DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the America Invents Act (AIA ).

General Information Matter
Please note, the instant Non-Provisional application (17/076,321) under prosecution at the United States Patent and Trademark Office (USPTO) has been assigned to David Zarka (Examiner) in Art Unit 2449.  To aid in correlating any papers for 17/076,321, all further correspondence regarding the instant application should be directed to the Examiner.

Joint Inventors
This application currently names joint inventors.  In considering patentability of the claims the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicants are advised of the obligation under 37 C.F.R. § 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the Examiner to consider the applicability of 35 U.S.C. § 102(b)(2)(C) for any potential § 102(a)(2) prior art against the later invention.

Preliminary Amendments and Claim Status
The instant Office action is responsive to the preliminary amendments received October 21, 2020 and November 30, 2020.  
Claims 21–40 are currently pending.  

Information Disclosure Statement (IDS)
The IDSs filed October 21, 2020; January 21, 2021; and July 21, 2021 each comply with the provisions of 37 C.F.R. §§ 1.97, 1.98 and Manual of Patent Examining Procedure (MPEP) § 609 (9th ed. Rev. 08.2017, Jan. 2018).  The IDSs have been placed in the application file, and the information referred to therein has been considered.

Specification
37 C.F.R. § 1.72(b) recites 
A brief abstract of the technical disclosure in the specification must commence on a separate sheet, preferably following the claims, under the heading “Abstract” or “Abstract of the Disclosure.” The sheet or sheets presenting the abstract may not include other parts of the application or other material. The abstract must be as concise as the disclosure permits, preferably not exceeding 150 words in length. The purpose of the abstract is to enable the Office and the public generally to determine quickly from a cursory inspection the nature and gist of the technical disclosure.

The abstract of the disclosure is objected to under 37 C.F.R. § 1.72 for failing to be as concise as the disclosure permits to enable the Office and the public generally to determine quickly from a cursory inspection the nature and gist of the technical disclosure.  See MPEP § 608.01(b).  Notably, the abstract does not reflect the substance of the instant claims, but rather the substance of the parent application (16/430,726)’s claims.

Claim Rejections – 35 U.S.C. § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. § 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 30, 31, 34, and 36 are rejected under 35 U.S.C. § 102 as being anticipated by Wu (US 8,132,242 B1; filed Feb. 13, 2006).
Regarding claim 30, Wu discloses a method (fig. 5; 8:61–9:37) comprising: 
requesting (fig. 5, item 110; “Web browser 6 then sends a request to VPN gateway 18 for a temporary token via the new channel (110)” at 9:15–16), by a computer system (fig. 1, client device 4 including web browser item 6), one or more tokens (“a temporary token” at 9:15–16) from a gateway (fig. 1, VPN gateway item 18; 9:15–16) coupled to a plurality of networks (fig. 1, public network item 10, enterprise network item 16) comprising at least one private network (enterprise network item 16), at least one of the one or more tokens corresponding (fig. 5; 8:61–9:37) to the at least one private network, 
receiving (fig. 5, item 112; “In response, web browser 6 receives a temporary token from VPN gateway 18 (112)” at 9:16–18), by the computer system, the one or more tokens from the gateway, 

establishing, via the computer system, one or more direct routes (because the description of steps 116, 118 at 9:27–31 do not mention using public network item 10, Wu, then, at least implicitly discloses a direct route between web browser item 6 and VPN gateway item 18) between the one or more sessions (session initiated by user selecting resource at fig. 5, item 100) and the gateway (fig. 1, VPN gateway item 18; 9:15–16) with use of the one or more tokens. 
Regarding claim 31, Wu discloses further comprising initiating one or more virtual private network (VPN) clients (fig. 1, user item 17; fig. 1, web browser item 6) within the one or more sessions.
Regarding claim 34, Wu discloses further comprising communicating data (fig. 5, items 110–122) from the at least one private network between a VPN client (fig. 1, user item 17; fig. 1, web browser item 6) of the one or more VPN clients and the gateway (fig. 1, VPN gateway item 18; 9:15–16) via a direct route (because the description of steps 116, 118 at 9:27–31 do not mention using public network item 10, Wu, then, at least implicitly discloses a direct route between web browser item 6 and VPN gateway item 18) of the one or more direct routes.
Regarding claim 36, Wu discloses further comprising communicating internet requests (Wu implicitly discloses that upon the launch of the external application item 8 at fig. 5, item 114, the external application item 8 receives the resource item 12 using the direct route between the external application item 8 and see MPEP § 2144.04) to the gateway via the one or more direct routes.

