted over the unsecure wireless network 210 while the VPN link is not operational. The stored data may be saved and transmitted to one or more remote locations on the internet 212, for example, a server, a cloud service and/or the like when the internet 212 is available for the mobile device).

Regarding claim 2, Bareket teaches the non-transitory computer readable storage medium of claim 1, wherein the instructions, when executed, cause the machine to transmit a subsequent probe request to the server after a first duration of time (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection). 
The apparatus of claim 15 and the method of claim 20 are rejected for the same reasons set forth in the rejection of claim 2.

Regarding claim 3, Bareket teaches the non-transitory computer readable storage medium of claim 2, wherein the instructions, when executed, cause the machine to, in response to a subsequent response corresponding to the subsequent probe request from the server, report that the network tunnel has failed (¶40 - one or more indications are provided to a user of the mobile device, for example, a visual indication, an audible indication and/or the like to present the user of the VPN link status. The status indication may be presented during one or more phases of the VPN link establishment and/or connection, for example, connecting, connected, disconnected, re-connecting, failed and/or the like; ¶69 - probe agent 222 may provide the indication(s), for example, to present the status of the VPN link, for example, initializing, connecting, connected, disconnected, re-connecting, failed and/or the like). 
The apparatus of claim 16 is rejected for the same reasons set forth in the rejection of claim 3.

Regarding claim 4, Bareket  teaches the non-transitory computer readable storage medium of claim 3, wherein the instructions, when executed, cause the machine to report that the network tunnel has failed to cause the operating system to transmit a second instruction to re-establish the network tunnel (¶59 -  processor(s) 204 may further execute a VPN client 224 for establishing, maintaining and/or controlling a VPN link over the wireless network 210 with a VPN server 214 residing on the internet). 
The apparatus of claim 17 is rejected for the same reasons set forth in the rejection of claim 4.

Regarding claim 5, Bareket teaches the non-transitory computer readable storage medium of claim 4, wherein the instructions, when executed, cause the machine to: 
in response to the second instruction to establish the network tunnel, transmit a second probe request to the server (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection); and 
in response to receiving a response to the second probe request from the server: 
establish the network tunnel (¶66 - client 224 then establishes the VPN link with the VPN server 214 over the unsecure wireless network); and
report that the network tunnel has been established (¶70 - logged event entry(s) may be may be saved and uploaded to one or more remote locations on the internet 212, for example, a server, a cloud service and/or the like when the internet 212 is available for the mobile device 201. The logged event entry(s) may be used for, tracking, analysis, diagnosis and/or the like). 
The apparatus of claim 18 is rejected for the same reasons set forth in the rejection of claim 5.

Regarding claim 6, Bareket teaches the non-transitory computer readable storage medium of claim 3, wherein the instructions, when executed, cause the machine to: 
in response to not receiving the response to the probe request from the server, set a flag corresponding to no network access (¶60 - process 100 starts with the probe agent 222 initiated after detection of an attempt of the mobile device 201 to connect to a wireless network 210. The connection may typically be initiated, handled and/or managed by the network control module(s) 220. The network control module(s) 220 may report the attempt using one or more mechanisms, typically services provided by the OS, for example, a system call, a notification message, an interrupt event and/or the like. For example, the network control module(s) 220 and/or the OS may report a network change event, a network detection event and/or the like); 
in response to the subsequent response corresponding to the subsequent probe request from the server, clear the flag (¶62 - accessibility evaluated by the probe agent 222 verifies may include, for example, checking a connection to the internet 212, verifying available network port(s), authenticating a valid account for a VPN service provided by the VPN server 214 and/or the like. Therefore, in addition to verifying a valid connection to the internet 212, the probe agent 222 must verify the network port(s) required for establishing the VPN link is available and free); and 
inform at least one of a user, an application, or the operating system of a network connectivity based on the flag (¶69 - the probe agent 222 provides one or more indications to the user 250 through one or more of the user interface(s) 208, for example, a visual indication, an audible indication and/or the like. The probe agent 222 may provide the indication(s), for example, to present the status of the VPN link, for example, initializing, connecting, connected, disconnected, re-connecting, failed and/or the like).

