/2021DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file previsions of the AIA .
This notice of allowance is in response to applicant’s amendments filed on 03/08/2021 and examiner initiated interview on 05/18/2021 and examiner’s amendments proposed on 05/18/2021.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action. The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.
Claim 1, 20, 38 and 40 are amended. No claim is added. Claim 9 and 12 were cancelled. Claim 18, 10-11 and 13-41 are pending.

EXAMINER’S AMENDMENTS
AN EXAMINER’S AMENDMENT TO THE RECORD APPEARS BELOW. SHOULD THE CHANGES AND/OR ADDITIONS BE UNACCEPTABLE TO APPLICANT, AN AMENDMENT MAY BE FILED AS PROVIDED BY 37 CFR 1.312. TO ENSURE CONSIDERATION OF SUCH AN AMENDMENT, IT MUST BE SUBMITTED NO LATER THAN THE PAYMENT OF THE ISSUE FEE. AUTHORIZATION FOR THIS EXAMINER’S AMENDMENT WAS GIVEN IN A TELEPHONE INTERVIEW AND VIA EMAIL WITH THE APPLICANT’S REPRESENTATIVE, ATTORNEY W. SCOTT PETTY, REG. #35645. PLEASE ENTER THE FOLLOWING CLAIM AMENDMENTS: PLEASE REPLACE CLAIM 1, 20, 38, and 40 WITH THE FOLLOWING:
1. (Currently Amended) A method for providing a cloud-based multi-function firewall, comprising:
	blocking, by a network-enabled device with a security appliance client, one or more network connections provided by [[a]] the network-enabled device, wherein the one or more network connections include network connections to an external network and to an internal network;

	transmitting the user information and the device information from the network-enabled device to an application program interface (API) server in a secure cloud to configure a virtual private network (VPN) connection between the secure cloud and the network-enabled device, wherein the user information includes a user configurable selection policy and the device information includes location information of the network-enabled device;
	permitting, by the 
	selecting, by the API server, a cloud server from the plurality of cloud servers in the secure cloud, wherein the selection is based on the user configurable selection policy, the location information of the network-enabled device, and location information of the plurality of cloud servers;
	receiving cloud information from the API server, the cloud information specifying the selected cloud server in the secure cloud;
	updating domain name service (DNS) and routing functions at the network-enabled device to forward network requests to the selected cloud server specified in the cloud information; and 
	establishing the VPN connection to the secure cloud for network services based on the cloud information, wherein network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the selected cloud server.

20.	(Currently Amended) A method for providing a cloud-based multi-function firewall, comprising: 
blocking, by a network-enabled device with a security appliance client, one or more network connections provided by [[a]]the network-enabled device, wherein the one or more network connections include network connections to an external network and to an internal network;

permitting, by an application program interface (API) server, the network-enabled device to access a plurality of cloud servers within a secure cloud, wherein the plurality of cloud servers are configured to route network traffic among the plurality of cloud servers located in one or more locations;
selecting, by the API server,  a first cloud server from the plurality of cloud servers in the secure cloud based on the user configurable selection policy, the location information of the network-enabled device, and location information of the plurality of cloud servers;
transmitting cloud information from the first cloud server to the network-enabled device, the cloud information identifying the first cloud server; and 
enabling the network-enabled device to establish a virtual private network (VPN) connection to the first cloud server for network services, wherein network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the first cloud server.

38.	(Currently Amended) A system for providing a cloud-based multi-function firewall, the system comprising one or more processors, memory, and one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for:
blocking, by a network-enabled device with a security appliance client, one or more network connections provided by [[a]]the network-enabled device, wherein the one or more network connections include network connections to an external network and to an internal network;
retrieving device information associated with the network-enabled device associated with a user;
transmitting the user information and the device information from the network-enabled device to an application program interface (API) server in a secure cloud to configure a virtual private network (VPN) connection between the secure cloud and the network-enabled device, 
permitting, by the 
selecting, by the API server, a cloud server from the plurality of cloud servers in the secure cloud, wherein the selection is based on the user configurable selection policy, the location information of the network-enabled device, and location information of the plurality of cloud servers;
receiving cloud information from the API server, the cloud information specifying the selected cloud server in the secure cloud;
updating domain name service (DNS) and routing functions at the network-enabled device to forward network requests to the selected cloud server specified in the cloud information; and 
establishing the VPN connection to the secure cloud for network services based on the cloud information, wherein network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the selected cloud server.

40.	(Currently Amended) A non-transitory computer-readable storage medium comprising a security appliance client installed on a network-enabled device to provide a cloud-based multi-function firewall, wherein the security appliance client includes instructions that when executed by the network-enabled device having one or more processors cause the one or more processors to perform instructions comprising:
blocking, by the security appliance client, one or more network connections provided by the network-enabled device, wherein the one or more network connections include network connections to an external network and to an internal network;
retrieving device information associated with the network-enabled device associated with a user;
transmitting the user information and the device information from the network-enabled device to an application program interface (API) server in a secure cloud to configure a virtual , wherein the user information includes a user configurable selection policy and the device information includes location information of the network-enabled device;
	permitting, by the 
receiving cloud information from the secure cloud, the cloud information specifying a cloud server selected from the plurality of cloud servers in the secure cloud and being generated by the API server in the secure cloud based on the user configurable selection policy, the location information of the network-enabled device, and location information of the plurality of cloud servers;
updating domain name service (DNS) and routing functions at the network-enabled device to forward network requests to the cloud server specified in the cloud information; and 
establishing the VPN connection to the secure cloud for network services based on the cloud information, wherein network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the cloud server.

ALLOWABLE SUBJECT MATTER
Claims 1-8, 10-11 and 13-41 are allowed in light of applicant’s amendments, examiner’s amendments and prior art(s) of record. 

EXAMINER’S STATEMENT OF REASONS FOR ALLOWANCE
Following is an examiner’s statement of reasons for the allowance:
As to claim 1, the prior arts of record do not teach or render obvious the limitations recited in claim 1, when taken in the context of the claims as a whole. Independent claim 1 recites, inter-alia, “transmitting the user information and the device information from the network-enabled device to an application program interface (API) server in a secure cloud to configure a virtual private network (VPN) connection between the secure cloud and the network-enabled device, wherein the user information includes a user configurable selection policy and the device information includes location information of the network-enabled device; selecting, by the API server, a cloud server from the plurality of cloud servers in the secure cloud, wherein the selection is based on the user configurable selection policy, the location information of the network-enabled device, and location information of the plurality of cloud servers”. None of the prior arts of on the record, either taken by itself or in any combination, would anticipate or made obvious the above limitation combined with other limitations recited in claim 1 at or before the time it was filed.
Examiner performed updated search and identified prior art, Subbarayan et al. (US20180337891) teaches selecting a target server based on the policies which could include location of the requesting client and location of the target server, but does not teach the policy is configurable by the user associated with network-enabled device.  Srinivasan et al. (US10362046) teaches transmitting user configurable security rules to the network to access the computing resource in the cloud, not selection rules to configure the VPN connection. Therefore the additional search does not yield other specific references that reasonably, either singularly or in combination with cited references, would result a proper rejection that would have made obvious the combination of all the steps disclosed in the independent claims 1 with proper motivation at or before the time it was effectively filed. 
Independent claim 20, 38-41 although are different, further recites similar limitations to those found in claim 1. Therefore, claim 8 and 15 are considered to be allowable for the same reason as discussed above.
Dependent claims 2-8, 10-11, 13-19, 21-37 
Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.''

CONCLUSION
Prior arts made of record, not relied upon: See PTO-892.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, to Taghi T. Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438