DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 16, 18-25 and 27-31 are pending in this application.
Claims 16, 18, 25, 27 and 30 are currently amended.
Claims 1-15, 17, 26 and 32 were cancelled.
No new IDS has been filed.

Response to Arguments
The previous 103 rejections to the claims 16-31 have been withdrawn in response to the applicants’ amendments/remarks.

Allowable Subject Matter
Claims 16, 18-25 and 27-31 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additional be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner's amendment was given in email response with Mark Friedman (Reg. no. 33,883) on 2/11/2022.

The application has been amended as follows:
IN THE CLAIMS

Claim 16. (Currently Amended) A method comprising: 
(a) receiving, by a gateway, via a shared virtual private network (VPN) a first request for access to a resource not connected to said shared VPN,
said first request being from a user on a first side of said shared VPN, said gateway being at a second side of said shared VPN, and 
said first request including a reference to said resource to be accessed by said user;
(b) evaluating, by said gateway, said first request to determine whether said first request includes a unique user identification (userid), said userid authenticating said user to said gateway, and when said first request lacks said userid, said gateway: 
(i) generating said userid authenticating said user, 
(ii) registering said user, said registering including associating said user with said userid thereby identifying said user to said gateway, and
(iii) sending said first request, further including said userid; and 
(c) evaluating, by said gateway, said first request to determine whether said first request includes a second token, said second token authenticating said user to said resource and said second token based on userid data for a domain of said resource, and when said first request lacks said second token, said gateway: 2 of 13 

(ii) issuing said first request further including said second token.

Claim 18. (Currently Amended) The method of claim 16 additionally comprising: evaluating said first request to determine whether said first request includes [[a]] said second token, and if said first request includes said second token then allowing said user access to said resource.

Claim 27. (Currently Amended) A system comprising: a processing system containing one or more processors, said processing system being configured to: 
(a) receive via a shared virtual private network (VPN) a first request for access to a resource not connected to said shared VPN, 
said first request being from a user on a first side of said shared VPN, 
said processing system being at a second side of said shared VPN, and 
said first request including a reference to said resource to be accessed by said user; 
(b) evaluate said first request to determine whether said first request includes a unique user identification (userid), said userid authenticating said user, and when said first request lacks said userid: 
(i) generate said userid authenticating said user,

(iii) send said first request further including said userid 

(c) evaluate said first request to determine whether said first request includes a second token, said second token authenticating said user to said resource, said second token based on userid data for a domain of said resource, and when said first request lacks said second token: 
(i) generate said second token authenticating said user to said resource, and 
(ii) issue said first request further including said second token, and when said first request includes said second token then allowing said user access to said resource.

Claim 30. (Currently Amended) A method comprising: 5 of 13 
(a) sending, to a gateway, via a shared virtual private network (VPN) a first request for access to a resource not connected to said shared VPN, 
said first request being from a user on a first side of said shared VPN, 
said gateway being at a second side of said shared VPN, and 
said first request including a reference to the resource to be accessed by said user; 
when said first request lacks said userid, said gateway: 
(i) generating said userid authenticating said user, 
(ii) registering said user, said registering including associating said user with said userid thereby identifying said user to said gateway, and 
(iii) sending said first request further including said userid, 
(c) evaluating, by said gateway, said first request to determine whether said first request includes a second token, said second token authenticating said user to said resource, said second token based on userid data for a domain of said resource, and when said first request lacks said second token: 
(i) generating said second token authenticating said user to said resource, and 
(ii) issuing said first request further including said second token, and when said first request includes said second token then allowing said user access to said resource.


Examiner’s Statement for Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:

Regarding independent claims 16, 27 and 30,

Dustin Doloff (U.S. Application US 20200092278 A1) discloses receiving a request for accessing a set of resources to an external service or a VPN service; request includes a credential or user identifier in order to indicate authentication and obtain permitted access to the resources. –e.g. see, Fig. 4, [0015], [0027], [0029] of Dustin Doloff.

Yuhua Wu (U.S. Patent US 8132242) discloses associating a user with an user id thereby identifying said user to a gateway and sending the request including the user id. –e.g. see, Fig. 1, col. 2, lines 1-14 of Yuhua Wu.

Grant (Pub. No.: US 2008/0049752 A1) discloses request for access to a resource not connected to said shared VPN –e.g. see, [0004] of Grant.

Schroeder (US 8,443,435 B1) discloses a local VPN concentrator normally used by the client device may provide the VPN handler with a resource list that provides a mapping of the resources of the enterprise network to the multiple VPN concentrators that have been deployed to provide secure access to those resources. The local VPN concentrator may dynamically update the resource list on the client device so as to control the construction and use of the split VPN tunnels by the VPN handler based on change to the enterprise network. The split tunnel approach may be transparent to applications executing on the client device and may be easily deployed to the client devices of the enterprise. –e.g. see, Abstract, Fig. 1, Fig. 4 of Schroeder.


the limitations in independent claims 16, 27 and 30 specific to the other limitations combination with:

(c) evaluating, by said gateway, said first request to determine whether said first request includes a second token, said second token authenticating said user to said resource, said second token based on userid data for a domain of said resource, and when said first request lacks said second token: 
generating said second token authenticating said user to said resource, and 
issuing said first request further including said second token.

Dependent claims 18-25, 28, 29 and 31 are allowed as they depend from allowable independent claim 16 or 27 or 30.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495