Claim Rejections – 35 U.S.C. § 103
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 21 and 37 are rejected under 35 U.S.C. § 103 as being obvious over Engelhart (US 9,992,183 B2; filed Oct. 11, 2013) in view of Wu, and in further view of Zhang (US 11,017,013 B2; filed Feb. 20, 2015).
Regarding claim 21, while Engelhart teaches a computer system (fig. 1, access gateway server item 1321) comprising: 
memory (Engelhart at least suggests access gateway server item 132 includes memory);  
a network interface (Engelhart at least suggests access gateway server item 132 includes a network interface) configured to couple to a network (fig. 1, item 104); and 
at least one processor (Engelhart at least suggests access gateway server item 132 includes a processor) coupled to the memory and the network interface and 
receive (“The services gateway 128 sends the generated 132 token to the communications device 106 of the user” at 3:22–23; because fig. 1 illustrates access gateway server item 132 between services gateway item 128 sending token item 132 and device item 106, then access gateway server item 132 also receives the token item 132 from services gateway item 128), via the network interface, the one or more tokens from the gateway, 
provide (“The services gateway 128 sends the generated 132 token to the communications device 106 of the user” at 3:22–23; because fig. 1 illustrates access gateway server item 132 between services gateway item 128 sending token item 132 and device item 106, then access gateway server item 132 also provides the token item 132 to device item 106) the one or more tokens to 
establish, via the network interface, one or more direct routes (“The communications device 106 then may establish an HTTP session with a Web server 140 on the internet by sending an HTTP request to the services gateway 128 that includes the token.  Such an HTTP request can be generated by a program provided by the IMS that inserts the token into the request.” at 3:24–29) between the one or more session clients and the gateway, the one or more direct routes being based on the one or more tokens, and 

Engelhart does not teach (A) a plurality of networks comprising the network and at least one private network, at least one of the one or more tokens corresponding to the at least one private network; and (B) initiate one or more desktop as a service (DaaS) sessions comprising one or more session clients.
(A)
Wu teaches a plurality of networks comprising a network (fig. 1, public network item 10) and at least one private network (fig. 1, enterprise network item 16), at least one of one or more tokens (“a temporary token” at 9:15–16) corresponding to the at least one private network (fig. 1, enterprise network item 16).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for (1) Engelhart’s network to be part of a plurality of networks comprising the network and at least one private network; and (2) Engelhart’s token to correspond to the at least one private network as taught by Wu for “automated authentication of software applications launched by a web browser on a client device.”  Wu 1:55–57.
(B)
Zhang teaches initiating one or more DaaS sessions (“These types of virtual desktop environments where user desktops are hosted within separate, server-side virtual machines are often referred to as virtual desktop infrastructure (VDI) or Desktop-as-a-Service (DAAS) environments” at 5:12–16) comprising one or more session clients (fig. 1, items 120-1, 120-2, 120-3; “five users connect to host server 102-1 for the purpose of initiating remote desktop sessions, the host server 102-1 
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Engelhart/Wu combination’s one or more session clients to be part of an initiated one or more DaaS sessions as taught by Zhang for “providing more efficient ways to deliver image data and other graphical user interface (GUI) information to client devices in remote desktop environments.”  Zhang 2:19–22.
Regarding claim 37, Engelhart teaches a non-transitory computer-readable medium (Engelhart at least suggests access gateway server item 132 includes memory) storing computer-executable instructions to implement a process according to claim 21.  Thus, references/arguments equivalent to those present for claim 21 are equally applicable to claim 37.

