Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 09/01/2021 have been received and entered. Applicant has amended claims 1, 11, 12 and 13. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments page 5, with respect to the Double Patenting Rejection have been fully considered and are not persuasive. Applicant has not traversed the rejections; therefore, the Double Patenting Rejections have been maintained.
Applicant’s arguments, see Applicant Arguments pages 5-6, with respect to the rejection(s) of the independent claim(s) 1 (and 13) under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of CHAMPAGNE et al. (US 20150052599), hereinafter CHAMPAGNE in view of SHULMAN et al. (US 20170093824), hereinafter SHULMAN.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting over the following co-pending Application:
	a) Co-pending application No. 16369438, which is directed towards providing client-only virtual 	private network (VPN).
	The subject matter claimed in the instant application is fully disclosed in the referenced co pending application and would be covered by any patent granted on that co-pending application since the referenced co-pending application and the instant application are claiming common subject matter 
	A side-by-side comparison of claims 1, 13, and 19 of the pending application and claims 1, 13, and 19 of the co-pending application is given in the following table to show their similarities and differences:
Instant US Patent Application 16/421842
Co-Pending Application 16/369438
1. A computing apparatus, comprising: a hardware platform, comprising a processor and a memory; and executable instructions encoded in the memory to provide an unencrypted client-only virtual private network (VPN) comprising a VPN client and a VPN server implementation on a single physical device, 
1. A computing apparatus, comprising: a hardware platform, comprising a processor and a memory; and executable instructions encoded in the memory to provide a client- only virtual private network (VPN) comprising a VPN client and a VPN server on a single physical device, 
1. wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services.
1. wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services via the VPN server.
Instant US Patent Application 16/421842
Co-Pending Application 16/369438
13. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a client-only virtual private network (VPN), the instructions to: 
13. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a client-only virtual private network (VPN), the instructions to: 
13. provide the client-only VPN on a single device, the client-only VPN comprising a VPN client and a VPN server implementation, and being unencrypted.
13. provide the client-only VPN on a single device, the client-only VPN comprising a VPN client and a VPN server, wherein the VPN client communicates with the VPN server via a local or loopback-only interface.
Instant US Patent Application 16/421842
Co-Pending Application 16/369438

19. A computer implemented method of providing a client-only virtual private network (VPN), comprising communicatively coupling to a local VPN server to establish a VPN tunnel through the VPN server for Internet protocol (IP) communications for a device local to the VPN server.

	Therefore because unencrypted client-only VPN has no association or effect on the remainder of the claim and is known in the art, i.e. the claim is merely arranging old elements with each performing the same function it had been known to perform and yields no more than one would expect from such an arrangement, KSR makes clear that the combination is obvious; See MPEP § 2141(1).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 6-8, 13, 16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CHAMPAGNE et al. (US 20150052599), hereinafter CHAMPAGNE in view of Szabo et al. (US 20170339729), hereinafter Szabo in view of SHULMAN et al. (US 20170093824), hereinafter SHULMAN.
	Regarding Claim 1, CHAMPAGNE teaches
	A computing apparatus, comprising: a hardware platform, comprising a processor and a memory (Para [0007] In one aspect of the present invention, a method of communicating or transmitting data through a VPN tunnel between an app on a device and a VPN gateway is described. Para [0022] FIGS. 12A and 12B are block diagrams of a computing system suitable for implementing various embodiments of the present invention);
Para [0038] There are several examples of operating systems for smart phones such as iOS (for the iPhone), Android (used on handsets from various manufacturers), Windows Mobile 7, Web O/S, Palm, and others. … Para [0059] Generally, there is software on the device, such as a smartphone, tablet, PC, or other Internet-enabled device, that allows it to make a VPN connection to a gateway device. … A secure form of IPC may be used to communicate between the processes in the case of a "federated" application. As described in more detail below, IPSec packets may be built for each wrapped app (each wrapped app operating in its own sandbox, that is, outside the device operating system)); and
	inspect a network transaction from a sandboxed application to a network service; and take a security action based at least in part on the inspection (Para [0067] FIG. 8 is a flow diagram of a process of implementing an app VPN in accordance with one embodiment of the present invention. A security-wrapped app in sandbox 704 executes in a normal manner and in the process makes calls to the device operating system, some of which require communication over a VPN. Para [0082] At the center of the gateway's capabilities is the ability to terminate a large number of private connections. These connections may use VPN/SSL, IKE/IPSEC or other protocols or standards. … Another central capability of the gateway is the ability to enforce a higher level of authentication or security between a wrapped app and the gateway. As noted, one feature of this is the ability of a wrapped app to report a jail broken or rooted device. Another capability of the gateway is getting detailed traffic data related to data packets coming from and going to wrapped apps).
	CHAMPAGNE does not explicitly teach executable instructions encoded in the memory to: provide an unencrypted client-only virtual private network (VPN) comprising a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server.