Regarding claim 8, Bareket  teaches the non-transitory computer readable storage medium of claim 2, wherein the instructions, when executed, cause the machine to, in response to not receiving a subsequent response corresponding to the subsequent probe request from the server, transmit a second subsequent response after a second duration of time (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection. For example, the connection to the internet 212 through the unsecure wireless network 210 may be initiated from a captive portal which is a webpage the user 250 must view and/or interact with before granted access to the internet 212. The probe agent 222 may therefore repeatedly probe the network activity with the unsecure wireless network 210 to detect the connection to the internet 212 is valid after the user 250 leaves the captive portal).

Regarding claim 9, Bareket teaches the non-transitory computer readable storage medium of claim 8, wherein the first duration of time and the second duration of time are different (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection. For example, the connection to the internet 212 through the unsecure wireless network 210 may be initiated from a captive portal which is a webpage the user 250 must view and/or interact with before granted access to the internet 212. The probe agent 222 may therefore repeatedly probe the network activity with the unsecure wireless network 210 to detect the connection to the internet 212 is valid after the user 250 leaves the captive portal).

Regarding claim 10, Bareket  teaches the non-transitory computer readable storage medium of claim 1, wherein the instructions, when executed cause the machine to wait a threshold amount of time for receipt of the probe response before reporting that the network tunnel has been established (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection). 

Regarding claim 11, Bareket teaches the non-transitory computer readable storage medium of claim 1, wherein the instructions, when executed, cause the machine to, in response to not receiving the response to the probe request from the server, determine that there is at least one of no network access or limited network access (¶39 - Preventing the network traffic from bypassing the VPN link may significantly improve information security of the information entailed in the network traffic. Optionally, transmission of data over the unsecure wireless network is prevented while the VPN link is not operational due to one or more operational conditions, for example, initializing, connecting, disconnecting, reconnecting, failed and/or the like). 

Regarding claim 12, Bareket teaches the non-transitory computer readable storage medium of claim 1, wherein network connectivity is suspended during attempts to establish the network tunnel (¶39 - after the VPN link is established, one or more entries of the routing record may be adjusted, added and/or removed in order to prevent the data transfer of the mobile device from going through the unsecure wireless network without going through the VPN link. Preventing the network traffic from bypassing the VPN link may significantly improve information security of the information entailed in the network traffic). 

Regarding claim 13, Bareket teaches the non-transitory computer readable storage medium of claim 12, wherein the suspended network connectivity and repeated instructions to establish the network tunnel prevent authentication of a device running the operating system via a captive portal (¶63 - probe agent 222 may repeat probing the accessibility of the unsecure wireless network 210 periodically at pre-defined time intervals, for example, 1 second to monitor possible changes in the network connection. For example, the connection to the internet 212 through the unsecure wireless network 210 may be initiated from a captive portal which is a webpage the user 250 must view and/or interact with before granted access to the internet 212. The probe agent 222 may therefore repeatedly probe the network activity with the unsecure wireless network 210 to detect the connection to the internet 212 is valid after the user 250 leaves the captive portal).

Regarding claim 21, Bareket teaches the non-transitory computer readable storage medium of claim 1, wherein the network tunnel has not been established at a time that the report is provided (¶68 - probe agent 222 may further prevent transmission of data over the unsecure wireless network 210 while the VPN link is not operational due to one or more operational conditions, for example, the VPN client 224 and/or the VPN link is initializing, connecting, disconnecting, reconnecting, failed, the VPN server 214 is not available and/or the like. For example, the probe agent 222 may manipulate the routing record to prevent ingoing and/or outgoing network traffic. In another example, the probe agent 222 may implement a "kill switch" operation to prevent any data from being transmitted over the unsecure wireless network 210 until the mobile device 201 disconnects from the unsecure wireless network).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLARENCE D. MCCRAY whose telephone number is (571)270-7280 and the fax number is (571)270-8280.  The examiner can normally be reached on M - Th:  9-5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571)-272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-270-8280.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/CLARENCE D MCCRAY/
Examiner, Art Unit 2458

/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458