Claim 30 is rejected under 35 U.S.C. § 103 as being obvious over Engelhart in view of Wu.
Regarding claim 30, while Engelhart teaches a method comprising: 
requesting, by a computer system (fig. 1, access gateway server item 1322), one or more tokens (“a token” at 3:10–12) from a gateway (“services gateway 128” at 3:10–12) coupled to a network (fig. 1, item 104), at least one of the one or more tokens corresponding to (3:7–39) the network, 
receiving (“The services gateway 128 sends the generated 132 token to the communications device 106 of the user” at 3:22–23; because fig. 1 illustrates access gateway server item 132 between services gateway item 128 sending token 
providing (“The services gateway 128 sends the generated 132 token to the communications device 106 of the user” at 3:22–23; because fig. 1 illustrates access gateway server item 132 between services gateway item 128 sending token item 132 and device item 106, then access gateway server item 132 also provides the token item 132 to device item 106) the one or more tokens to one or more sessions (fig. 1, device item 106) accessible by one or more clients (“communications device 106 of the user” at 3:23), and  
establishing, via the computer system, one or more direct routes (“The communications device 106 then may establish an HTTP session with a Web server 140 on the internet by sending an HTTP request to the services gateway 128 that includes the token.  Such an HTTP request can be generated by a program provided by the IMS that inserts the token into the request.” at 3:24–29) between the one or more sessions and the gateway with use of the one or more tokens,
Engelhart does not teach requesting one or more tokens from a gateway coupled to a plurality of networks comprising at least one private network, at least one of the one or more tokens corresponding to the at least one private network.
Wu teaches requesting (fig. 5, item 110; “Web browser 6 then sends a request to VPN gateway 18 for a temporary token via the new channel (110)” at 9:15–16), by a computer system (fig. 1, client device 4 including web browser item 6) one or more tokens (“a temporary token” at 9:15–16) from a gateway (fig. 1, VPN gateway item 18; 9:15–16) coupled to a plurality of networks (fig. 1, public network item 10, enterprise network item 16) comprising at least one private network (enterprise network item 16), at least one of the one or more tokens corresponding (fig. 5; 8:61–9:37) to the at least one private network


Claims 21, 22, 27–29, 37, and 38 are rejected under 35 U.S.C. § 103 as being obvious over Wu in view of Zhang.
Regarding claim 21, while Wu teaches a computer system (fig. 1, client device 4 including web browser item 6) comprising: 
memory (“computer-readable medium” at 3:1–2);  
a network interface (Wu at least suggests client device 4 includes a network interface to connect to public network item 10 and enterprise network item 16) configured to couple to a network (fig. 1, public network item 10); and 
at least one processor (“processor” at 3:3) coupled to the memory and the network interface and configured to request (fig. 5, item 110; “Web browser 6 then sends a request to VPN gateway 18 for a temporary token via the new channel (110)” at 9:15–16), via the network interface, one or more tokens (“a temporary token” at 9:15–16) from a gateway (fig. 1, VPN gateway item 18; 9:15–16) coupled to a plurality of networks comprising the network (fig. 1, public network item 10) and at least one private network (fig. 1, enterprise network item 16), at least one of the one or more tokens corresponding to the at least one private network (fig. 1, enterprise network item 16), 
receive (fig. 5, item 112; “In response, web browser 6 receives a temporary token from VPN gateway 18 (112)” at 9:16–18), via the network interface, the one or more tokens from the gateway, 