	In the same field of endeavor Szabo teaches
Para [0101] In the scenario of FIG. 7, the VPN service running on the user terminal 100 may thus be configured to provide both the VPN client and the VPN server 700 so as to locally establish the VPN tunnel 300. Thus, VPN tunnel establishment does in no way effect the network side, but provides the same advantages with respect to VPN-based analysis of end-to-end encrypted data traffic. Thus, packets of any further applications 1046 in the uplink can be accessed in the embodiment illustrated in FIG. 7 without requiring any support in the operator network, and the user terminal 100 may locally enforce the quality enhancement requirement (see step S1-32 in FIG. 2)),
	wherein the VPN client is configured to communicatively couple to the VPN server (Para [0100] With reference to FIG. 7, the VPN server 700 on the user terminal 100 could be realized in a similar manner as a TCP/UDP proxy terminates the flows received via the VPN tunnel 300 and creates protected flows going outside the VPN tunnel 300 (e.g., on-demand). The corresponding operations may be performed using a full TCP stack functionality in the VPN server 700 or a more simple mechanism, for example by copying the TCP stack states as deduced from the application flows).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by CHAMPAGNE to incorporate the teachings of Szabo such that the device of CHAMPAGNE includes executable instructions encoded in the memory to: provide an unencrypted client-only virtual private network (VPN) comprising a VPN client and a VPN server implementation on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server. One would have been motivated to make such combination in order to provide both the VPN client and the VPN server so as to locally establish the VPN tunnel. (Szabo, para [0101]).
to provide plain-text proxied Internet protocol (IP) communication service.
	In the same field of endeavor, SHULMAN teaches
	to provide plain-text proxied Internet protocol (IP) communication service (Para [0041] …Accordingly, the security gateway 102 can be configured as a reverse proxy, transparent proxy, etc., and thus "terminate" the desired connection between the client end stations 104A-104N and the server application(s) 108A-108M. Additionally, in some embodiments the path further includes a connection within the security gateway 102.  Para [0042] According to some embodiments, at least one of (or both of) the client-gateway connections 122 and gateway-server connections 124 are secure (e.g., encrypted) connections, such as TCP/IP (Transmission Control Protocol/Internet Protocol) connections secured a using transport layer security protocol such as SSL or TLS. Thus, in some embodiments both of the client-gateway connections 122 and gateway-server connections 124 are secure connections, but in some embodiments when the client-gateway connections 122 are secure connections, some (or all) of the gateway-to-server connections 124 may be non-secure or " plaintext" connections (e.g., TCP/IP without any transport layer security protocol being utilized). …).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by the combination of CHAMPAGNE and Szabo to incorporate the teachings of SHULMAN such that the device of the combination of CHAMPAGNE and Szabo is able to provide plain-text proxied Internet protocol (IP) communication service. One would have been motivated to make such combination so that when the client-gateway connections are secure connections, some (or all) of the gateway-to-server connections may be non-secure or " plaintext" connections. (SHULMAN, para [0042]).
	Regarding Claim 5, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
Szabo, Para [0075] Many operating systems (such as Android since Android version 4.0) provide a VPN service (including VPN tunnel establishment) have a built-in VPN service. VPN tunnel establishment therefore does not require any level of support in the user terminal 100 from, for example, its (e.g., cellular) network interfaces 106, 108. As such, the quality enhancement application 104A can be implemented as a program in conventional user memory 104 (such as an app downloadable for different types of user terminals 100 such as smartphones and tablet computers)).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 6, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 and claim 5 above,
	wherein the operating system is a closed operating system (Szabo, Para [0075] Many operating systems (such as Android (closed operating system) since Android version 4.0) provide a VPN service (including VPN tunnel establishment) have a built-in VPN service).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 7, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the instructions are further to provide a client-only DNS filtering service (CHAMPAGNE, Para [0054] Another use case is back-up and recovery of app data in which IT security administrators and governors have data revision control and can implement app and device content migration through back-up and restore operations. In another use case is network traffic monitoring. The app on the mobile device may be brought under the visibility of existing enterprise IDS/IPS/Web filtering infrastructure to allow for inspection and control of app communications. The app security program can also integrate with third-party DNS services, such as Symantec's DNS service to identify malware).
Regarding Claim 8, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the VPN provides a near-zero delay in establishing a VPN tunnel (Szabo, Para [0098] In the following, further embodiments of the present disclosure will be discussed that rely on the VPN service to signal the quality enhancement requirement towards the network. In these embodiments, a VPN tunnel 300 will also be established. However, the VPN tunnel 300 does not stretch into the network. Rather, the VPN tunnel 300 is terminated at the user terminal 100). Examiner notes that it is obvious that the delay in establishing will be almost zero in time value.
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claims 13 and 19, 
Claims 13 and 19 are rejected for similar reasons as in claim 1.
	Regarding Claim 16, 
Claim 16 is rejected for similar reasons as in claim 5.	
Claims 2, 3, 9-12, 14, 15, 17, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CHAMPAGNE et al. (US 20150052599), hereinafter CHAMPAGNE in view of Szabo et al. (US 20170339729), hereinafter Szabo in view of SHULMAN et al. (US 20170093824), hereinafter SHULMAN in view of Yichang Song et al. (IDS dated 07/16/2020; PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices), hereinafter Song. 
