DETAILED ACTION
Claims 1-16, 21, and 25 are pending. Claims 1-16, 21, and 25 have been examined and are rejected. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/5/2022 has been entered.
Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed. 
Response to Arguments
Applicant’s arguments and amendments, filed on 1/5/2022 and 1/12/2022, with respect to the rejection of the claims under 35 USC 103, have been fully considered but are moot in view of the new grounds of rejection necessitated by Applicant’s amendment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-16, 21, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Bhatt (US 20130097418) in view of Kakemizu (US 20020018456) and further with Sif (US 20150063166).
Regarding Claims 1, 11, 21 and 25: 
Bhatt discloses – A communication system comprising 
a data center of a cloud operator, the data center providing a communication service to a terminal via a first wide area network to which the data center connects, and a wireless LAN (Local Area Network) to which the terminal connects, wherein the data center comprises: (Bhatt; Paragraph [35-38] - A system to provide cellular-WiFi communication, where a UE wireless device 201 (e.g., a mobile phone) is communicably coupled 209 to an access point 202 in a wireless network, where access point 202 is communicably coupled to a mobility gateway 203 via an IP secure tunnel 204 and the mobility gateway 203 is located at an edge of a mobile network and is communicably coupled to a mobile network gateway 213 via a mobile network tunnel 206. In one embodiment, a WiFi access network is controlled by the mobile (cellular) operator network (e.g., Packet Core Network) as a part of the mobile operator trusted network via a secure tunnel. That is, an operator of a mobile network can communicably couple a untrusted WiFi access network to the operator's own trusted controlled radio network.)
a first gateway configured to connect with the terminal using a VPN (Virtual Private Network) established between the first gateway and the terminal through the first wide area network and the wireless LAN and terminate the VPN. More specifically, Bhatt (Paragraph [25, 28-30, 35-36, 39-42]), as discussed above, discloses a system to provide cellular-WiFi communication that enables methods and apparatuses to couple an untrusted wireless access network to a trusted controlled network via a secure tunnel, but does not explicitly disclose a first gateway configured to connect with the terminal using a VPN (Virtual Private Network) established between the first gateway and the terminal through the first wide area network and the wireless LAN and terminate the VPN, which is disclosed by Kakemizu (see below)
Kakemizu discloses – a first gateway configured to connect with the terminal using a VPN (Virtual Private Network) established between the first gateway and the terminal through the first wide area network and the wireless LAN and terminate the VPN; (Kakemizu; Paragraph [12, 14-17, 63-64] - a VPN setting service that enables the communications in the mobile IP to be carried out by using a safe communication path. Provide a VPN setting service to an optional terminal 1 and hosts 32 to 52 having communications. This is achieved by dynamically setting a VPN of the IP Sec. to security gateways 21 to 51 connecting to public IP networks 2 to 5.)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the methods and apparatuses to couple an untrusted wireless access network to a trusted controlled network via a secure tunnel of Bhatt that provides a system to communicate data packets between two networks such as a WiFi network and a cellular network and can divert selected traffic between the core network and the internet, with the VPN setting service of a VPN system in a mobile IP network of Kakemizu that 
Bhatt-Kakemizu further discloses – a second gateway configured to connect to a second wide area network, (Bhatt; Paragraph [53-55] - Discloses a system to communicate data packets between two networks such as a WiFi network and a cellular network. The AP/Controller (e.g., AP 202 and AP 502) forwards the data packets towards the gateway (e.g., gateway 203 and gateway 503) (e.g., SSX) acting as a ePDG/TTG proxy through the IPsec tunnel, such as tunnel 204 and tunnel 505. the gateway, such as gateway 203 and gateway 503 (e.g., SSX) acting as an ePDG/TTG proxy forwards the data packets through a mobile network channel (e.g., GTP-U) (e.g., channel 206 and channel 506) towards a mobile network gateway (e.g., gateway 213 and gateway 508) (e.g., P-GW/GGSN). The mobile network gateway (e.g., gateway 213 and gateway 508) (e.g., P-GW/GGSN) forwards the data packets (e.g., 507) towards a service provider network (e.g. Internet).)
Bhatt-Kakemizu does not explicitly disclose – a virtual network connected to the first gateway and the second gateway. More specifically, Bhatt (Paragraph [25, 28-30, 35-36, 39-42]), as discussed above, discloses a system to provide cellular-WiFi communication that enables methods and apparatuses to couple an untrusted wireless access network to a trusted controlled network via a secure tunnel. Furthermore, Kakemizu (Paragraph [12, a virtual network connected to the first gateway and the second gateway, which is disclosed by Sif (see below)
Sif discloses –a virtual network connected to the first gateway and the second gateway; and (Sif; Paragraph [64-66, 75] - Discloses a system 130 for handling physical and virtual mobile networks. MNFV 136 configured with a connection to agent 148 in element management system (EMS) 144. Network 150 may be managed by CMS 140 and/or EMS 144. Network 150 is a virtual cloud EPC with a router between the interconnections between the L2/L3 layers in the network stacks. Compute node 623 contains QL agent 628, node 634, and node 642. Node 634 contains virtual MME (vMME) 636, QL virtual management block 640, and application plug-in 642, while node 642 contains virtual SGW (vSGW) 644, QuantumLeap virtual management 646, and application plug-in 648.)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the methods and apparatuses to couple an untrusted wireless access network to a trusted controlled network via a secure tunnel of Bhatt, and the VPN setting service of a VPN system in a mobile IP network of Kakemizu, with the system and method for mobile network function virtualization of Sif that supports the Virtual Network Functions (VNF) for EPC clusters that support virtual network functions, such that Sif provides Virtual Network Functions (VNF) for EPC clusters supporting virtual network functions to the VPN setting service of Kakemizu and the methods and apparatuses to couple an untrusted wireless access network to a trusted controlled network via a secure tunnel of Bhat, where the 
Bhatt-Kakemizu-Sif further discloses – a function block that is provided between the first gateway and the second gateway and that performs, based on filter information, filtering of a first packet transmitted by the terminal using the VPN and received by the first gateway from the first wide area network, and a second packet destined to the terminal and received by the second gateway from the second wide area network. (Kakemizu; Paragraph [86-88, 94] - VPN setting service comprising functional blocks of the MA (FA, HA, PCN), each network apparatus of the FA, the HA and the PCN consists of an MA protocol control section 321, an MAVPN control section 322, a network kernel 323, and a physical network device interface 324. The QoS control section 334 sets to the network kernel 323 filter, information consisting of a TOS value set to the VPN information cache 333, a transmission originating address and a destination address for identifying a packet that marks the TOS value, and their net masks. The network kernel 323 edits the packet according to a filtering condition of a differentiated service set in advance in the kernel. When the output destination is a virtual device, the process branches to step S204.)

