Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/29/2021 has been entered.

DETAILED ACTION 
This office action is in response to a communication received 6/29/2021, which amends claims 1 and 63, cancels claim 57, adds claim 68, and is hereby acknowledged.
Claims 1, 49-56 and 58-68 have been examined and are rejected.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/29/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejection - 35 USC § 112
The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 68 is rejected under 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 68 recites “The method of claim 63, further comprising performing one or more of the identification, assignment, and negotiation operations in response to a name service request for a name corresponding to the remote device.”
Support for these limitations cannot be found. 
As a matter of fact, the highlighted operations have already been performed in claim 63; receiving “a name service request for a name corresponding to the remote device” should not cause the same operations to be performed again. During an interview with the attorney of record, Ritwik Chatterjee, on 8/10/2021, Chatterjee agreed for the examiner to construe the claim as “The method of claim 63, wherein  the one or more of the identification, assignment, and negotiation operations is performed in response to a name service request for a name corresponding to the remote device.”
Further clarification and/or corrections are required.

Response to Arguments
On pgs. 7-8 of the response, the applicant’s arguments that ‘Hoover, individually or in combination with Shintaro, fails to teach or suggest the amended feature of "add the at least one remote network address to the reserved local network addresses based at least in part on identifying the at least one remote network address," as recited in amended independent claim 1’ have been fully considered and are persuasive. Upon further consideration, a new ground(s) of rejection is made in view of Furukawa (US 20080298367 A1).
Please see the Claim Rejections section below for details.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 51-55, 58-63 and 65-67 are rejected under pre-AIA  35 USC 103(a) as being unpatentable over Hoover et al. (US 20110167475 A1) in view of SHINTARO et al. (JP 2009171132 A) further in view of Furukawa (US 20080298367 A1).
As for claim 1, Hoover teaches:
A system for automatically avoiding address conflicts when communicating securely over a public network between a local device, associated with a local network, and a remote device, located outside the local network (Various aspects of the invention relate to techniques for resolving address conflicts between network addresses , 
the system comprising: a network driver; and at least one processor ([Fig. 2, PROCESSING UNIT 203]) configured to (the client computer may employ a virtual network interface card (also known as a virtual network adapter or just virtual adapter) to act as a node of the remote network: see [0012]):
identify local network addresses on the local network reserved for use; identify a block of local network addresses that do not conflict with the reserved local network addresses (the client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network, which collects address information from the network interfaces of the client computer and may obtain, for each network interface, the IP address for local resources such as the local gateway, Domain Name System (DNS) servers on the local network, Windows Internet Naming Service (WINS) servers on the local network, and the like, thereby identifying those addresses being used/reserved (and those that are not used/reserved): see [0011]):
select at least one local network address from the block; assign, to the network driver, the selected at least one local network address as an address of the local device for use in communicating with the remote device securely over the public network; and communicate with the remote device using the network driver based on the assigned at least one local network address (The address assignment server then selects an address for use by the client computer that does not conflict with those addresses in use: see [0011-0012]. Subsequently, the virtual private .