	Regarding Claim 2, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	The combination of CHAMPAGNE, Szabo, and SHULMAN does not explicitly teach wherein the VPN is a full VPN configured to intercept all IP traffic on the device.
	In the same field of endeavor, Song teaches
Section 1.0, page 16, left column, We present the design of PrivacyGuard, which we believe to be the first open-source1 VPN-based platform for Android that can intercept the network traffic of applications without requiring a remote VPN server).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by the combination of CHAMPAGNE, Szabo, and SHULMAN to incorporate the teachings of Song such that the device of the combination of CHAMPAGNE, Szabo, and SHULMAN includes wherein the VPN is a full VPN configured to intercept all IP traffic on the device. One would have been motivated to make such combination in order to implement a system that will provide efficient techniques detecting leaked information in higher percentage (Song, Abstract).
	Regarding Claim 3, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the VPN is a split VPN configured to intercept only selected IP traffic on the device (Song, section: 2.2 Access Interception :We next discuss approaches that intercept an application's access to sensitive data (selected IP traffic) and that block these accesses or modify the data before handing it over to applications).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 9, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the VPN is configured to modify an outgoing packet before sending the outgoing packet (Song, section 4.5.2 & fig 3: //change the request or response to shadow data public String modifvRequest(String request); public String modifvResponse(Strina response)).
	The motivation/rationale to combine the references is similar to claim 2 above.
Regarding Claim 10, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the VPN is configured to intercept a response packet, and to modify the response packet before forwarding the response packet to an application (Song, section 4.5.2 & fig 3: //change the request or response to shadow data public String modifvRequest(String request); public String modifvResponse(Strina response)).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 11, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	wherein the instructions are further to provide a security agent, wherein the security agent is to provide network security via the VPN (Song, section 4.5.2: page 21, left column: Our source code for certificate generation and hostname lookup is from SandroProxv6 The usage of TLS interception has been controversial [20]. However, there are many benevolent use cases for TLS interception [15], and we argue that PrivacyGuard is one of them. First, we are transparent about PrivacyGuard and its purpose, and we let the phone owner himself/herself decide whether to install it. Second, PrivacyGuard uses the default TLS routines in Java for certificate checking and does not replace them with weakened ones, as is still done by many applications [16]. In turn, this implies that for many applications PrivacyGuard actually increases their security).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 12, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 and claim 11 above,
	wherein the security agent is a sandboxed application in the closed operating system (Song, section 4.5.2: page 21, left column: Our source code for certificate generation and hostname lookup is from SandroProxv6 The usage of TLS interception has been controversial [20]. However, there are many benevolent use cases for TLS interception [15], and we argue that PrivacyGuard is one of them. First, we are transparent about PrivacyGuard and its purpose, and we let the phone owner himself/herself decide whether to install it.Second, PrivacyGuard uses the default TLS routines in Java for certificate checking and does not replace them with weakened ones, as is still done by many applications [16]. In turn, this implies that for many applications PrivacyGuard actually increases their security). Examiner notes that SandroProxy is installed in Android version 4.0 (closed operating system) in VPN environment hence it is sandboxed with VPN environment.
	Regarding Claims 14 and 20, 
Claims 14 and 20 are rejected for similar reasons as in claim 2.
	Regarding Claim 15, 
Claim 15 is rejected for similar reasons as in claim 3.
	Regarding Claim 17, 
Claim 17 is rejected for similar reasons as in claim 11.
	Regarding Claim 18, 
Claim 18 is rejected for similar reasons as in claim 12.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over CHAMPAGNE et al. (US 20150052599), hereinafter CHAMPAGNE in view of Szabo et al. (US 20170339729), hereinafter Szabo in view of SHULMAN et al. (US 20170093824), hereinafter SHULMAN in view of Dispensa et al. (US 20060031407), hereinafter Dispensa. 
	Regarding Claim 4, the combination of CHAMPAGNE, Szabo, and SHULMAN teaches all the limitations of claim 1 above,
	The combination of CHAMPAGNE, Szabo, and SHULMAN does not explicitly teach wherein the instructions are to post the VPN on a loopback network interface.
	In the same field of endeavor, Dispensa teaches
Para [0270] When a user requests a document from the corporate Intranet via the WebTop, the local proxy module 530 (implemented on Microsoft Windows as an ActiveX control and on other platforms as a browser plug-in) is started and configured. The local proxy module 530 builds a VPN connection to the IPSec concentrator using the VPN system (described elsewhere). Once this tunnel is established, the Local Proxy creates listening sockets (TCP servers) on the loopback interface on the standard proxy server ports).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the device taught by the combination of CHAMPAGNE, Szabo, and SHULMAN to incorporate the teachings of Dispensa such that the device of the combination of CHAMPAGNE, Szabo, and SHULMAN includes wherein the instructions are to post the VPN on a loopback network interface. One would have been motivated to make such combination in order to reconfigure the user's DNS servers to point to loopback addresses for the duration of the application-level data tunneling session (Dispensa, Para [0290)).
	Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436