DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings

Figure 6 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to because they include informalities.  In Figures 3A and 3B, the indications of connections or relationships between computers at the bottom of the Figures (below elements 316-1 and so on) is not clearly explained and does not appear to be addressed in the specification.  In Figure 4, steps 404 and 422 do not appear to be positive/active steps to be performed.  In steps 408 and 416, the quality is such that it is difficult to discern the presence of punctuation marks such as periods (see also Figure 5, step 508).  In steps 412 and 416, the use of quotation marks is generally vague and unclear in context.  Corrected drawing sheets in compliance with 

Specification

The abstract of the disclosure is objected to because it includes informalities.  In particular, in lines 1-2, the verb “is provided” does not agree in number with the plural subject “Systems and methods”.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:  
The specification includes minor grammatical and other errors.  For example, in paragraph 0003, line 1, the abbreviation VPN should be spelled out in full the first time it 
Appropriate correction is required.  The above is not intended as an exhaustive list of errors in the specification.  Applicant’s cooperation is requested in correcting any other errors of which applicant may become aware in the specification.
The use of the terms Fortigate, Fortimail, FortiDB, Fortiweb, Fortibalancer, Fortiscan, Fortimanager, Fortianalyzer, Fortibridge, FortiDNS, FortiWiFi, FortiDDoS, Intel Itanium, AM Opteron, Athlon, Mtorola, FortiSOC, Seagate Barracuda, Hitachi Deskstar, and IOMEGA Zip, which are trade names or marks used in commerce, has been noted in this application. The terms should be accompanied by the generic terminology; furthermore the terms should be capitalized wherever they appear or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) is permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “a client device” in lines 7-8.  It is not clear if this is intended to refer to the authentication client device, one of the pre-authorized client devices, or a distinct client device.  The claim further recites “confirming… the connection establishment request was initiated by the particular user by authenticating the particular user” in lines 11-13.  It is not clear how authenticating the user would confirm that the connection request was initiated by the user.  The claim additionally recites “the client device” in line 15.  It is not clear whether this is intended to refer to the authentication client device, one of the pre-authorized client devices, or the client device of lines 7-8 if this is distinct.  The above ambiguities render the claim indefinite.
Claim 2 recites “a particular user” in line 2.  It is not clear whether this is intended to refer to the same particular user as in Claim 1 or to a distinct user.
Claim 6 recites that one or more client devices “may establish concurrent connections”.  This appears to be an optional limitation, and therefore it is not clear how 
Claim 7 recites “a client device” in line 8.  It is not clear if this is intended to refer to the authentication client device, one of the pre-authorized client devices, or a distinct client device.  The claim further recites “confirming… the connection establishment request was initiated by the particular user by authenticating the particular user” in lines 11-12.  It is not clear how authenticating the user would confirm that the connection request was initiated by the user.  The claim additionally recites “the client device” in line 14.  It is not clear whether this is intended to refer to the authentication client device, one of the pre-authorized client devices, or the client device of line 8 if this is distinct.  The above ambiguities render the claim indefinite.
Claim 8 recites “a particular user” in line 2.  It is not clear whether this is intended to refer to the same particular user as in Claim 7 or to a distinct user.
Claim 12 recites that one or more client devices “may establish concurrent connections”.  This appears to be an optional limitation, and therefore it is not clear how this further limits the claimed medium.  Further, the claim recites “the portable, hardware-based authentication” in line 3.  There is not clear antecedent basis for this limitation, which appears to be incomplete and unclear as to how authentication would be portable, although it appears that this may be intended to refer to the authentication client device.

Claim 14 recites “a particular user” in line 2.  It is not clear whether this is intended to refer to the same particular user as in Claim 13 or to a distinct user.
Claim 18 recites that one or more client devices “may establish concurrent connections”.  This appears to be an optional limitation, and therefore it is not clear how this further limits the claimed device.  Further, the claim recites “the portable, hardware-based authentication” in line 3.  There is not clear antecedent basis for this limitation, which appears to be incomplete and unclear as to how authentication would be portable, although it appears that this may be intended to refer to the authentication client device.
Claim 19 recites “the client device” in lines 3, 4, and 6.  It is not clear whether this is intended to refer to the authentication client device, one of the pre-authorized client devices, or the client device of Claim 13, line 10, if this is distinct.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mukherjee et al, US Patent 7421736.
In reference to Claim 1, Mukherjee discloses a method that includes maintaining a list of pre-authorized client devices in a portable authentication client device assigned to a user and paired with an appliance at a network (column 6, lines 21-35); receiving a connection establishment request to connect with the network via the appliance (Figure 4A, request 404; column 8, lines 1-11); authenticating the user, verifying that a client device is on the list of pre-authorized clients, and establishing a local connection or VPN tunnel between the authentication device and appliance (Figure 4A, steps 406-416; column 8, lines 8-48).

In reference to Claims 4 and 5, Mukherjee further discloses a VPN mode or local mode and one or more types of VPN connections (column 2, line 35-column 3, line 8, and throughout).
In reference to Claim 6, Mukherjee further discloses a concurrent connection through the authentication device (column 8, lines 8-48).

Claims 7-12 are directed to software implementations of the methods of Claims 1-6, and are rejected by a similar rationale.
Claims 13-18 are directed to devices having functionality corresponding to the methods of Claims 1-6, and are rejected by a similar rationale, mutatis mutandis. 

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Mukherjee.
.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bushmitch et al, US Patent 7228438, discloses a system using a portable authentication device.
Suganthi et al, US Patent 7953889, discloses systems for VPN traffic to enterprise networks.
Lee, US Patent 8141143, discloses methods for providing remote access to resources in an enterprise network over a VPN.
Short et al, US Patent 8156246, discloses a portable “nomadic” router for access to a network.
Hendrickson et al, US Patent 8860777, discloses a system that includes an authorized client list for an enterprise service.
Glazemakers et al, US Patent 9148408, discloses systems for protecting network devices using firewalls.
van ’t Noordende, US Patent 10599830, discloses a system that uses a list of authorized clients and tokens for authorization.
Chanak et al, US Patent Application Publication 2018/0270201, discloses a system for virtual private access.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 

/Zachary A. Davis/Primary Examiner, Art Unit 2492