Hoover however does not explicitly teach:
select at least one local network address (from the block) based at least in part on a negotiation with the remote device using the block of local network addresses that do not conflict with the reserved local network addresses; 
In a similar field of endeavor, SHINTARO teaches 
the first home gateway negotiating with the remote home gateway to select a local network address that does not conflict with first reserved local network addresses on the first local network (The invention is to perform communications by reliably preventing the superimposition of a virtual address when virtually connecting LANs for one's home: see [Abstract].
The data relay equipment according to claim 1, characterized in that the virtual address determination means receives, from another data relay equipment, a virtual address the use of which is desired in the other network or a range of a virtual addresses when a session is established between the data relay equipment and the other data relay equipment, and determines the virtual address to be used in the network so as to avoid overlap with the received virtual address or the range of virtual addresses: see [Claim 4].
HGW(A)10 ... selects ... while avoid overlap with a virtual subnet under use in other VPN connection: see [0089].
between HGW(A)10 and HGW(B)40, the virtual address or range of virtual addresses desired to be used mutually between HGW(B)40 is exchanged as virtual address information, and a virtual address that matches the mutual condition is decided. Thus. it is possible to exchange the virtual address information of one's own network and the virtual address information of the destination and judge whether there is an overlap with the virtual address information under connection, and as a result, upon N versus N connection, overlap in virtual address can be reliably prevented and communication can be carried out: see [0092].
In other words, the reference describes matters corresponding to "select at least one local network address from the block based at least in part on a negotiation with the remote device using the block of local network addresses that do not conflict with the reserved local network addresses" of present claim 1);
It would have been obvious to one of ordinary skill in the art at the time the invention was made to utilize the teachings of SHINTARO for the first home gateway negotiating with the remote home gateway to select a local network address that does not conflict with first reserved local network addresses on the first local network. The teachings of SHINTARO, when implemented in the Hoover system, will enable selecting at least one local network address (from the block) based at least in part on a negotiation with the remote device using the block of local network addresses that do not conflict with the reserved local network addresses. One of ordinary skill in the art would be motivated to utilize the teachings of SHINTARO in the Hoover system in order perform communications by reliably preventing the superimposition of a virtual address when virtually connecting LANs for one's home: see SHINTARO [Abstract].

Hoover and SHINTARO together however do not explicitly teach:
identify at least one remote network address that lacks conflict with the selected at least one local network address of the remote device for use in communicating with the local device securely over the public network; add the at least one remote network address to the reserved local network addresses based at least in part on identifying the at least one remote network address; 
In a similar field of endeavor, Furukawa teaches 
assigning, when setting up a VPN, non-overlapping virtual network addresses to VPN sites to avoid conflict of network addresses among the VPN sites (One VPN (Virtual Private Network) is constructed between LANs of three sites A, B, and C. VPN routers 100A, 100B, and 100C are provided in sites A, B, and C, respectively, and are connected to LANs 200A, 200B, and 200C of the sites A, B, and C, respectively, plus the Internet 300: see [0019-0020].
The virtual address assignment unit 134 checks whether or not there is an overlapping private IP address among computers of the sites A, B, and C, by reference to the routing information collected from all VPN routers of the VPN. When an overlapping private IP address is found, the virtual address assignment unit 134 assigns virtual IP addresses which do not overlap within the VPN for the private IP address: see [0039].
overlapping network addresses of 10.0.0.0/24 and the LAN 200C has network addresses of 172.16.0.0/24. Accordingly, the virtual address assignment unit 134 assigns, for example, non-overlapping 20.0.0.0/24 as virtual network addresses for the LAN 200A and non-overlapping 30.0.0.0/24 as virtual network addresses for the LAN 200B: see [0039].
In other words, when adding sites B and C to site A in a VPN, the real network addresses of sites B and C have to be checked among the network addresses of sites A, B and C for overlapping.
When the above scenario is extended by setting up another VPN connection between site A and site D, in order for routing for both the VPN and the another VPN to work, the virtual address assignment unit has to check whether or not there is an overlapping network address among sites A, B, C and D (instead of just among computers of the sites A, B and C). 
In this example, the virtual address assignment unit checks if there is an overlapping private IP address between the real network address for site D and the set of network addresses including: (1) 10.0.0.0 (real network address for site A), (2) 20.0.0.0 (virtual network address for site A), (3) 30.0.0.0 (virtual network address for site B), (4) 176,16.0.0 (real network address for site C).
- before the first VPN was added, to (2) the set of network addresses comprising (1) 10.0.0.0 (real network address for site A), (2) 20.0.0.0 (virtual network address for site A), (3) 30.0.0.0 (virtual network address for site B), (4) 176,16.0.0 (real network address for site C) - after the first VPN was added. 
Or, put differently, after the first VPN is added, all virtual network addresses assigned to sites A, B and C have been added to the “reserved local network addresses” that becomes what needs to be checked against when adding another VPN connection.
In other words, after each time a VPN is established, new remote virtual network addresses that have been assigned to VPN sites have been “added” to the “reserved” local network addresses).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Furukawa’s teaching of assigning, when setting up a VPN, non-overlapping virtual network addresses to VPN sites to avoid conflict of network addresses among the VPN sites. The teachings of Furukawa, when implemented in the Hoover/SHINTARO system, will enable identify at least one remote network address that lacks conflict with the selected at least one local network address of the remote device for use in communicating with the local device securely over the public network, and adding the at least one remote network address to the reserved 
Therefore Hoover, SHINTARO and Furukawa together teach claim 1.