Regarding Claims 2, and 12:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein the virtual network includes 
a virtual packet core network virtualizing at least a part of functions of a packet core network. (Sif; Paragraph [74-76; Table 1] - A system 620 for application management with a VM agent using QuantumLeap. System 620 includes controller node 621, which provides 
Regarding the above dependent claims, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claims 3, and 13:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 2, wherein in the data center, the function block includes: 
at least one of a first function block connected between the first gateway and the second gateway; and (Kakemizu; Paragraph [18-23, 26, 63-64] - a functional block structure implemented by the VPN setting service, such as a mobile IP protocol function, a FA (Foreign Agent), a HA (Home Agent), and a PCN (Proxy Correspondent Node), as well as authentication, authorization, and accounting (AAA) functions, implemented in one or more security gateways (VPNGW) of one or more connected ISPs (Internet Service Provider) providing a VPN service.)
a second function block connected to the virtual packet core network. (Sif; Paragraph [64-66, 75] - Discloses a system 130 for handling physical and virtual mobile networks. MNFV 136 configured with a connection to agent 148 in element management system (EMS) 144. Network 150 may be managed by CMS 140 and/or EMS 144. Network 150 is a virtual cloud EPC with a router between the interconnections between the L2/L3 layers in the network stacks. Compute node 623 contains QL agent 628, node 634, and node 642. Node 634 contains virtual MME (vMME) 636, QL virtual management block 640, and application plug-in 642, while node 642 contains virtual SGW (vSGW) 644, QuantumLeap virtual management 646, and application plug-in 648.) 