establish (fig. 5, items 116, 118; “After web browser 6 launches the external application, the external application sends the temporary token with a request for the resource (116).  At this time, VPN gateway 18 may validate the temporary token sent with the resource request (118).” at 9:27–31), via the network interface, one or more direct routes (because the description of steps 116, 118 at 9:27–31 do not mention using public network item 10, Wu, then, at least suggests a direct route between web browser item 6 and VPN gateway item 18) between the one or more session clients and the gateway, the one or more direct routes being based on the one or more tokens, and 
communicate data from the plurality of networks between the one or more session clients and the gateway via the network interface (“one or more external applications 8A through 8N (collectively, external applications 8) that use a public network 10 to interact with one or more network resources 12A through 12N (collectively, resources 12)” at 3:45–49) and the one or more direct routes (“To access resources 12, a user 17 establishes a secure session and authenticates web browser 6 to a virtual private network (VPN) gateway 18 in enterprise network 16.” at 3:58–60),
 Wu does not teach initiating one or more desktop as a service (DaaS) sessions comprising one or more session clients.
Zhang teaches initiating one or more DaaS sessions (“These types of virtual desktop environments where user desktops are hosted within separate, server-side virtual machines are often referred to as virtual desktop infrastructure (VDI) or Desktop-as-a-Service (DAAS) environments” at 5:12–16) comprising one or more session clients (fig. 1, items 120-1, 120-2, 120-3; “five users connect to host server 102-1 for the purpose of initiating remote desktop sessions, the host server 102-1 
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for Wu’s one or more session clients to be part of an initiated one or more DaaS sessions as taught by Zhang for “providing more efficient ways to deliver image data and other graphical user interface (GUI) information to client devices in remote desktop environments.”  Zhang 2:19–22.
Regarding claim 22, Wu teaches the one or more session clients comprising one or more virtual private network (VPN) clients (fig. 1, user item 17 using VPN gateway item 18; fig. 1, web browser item 6 using VPN gateway item 18).
Regarding claim 27, while Wu teaches being configured to communicate internet requests (Wu at least suggests that upon the launch of the external application item 8 at fig. 5, item 114, the external application item 8 receives the resource item 12 using the direct route between the external application item 8 and the resource item 12) to the gateway via the one or more direct routes,
the Wu/Zhang combination does not teach the one or more DaaS sessions being configured for the communication.
Zhang teaches one or more DaaS sessions (“These types of virtual desktop environments where user desktops are hosted within separate, server-side virtual machines are often referred to as virtual desktop infrastructure (VDI) or Desktop-as-a-Service (DAAS) environments” at 5:12–16) being configured for communications (“remote desktop sessions” at 5:10).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu/Zhang combination’s communication to have the one or more DaaS sessions configured for as taught by Zhang for “providing more efficient ways to deliver image data and other graphical user 
Regarding claim 28, while Wu teaches the at least one processor being further configured to execute a session controller (fig. 1, item 6) configured to: 
request (fig. 5, item 110; “Web browser 6 then sends a request to VPN gateway 18 for a temporary token via the new channel (110)” at 9:15–16) the one or more tokens (“a temporary token” at 9:15–16);  
receive (fig. 5, item 112; “In response, web browser 6 receives a temporary token from VPN gateway 18 (112)” at 9:16–18) the one or more tokens from the gateway,
Wu does not teach initiating the one or more DaaS sessions.
Zhang teaches initiating one or more DaaS sessions (“These types of virtual desktop environments where user desktops are hosted within separate, server-side virtual machines are often referred to as virtual desktop infrastructure (VDI) or Desktop-as-a-Service (DAAS) environments” at 5:12–16).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu/Zhang combination’s session controller (Wu fig. 1, item 6) to initiate the one or more DaaS sessions as taught by Zhang for “providing more efficient ways to deliver image data and other graphical user interface (GUI) information to client devices in remote desktop environments.”  Zhang 2:19–22.
Regarding claim 29, Wu teaches further comprising the gateway (fig. 1, VPN gateway item 18; 9:15–16), the gateway comprising a gateway service (fig. 2, items 38, 40, 44) and the at least one processor (“processor” at 3:3 residing in client device item 4 is responsible for executing VPN gateway item 18 when a user selects a resource at fig. 5, item 100) being further configured to execute the gateway service. 
claim 37, Wu teaches a non-transitory computer-readable medium (“computer-readable medium” at 3:1–2) storing computer-executable instructions to implement a process according to claim 21.  Thus, references/arguments equivalent to those present for claim 21 are equally applicable to claim 37.
Regarding claim 38, Wu teaches the instructions to initiate the one or more DaaS sessions comprising instructions to initiate one or more virtual private network (VPN) clients (fig. 1, user item 17 using VPN gateway item 18; fig. 1, web browser item 6 using VPN gateway item 18). 

Claims 23 and 39 are rejected under 35 U.S.C. § 103 as being obvious over Wu in view of Zhang, and in further view of Hayton (US 9,098,687 B2; filed May 3, 2013).
Regarding claim 23, while Wu teaches the one or more tokens (“a temporary token” at 9:15–16) for the one or more VPN clients (fig. 1, user item 17 using VPN gateway item 18; fig. 1, web browser item 6 using VPN gateway item 18), 
the Wu/Zhang combination does not teach the one or more tokens comprising one or more keys.
Hayton teaches one or more tokens comprising one or more keys (“an access token comprising the cryptographic key” at 1:62–63).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu/Zhang combination’s one or more tokens to comprise one or more keys as taught by Hayton for “secure authentication of users on mobile devices and other client devices, and allowing access to various resources and services in enterprise systems.”  Hayton 1:54–57.
claim 39, claim 23 recites substantially similar features.  Thus, references/arguments equivalent to those present for claim 23 are equally applicable to claim 39.