As for claim 51, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
wherein the network driver includes a first network driver for communicating securely and a second network driver, and the at least one processor is configured to assign the at least one local network address to the first network driver and not to the second network driver (Refer to Fig. 1, Computer 220B includes both a real address of 10.0.0.1 and a virtual address of 30.0.0.1. The virtual address is mainly for use when communicating with computers in remote networks: see [0063]);
Therefore Hoover, SHINTARO and Furukawa together also teach claim 51.

As for claim 52, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
wherein the local network addresses are private network addresses on the local network (Fig. 1, local network address is 10.0.0.1: see [Fig. 1, Real network address for Computer 220B is 10.0.0.1]);


As for claim 53, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
wherein, to communicate securely, the at least one processor is configured to encrypt packets transmitted to the remote device over the public network (VPN service is a service which enables exclusive communication between a host or a site and another host or site via a public network such as the Internet: see [0005].
The VPN connection controller 120 executes the VPN communication by means of, for example, IPsec (Internet Protocol Security), which encrypts data for communication: see [0020]);
Therefore Hoover, SHINTARO and Furukawa together also teach claim 53.

As for claim 54, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
a host communicating with a remote host over the public network using a secure communication (VPN service is a service which enables exclusive communication between a host or a site and another host or site via a public network such as the Internet: see [0005]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 54.

As for claim 55, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
wherein, to communicate securely, the at least one processor is configured to control the network driver to communicate with the remote network device using a communication link over a virtual private network (VPN service is a service which enables exclusive communication between a host or a site and another host or site via a public network such as the Internet: see [0005]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 55.

As for claim 58, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Hoover, SHINTARO and Furukawa together do not explicitly teach:
wherein the one or more processors are configured to remove selected at least one local network address from the reserved local network addresses when a communication session between the local device and the remote device ends (Identify addresses being used/reserved. An IP address is selected for the virtual network adapter that will not conflict with the IP address of the physical network adapter being used by the client computer: see Hoover [0011-0012].
In other words, when the communication session ends, the corresponding address is available for use, thus effectively removed from the reserved list).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 58.

As for claim 59, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
wherein each of the local network addresses includes an IP address and network mask (see [Fig. 1, Fig. 1, LAN: 10.0.0.0/24 - every device connected to the LAN has the address of 10.0.0.x (x=1 to 255) and network mask of 255.255.255.0]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 59.

As for claim 60, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
using a network address translator to translate the selected at least one local network address to a private address of the local device on the local network (The VPN connection controller 120 has an NAT (Network Address Translator) unit 124. The NAT unit 124 refers to a conversion rule 126 and converts between the real IP address (that is, the original private IP address) and the virtual IP address for the source and destination IP addresses: see [0035]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 60.

As for claim 61, it has been established that Ho Hoover, SHINTARO and Furukawa together teach claim 1. 