Regarding Claims 4, and 14:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein in the data center, the function block further includes 
a function block that controls access rejection and permission of an incoming call and a text message destined to the terminal. (Sif; Paragraph [46, 50] - System Architecture Exposure (SAE) is a core network architecture for 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) wireless communications. SAE includes MME, SGW, PGW, HSS, Access Network Discovery and Selection Function (ANDSF), and Evolved Packet Data Gateway (ePDG). The HSS has functionalities such as mobility management, call and session establishment support, user authentication, and access authorization.)
Regarding the above dependent claims, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claims 5, and 15:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein in the data center, the function block further includes 
a function block that controls compression of data in a payload portion of at least one of a packet input from the second wide area network side and a packet input from the terminal side through the first wide area network. (Bhatt; Paragraph [25, 28-29] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 goes through gateway device 115 and/or a third generation partnership project (3GPP) packet core network 106. A mobility gateway 
Regarding the above dependent claims, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claims 6, and 16:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein in the data center, the function block further includes 
a function block that is provided for each terminal and that performs packet filtering for the terminal, (Bhatt; Paragraph [53-55] - Discloses a system to communicate data packets between two networks such as a WiFi network and a cellular network. The AP/Controller (e.g., AP 202 and AP 502) forwards the data packets towards the gateway (e.g., gateway 203 and gateway 503) (e.g., SSX) acting as a ePDG/TTG proxy through the IPsec tunnel, such as tunnel 204 and tunnel 505. the gateway, such as gateway 203 and gateway 503 (e.g., SSX) acting as an ePDG/TTG proxy forwards the data packets through a mobile network channel (e.g., GTP-U) (e.g., channel 206 and channel 506) towards a mobile network gateway (e.g., gateway 213 and gateway 508) (e.g., P-GW/GGSN). The 
and/or access rejection and permission of an incoming call and a message destined to the terminal are/is set for each terminal. (Sif; Paragraph [46, 50] - System Architecture Exposure (SAE) is a core network architecture for 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) wireless communications. SAE includes MME, SGW, PGW, HSS, Access Network Discovery and Selection Function (ANDSF), and Evolved Packet Data Gateway (ePDG). The HSS has functionalities such as mobility management, call and session establishment support, user authentication, and access authorization.)
Regarding the above dependent claims, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claim 7:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 3, 
wherein in a service of a voice call or a text message provided to the terminal via the wireless LAN, the terminal communicates with a connection destination, through the VPN, via the first gateway, the virtual packet core network, and the second gateway of the data center and via the second wide area network, and (Bhatt; Paragraph [35-38] - A system to provide cellular-WiFi communication, where a UE wireless device 201 (e.g., a mobile phone) is communicably coupled 209 to an access point 202 in a wireless network, where access point 202 is communicably coupled to a mobility gateway 203 via an IP secure tunnel 204 and the mobility gateway 203 is located at an edge of a mobile network and is communicably coupled to a mobile network gateway 213 via a mobile network tunnel 206. In one embodiment, a WiFi access network is controlled by the mobile (cellular) operator network (e.g., Packet Core Network) as a part of the mobile 
an incoming call or a message permitted by the second functional block connected to the virtual packet core network of the data center, (Sif; Paragraph [46, 50] - System Architecture Exposure (SAE) is a core network architecture for 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) wireless communications. SAE includes MME, SGW, PGW, HSS, Access Network Discovery and Selection Function (ANDSF), and Evolved Packet Data Gateway (ePDG). The HSS has functionalities such as mobility management, call and session establishment support, user authentication, and access authorization.)
among the incoming calls or messages destined to the terminal from the second wide area network side, is transmitted, via the virtual packet core network and the first gateway, through the VPN to the terminal. (Sif; Paragraph [64-66, 75] - Discloses a system 130 for handling physical and virtual mobile networks. MNFV 136 configured with a connection to agent 148 in element management system (EMS) 144. Network 150 may be managed by CMS 140 and/or EMS 144. Network 150 is a virtual cloud EPC with a router between the interconnections between the L2/L3 layers in the network stacks. Compute node 623 contains QL agent 628, node 634, and node 642. Node 634 contains virtual MME (vMME) 636, QL virtual management block 640, and application plug-in 642, while node 642 contains virtual SGW (vSGW) 644, QuantumLeap virtual management 646, and application plug-in 648.)
Regarding the above dependent claim, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claim 8:

wherein in a data communication service provided to the terminal via the wireless LAN, the terminal connects, through the VPN, via the first gateway, the virtual network, and the second gateway of the data center, to the second wide area network, (Bhatt; Paragraph [25, 28-29] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 goes through gateway device 115 and/or a third generation partnership project (3GPP) packet core network 106. A mobility gateway device (MGW) 115 includes a mobile data offloading/packet data gateway/tunnel terminal gateway. As shown in FIG. 1A, a secure tunnel (IPsec) 119 is established between the WLAN controller 110 and MGW 115. MGW 115 directly communicates the control traffic and the associated data traffic to GGSN/P-GW 105 via a path 116 (e.g., a GTP tunnel). In this scenario, the IP address (by which UE 101 is represented to the operator's services 108) is allocated by GGSN/P-GW 105 and IP routers are configured to route all traffic destined to this IP address to GGSN/P-GW 105 which in turn tunnels the data to UE 101. MGW 115 is also referred to herein as a mobile data offload gateway (MDO-GW) device for offloading traffic to Internet 107 without having to go through WWAN core network 106.)
the first function block connected between the first gateway and second gateway of the data center, filters a packet input from the second wide area network side, and (Bhatt; Paragraph [25, 28-30] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 goes through gateway device 115 and/or a third generation partnership project (3GPP) packet core network 
the packet input from the second wide area network side and permitted by the first function block is transmitted, via the first gateway through the VPN to the terminal. (Bhatt; Paragraph [25, 28-29] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 goes through gateway device 115 and/or a third generation partnership project (3GPP) packet core network 106. A mobility gateway device (MGW) 115 includes a mobile data offloading/packet data gateway/tunnel terminal gateway. As shown in FIG. 1A, a secure tunnel (IPsec) 119 is established between the WLAN controller 110 and MGW 115. MGW 115 directly communicates the control traffic and the associated data traffic to GGSN/P-GW 105 via a path 116 (e.g., a GTP tunnel). In this scenario, the IP address (by which UE 101 is represented to the operator's services 108) is allocated by GGSN/P-GW 105 and IP routers are configured to route all traffic destined to this IP address to GGSN/P-GW 105 which in turn tunnels the data to UE 101. MGW 115 is also referred to herein as a mobile data offload gateway (MDO-GW) device for offloading traffic to Internet 107 without having to go through WWAN core network 106.)

Regarding Claim 9:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein first to Nth terminals (N is an integer of 2 or more) connecting to one wireless LAN access point and the first gateway of the data center are connected by first to Nth VPNs, (Bhatt; Paragraph [28, 35-36, 39-42] - Discloses a system to provide cellular-WiFi communication. The access point 202 is communicably coupled to a mobility gateway 203 via an IP secure tunnel 204. The mobility gateway 203 is located at an edge of a mobile network and is communicably coupled to a mobile network gateway 213 via a mobile network tunnel 206, where an operator of a mobile network can communicably couple a untrusted WiFi access network to the operator's own trusted controlled radio network. The gateway 203 provides an IP address to the device 201 via a IP secure tunnel 204. Additionally, an IP secure tunnel into which network traffic between one or more devices and a gateway (e.g., a SSX device) is forced can be static, or can be established dynamically e.g., via a discovery mechanism. In another embodiment, a layer Virtual Private Network (VPN) or Virtual Private LAN Service (VPLS) is dynamically used to force traffic towards the gateway (e.g., a SSX) without requiring an IPSec tunnel.)
wherein in the data center, the function block includes: 
first to Nth function blocks respectively connected to the first to Nth VPN that are terminated by the first gateway; and (Bhatt; Paragraph [25, 28-29] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 
an (N+1)th function block having one end connected to the first to Nth function blocks and having the other end connected to the second gateway, (Bhatt; Paragraph [53-55] - Discloses a system to communicate data packets between two networks such as a WiFi network and a cellular network. The AP/Controller (e.g., AP 202 and AP 502) forwards the data packets towards the gateway (e.g., gateway 203 and gateway 503) (e.g., SSX) acting as a ePDG/TTG proxy through the IPsec tunnel, such as tunnel 204 and tunnel 505. the gateway, such as gateway 203 and gateway 503 (e.g., SSX) acting as an ePDG/TTG proxy forwards the data packets through a mobile network channel (e.g., GTP-U) (e.g., channel 206 and channel 506) towards a mobile network gateway (e.g., gateway 213 and gateway 508) (e.g., P-GW/GGSN). The mobile network gateway (e.g., gateway 213 and gateway 508) (e.g., P-GW/GGSN) forwards the data packets (e.g., 507) towards a service provider network (e.g. Internet).)

Regarding the above dependent claim, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well.
Regarding Claim 10:
Bhatt-Kakemizu-Sif further discloses – The communication system according to claim 1, wherein the first gateway manages the VPN between the terminal and the first gateway on a per terminal basis, on a per terminal user basis, or on a per user account basis, the user account provided by the cloud operator to a user of the terminal. (Bhatt; Paragraph [25, 28-29] - Discloses an interworked wireless local area network (WLAN) and wireless wide area network (WWAN) system. In order to access other networks such as Internet 107 and/or operator services node 108, UE 101 goes through gateway device 115 and/or a third generation partnership project (3GPP) packet core network 106. A mobility 
Regarding the above dependent claim, the rationale to combine Bhatt in view of Kakemizu and further with Sif as discussed in claim 1, applies here as well. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J LI whose telephone number is (571) 270-0623. The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained 

/ML/Examiner, Art Unit 2457 



/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2457