Claim 26 is rejected under 35 U.S.C. § 103 as being obvious over Wu in view of Zhang, and in further view of Puuskari (US 6,728,208 B1; PCT filed Mar. 18, 1999).
Regarding claim 26, while Wu teaches the one or more direct routes (because the description of steps 116, 118 at 9:27–31 do not mention using public network item 10, Wu, then, at least suggests a direct route between web browser item 6 and VPN gateway item 18), 
the Wu/Zhang combination does not teach the one or more direct routes comprising one or more Transmission Control Protocol routes.
Puuskari teaches one or more Transmission Control Protocol routes (“Transmission Control Protocol path” at claim 1).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu/Zhang combination’s one or more direct routes to comprise one or more Transmission Control Protocol routes as taught by Puuskari “controlling the Quality of Service (QoS) in mobile communications systems having a packet data transmission capability.”  Puuskari 1:7–9.

Claim 32 is rejected under 35 U.S.C. § 103 as being obvious over Wu in view of Hayton.
Regarding claim 32, while Wu teaches the requesting the one or more tokens (“a temporary token” at 9:15–16) for the one or more VPN clients (fig. 1, user item 17 using VPN gateway item 18; fig. 1, web browser item 6 using VPN gateway item 18), 

Hayton teaches one or more tokens comprising one or more keys (“an access token comprising the cryptographic key” at 1:62–63).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu’s one or more tokens to comprise one or more keys as taught by Hayton for “secure authentication of users on mobile devices and other client devices, and allowing access to various resources and services in enterprise systems.”  Hayton 1:54–57.

Claim 35 is rejected under 35 U.S.C. § 103 as being obvious over Wu in view of Puuskari.
Regarding claim 35, while Wu teaches the one or more direct routes (because the description of steps 116, 118 at 9:27–31 do not mention using public network item 10, Wu, then, at least suggests a direct route between web browser item 6 and VPN gateway item 18), 
the Wu does not teach the one or more direct routes comprising one or more Transmission Control Protocol routes.
Puuskari teaches one or more Transmission Control Protocol routes (“Transmission Control Protocol path” at claim 1).
It would have been obvious to one of ordinary skill in the art before the filing date of the invention for the Wu’s one or more direct routes to comprise one or more Transmission Control Protocol routes as taught by Puuskari “controlling the Quality of Service (QoS) in mobile communications systems having a packet data transmission capability.”  Puuskari 1:7–9.

Allowable Subject Matter
Claim 24 is objected to as being dependent upon rejected base claim 21 and intervening claims 22 and 23, but would be allowable if rewritten to include all of the limitations of base claim 21 and intervening claims 22 and 23.  See MPEP §§ 608.01(n), 707.07(j).
Claim 25 is objected to as being dependent upon rejected base claim 21 and intervening claims 22–24, but would be allowable if rewritten to include all of the limitations of base claim 21 and intervening claims 22–24.   See id.
Claim 33 is objected to as being dependent upon rejected base claim 30 and intervening claims 31 and 32, but would be allowable if rewritten to include all of the limitations of base claim 30 and intervening claims 31 and 32.   See id.
Claim 40 is objected to as being dependent upon rejected base claim 37 and intervening claims 38 and 39, but would be allowable if rewritten to include all of the limitations of base claim 37 and intervening claims 38 and 39.   See id.

Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicants’ disclosure: US 10686886 B2; US 20150206139 A1; US 10491595 B2; US 20180198786 A1; US 10592978 B1; and US 10348721 B2.
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to DAVID P. ZARKA whose telephone number is (703) 756-5746.  The Examiner can normally be reached Monday–Friday from 9:30AM–6PM ET.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Vivek Srivastava, can be reached at (571) 272-7304.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://portal.uspto.gov/external/portal.  Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, Applicants are encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
/DAVID P ZARKA/PATENT EXAMINER, Art Unit 2449


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 The Examiner notes Engelhart maps reference numeral 132 to both access gateway server item 132 and token item 132.
        2 The Examiner notes Engelhart maps reference numeral 132 to both access gateway server item 132 and token item 132.