Additionally, Furukawa teaches:
wherein the one or more processors are further configured to perform one or more of the identification, assignment, and negotiation operations in response to a name service request for a name corresponding to the remote device (VPN routers 100A, 100B, and 100C are provided in sites A, B, and C, respectively. The VPN routers 100A, 100B, and 100C are connected to the Internet 300. The VPN routers 100A, 100B, and 100C are also connected to LANs 200A, 200B, and 200C of the sites A, B, and C, respectively. A computer 220A and a master DNS (Domain Name System) 240A are connected to the LAN 200A, and a computer 220B and a master DNS 240B are connected to the LAN 200B: see [0020].
In this system, the virtual IP address which is automatically assigned is reflected in the DNS (Domain Name System) so that the virtual IP address can be resolved from the host name of the computer: see [0026]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 61.

As for claim 62, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Additionally, Furukawa teaches:
a host communicating with a remote host using a VPN connection (VPN service is a service which enables exclusive communication between a host or a site and another host or site via a public network such as the Internet: see [0005]).
Therefore Hoover, SHINTARO and Furukawa together also teach claim 62.

As for claim 63, since it contains similar limitations as in claim 1, the same rationale is used where applicable, and therefore Hoover, SHINTARO and Furukawa together also teach claim 63.

As for claim 65, since it contains similar limitations as in claim 51, the same rationale is used where applicable, and therefore Hoover, SHINTARO and Furukawa together also teach claim 65.

As for claim 66, since it contains similar limitations as in claim 53, the same rationale is used where applicable, and therefore Hoover, SHINTARO and Furukawa together also teach claim 66.

As for claim 67, since it contains similar limitations as in claim 59, the same rationale is used where applicable, and therefore Hoover, SHINTARO and Furukawa together also teach claim 67.

Claims 49-50 and 64 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Hoover in view of SHINTARO and Furukawa further in view of Danford et al. (US 20090036111 A1).
As for claim 49, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Hoover, SHINTARO and Furukawa together do not explicitly teach:
wherein the remote device is a mobile device.
In a similar field of endeavor, Danford teaches:
a mobile device supporting virtual private network (the functionality of many mobile devices have been extended to include cellular and wireless local area network (WLAN) communications interfaces, as well as virtual private network (VPN) and other client applications: see [0003]);
It would have been obvious to one of ordinary skill in the art at the time the invention was made to utilize the teachings of Danford for a mobile device supporting virtual private network. The teachings of Danford, when implemented in the Hoover/SHINTARO/Furukawa system, will enable the remote device being a mobile device. One of ordinary skill in the art would be motivated to utilize the teachings of Danford in the Hoover/SHINTARO/Furukawa system in order to support virtual private network in mobile devices: see Danford [0003].
Therefore Hoover, SHINTARO, Furukawa and Danford together teach claim 49.

As for claim 50, it has been established that Hoover, SHINTARO and Furukawa together teach claim 1.
Hoover, SHINTARO and Furukawa together do not explicitly teach:
wherein the network driver is a software module.
In a similar field of endeavor, Danford teaches:
assigning an IP address to a virtual network driver (Further to the applications that are installed on the actual mobile device, one or more virtual drivers may be installed in the virtual instance so that the virtual instance of the mobile can communicate with other devices. Examples of those virtual drivers are virtual network driver and virtual flash driver. Virtual network driver is installed along with other applications in the virtual instance so that the virtual instance can communicate with actual mobile device and other hosts (such as enterprise applications and the like). In this approach, the virtual network driver can be assigned an IP address to communicate in and out of the virtual instance: see [0063].
The virtual drivers become part of the software image on the mobile device: see [0057]);
It would have been obvious to one of ordinary skill in the art at the time the invention was made to utilize the teachings of Danford for assigning an IP address to a virtual network driver. The teachings of Danford, when implemented in the Hoover/SHINTARO/Furukawa system, will enable the network driver being a software module. One of ordinary skill in the art would be motivated to utilize the teachings of Danford in the Hoover/SHINTARO/Furukawa system in order to support virtual private network in mobile devices: see Danford [0003].
Therefore Hoover, SHINTARO, Furukawa and Danford together also teach claim 50.

As for claim 64, since it contains similar limitations as in claim 50, the same rationale is used where applicable, and therefore Hoover, SHINTARO, Furukawa and Danford together also teach claim 64.

Claim 56 is rejected under 35 U.S.C. 103 as being unpatentable over Hoover in view of SHINTARO and Furukawa further in view of Fujimoto et al. (US 20040054902 A1).
As for claim 56, it has been established that Hoover, SHINTARO and Furukawa together teach claim 55.
Hoover, SHINTARO and Furukawa together do not explicitly teach:
wherein, for the communication link over the virtual private network, the at least one processor is configured to encapsulate at least one of a private address of the local device or a private address of the remote device with the selected at least one local network address and to encrypt the at least one of the private address of the local device or the private address of the remote device.
In a similar field of endeavor, Fujimoto teaches:
the system using IPsec to provide both encryption and encapsulation functions to local/remote addresses and the data (VPN service is a service which enables exclusive communication between a host or a site and another host or site via a public network such as the Internet: see [0005].
The VPN router 100A encapsulates the packet in accordance with a VPN method such as IPsec (the tunnel mode of which encrypts both local/remote addresses and data), and transmits the encapsulated packet to the VPN router 100B tunneling through the Internet 300. Upon receipt of the encapsulated packet, the VPN router 100B decapsulates the capsule, ;
It would have been obvious to one of ordinary skill in the art at the time the invention was made to utilize the teachings of Fujimoto for the system using IPsec to provide both encryption and encapsulation functions to local/remote addresses and the data. The teachings of Fujimoto, when implemented in the Hoover/SHINTARO/Furukawa system, will enable the one or more processors encapsulating at least one of a private address of the local device or a private address of the remote device with the selected at least one local network address and encrypting the at least one of the private address of the local device or the private address of the remote device. One of ordinary skill in the art would be motivated to utilize the teachings of Fujimoto in the Hoover/SHINTARO/Furukawa system in order to provide a system wherein the terminal accesses the data base from any one of the networks with keeping secrecy by the IP capsule encrypted communications: see Fujimoto [0012].
Therefore Hoover, SHINTARO, Furukawa and Fujimoto together teach claim 56.

Claim 68 is rejected under 35 U.S.C. 103 as being unpatentable over Hoover in view of SHINTARO and Furukawa further in view of Larson et al. (US 20040054902 A1).
As for claim 68, it has been established that Hoover, SHINTARO and Furukawa together teach claim 63.
between a local device and a remote device by performing one or more of the identification, assignment, and negotiation operations.
Hoover, SHINTARO and Furukawa together do not explicitly teach:
wherein, one or more of the identification, assignment, and negotiation operations in response to a name service request is performed for a name corresponding to the remote device.
In a similar field of endeavor, Larson teaches:
a client device issuing a DNS request, causing a VPN to be established between the client and the requested target (the client's DNS request would be received by the DNS proxy server 2610, which would forward the request to gatekeeper 2603. The gatekeeper would establish a VPN between the client and the requested target: see [0260]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to utilize the teachings of Larson for a client device issuing a DNS request, causing a VPN to be established between the client and the requested target. The teachings of Larson, when implemented in the Hoover/SHINTARO/Furukawa system, will enable performing one or more of the identification, assignment, and negotiation operations in response to a name service request for a name corresponding to the remote device. One of ordinary skill in the art would be motivated to utilize the teachings of Larson in the Hoover/SHINTARO/Furukawa system in order to provide a secure mechanism for communicating over the internet, including a protocol referred to as the Tunneled Agile Routing Protocol (TARP), which uses a unique two-layer encryption format and special TARP routers.: see Larson [0009].


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHEN-LIANG HUANG whose telephone number is (571)272-4883. The examiner can normally be reached on Monday - Thursday, 7:30AM - 5:00PM PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 571-272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/C. H./
Examiner, Art Unit 2458

/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458