Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-20 are subject to examination.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 10681010 in view of Sprague et al., 2015/0089568.
Claim 1 of this application:

    PNG
    media_image1.png
    512
    660
    media_image1.png
    Greyscale

Claim 1 of the parent application/patent.

    PNG
    media_image2.png
    663
    608
    media_image2.png
    Greyscale

    PNG
    media_image3.png
    92
    592
    media_image3.png
    Greyscale

The subject matter of claims 1-20 of this application was examined in parent application 15/581,149, now U.S. Patent 10681010.
Regarding Applicant amendments to the claim 1, 
Sprague discloses, a plurality of trust data elements, each trust data element having a corresponding assigned value (factors and numbers assigned to each of the factors regarding trust, figure 4A, for a user/device accessing a network, para 133-135), determining a number by adding the corresponding assigned value of each of the plurality of trust data elements obtained in the trust data (aggregating /overall / calculating the corresponding numbers of the factors to obtain a number regarding trust / score, para 127, 128, figure 4A), the number when the number exceeds a threshold (the number /score exceeding the threshold associated with trust, para 90, 38, 131). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Acharya-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known elements with associated values to known aggregated/ overall trust regarding an entity. A decision on whether the entity is considered trusted or not would be based on whether the aggregated/ overall number regarding trust exceeds a threshold or not. When the aggregated/ overall number meets the threshold, the entity would be considered for access based on trust level. When the trust level is low access is prevented to the secure resources, para 90, 38, 131. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Acharya et al., 2014/0289791, IBM, in view of Hannel et al., 20110231443 and Sprague et al., 2015/0089568.
Referring to claims 1, 9, 17, Acharya-IBM discloses a server, comprising: a memory storing computer-readable instructions; and a processor coupled to the memory and configured to execute the instructions to: a computer program product comprising instructions for storage on a non-transitory computer-readable medium that, when executed by a processor, cause an apparatus to: a method implemented by a Virtual Private Network (VPN) server for remote access, comprising: obtaining, by a Virtual Private Network (VPN) server (para 59), trust data of a user accessing a network (authenticated client information and client data for secure communication of registered client, para 120, 151), determining, by the VPN server, a level corresponding to the trust data (authenticated client information and data for secure communication for dynamic access to the registered client, para 120, 151) and the level (specifying access to clients for access to application/vm instance/service based on access level using policies and rules to enforce access control rules, para 99-103), determining, by the VPN server, an access zone of the network corresponding to the level (first access zone based on first policy and second access zone based on second policy depending upon access level using policies and rules for specified access to client, para 170); and
establishing, by the VPN server (para 59), a VPN connection between a device used by the user and the first access zone (client access to the first access zone based on first policy using VPN server, para 151, 167). 

    PNG
    media_image4.png
    793
    513
    media_image4.png
    Greyscale

Acharya-IBM does not specifically mention about, which is well-known in the art, trust level, which Hannel discloses, para 176, 183, 203, 86. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Acharya-IBM to implement trust level and also one of ordinary skill in the art would have been motivated to do so because it could provide access based on trust level. When the trust level is low access is prevented to the secure resources. For example after certain period of time the trust level may be changed so that secure resources are accessed only during certain amount of time, and hence security of the resources is enhanced as suggested by Hannel, para 86, 176. 
Acharya-IBM and Hannel do not specifically mention about, which is well-known in the art, which Sprague discloses, a plurality of trust data elements, each trust data element having a corresponding assigned value (factors and numbers assigned to each of the factors regarding trust, figure 4A, for a user/device accessing a network, para 133-135), determining a number by adding the corresponding assigned value of each of the plurality of trust data elements obtained in the trust data (aggregating /overall / calculating the corresponding numbers of the factors to obtain a number regarding trust / score, para 127, 128, figure 4A), the number when the number exceeds a threshold (the number /score exceeding the threshold associated with trust, para 90, 38, 131). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Acharya-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known elements with associated values to known aggregated/ overall trust regarding an entity. A decision on whether the entity is considered trusted or not would be based on whether the aggregated/ overall number regarding trust exceeds a threshold or not. When the aggregated/ overall number meets the threshold, the entity would be considered for access based on trust level. When the trust level is low access is prevented to the secure resources, para 90, 38, 131. 

Referring to claims 2, 10, 18, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses monitoring, by the VPN server, a change of the trust data; determining, by the VPN server, a second trust level corresponding to changed trust data in response to the VPN server obtaining the changed trust data; determining, by the VPN server, a second access zone of the first network corresponding to the second trust level; and establishing, by the VPN server, a second VPN connection between the device and the second access zone (adjusting of trust level based data regarding the trust and providing access to different access zone according to the trust level, para 254, 263, 264).

Referring to claims 3, 11, 19, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses comparing, by the VPN server, the second trust level with the first trust level; and keeping, by the VPN server, the first VPN connection alive in response to the second trust level being higher than the first trust level, and closing, by the VPN server, the first VPN connection in response to the second trust level being lower than the first trust level (adjusting of trust level based data regarding the trust and dropping access to access zone when the trust level is low, para 254, 263, 264).

Referring to claims 4, 14, 20, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses monitoring, by the VPN server, a change of the trust data; determining, by the VPN server, a second trust level corresponding to changed trust data in response to the VPN server obtaining the changed trust data, determining, by the VPN server, a second access zone of the first network corresponding to the second trust level; modifying, by the VPN server, configuration of the first VPN connection so that the first VPN connection is changed into a second VPN connection between the device and the second access zone (adjusting of trust level based data regarding the trust and providing access to different access zone according to the trust level and different connection, para 254, 263, 264).

Referring to claims 5, 15, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses determining, by the VPN server, there is a third trust level corresponding to the user, wherein the third trust level is lower than the first trust level; determining, by the VPN server, a third access zone of the first network corresponding to the third trust level; establishing, by the VPN server, a third VPN connection between the device and the third access zone (adjusting of trust level based data regarding the trust and providing access to necessary access zone according to the trust level and another connection, para 254, 263, 264).

Referring to claims 6, 16, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses wherein the plurality of trust data elements comprises at least one of a first trust data element for determining whether the user is reliable, a second trust data element for determining whether the device is reliable, and a third trust data element for determining whether a second network which connects the device to the first network is reliable (providing access to the user based on trust level, para 254, 263, 264).

Referring to claims 7, 17, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses wherein the trust data further comprises information for indicating that the remote access passes a third network which fails to provide a fourth trust data element for determining whether the third network is reliable, and the first trust level is lower than a second trust level of the remote access determined by trust data which does not comprise the information (adjusting of trust level based data regarding the trust over the communication on a network and providing access to necessary access zone according to the trust level and another connection, para 254, 263, 264).

Referring to claims 8, 18, Acharya-IBM, Sprague and Hannel disclose the claimed limitations as rejected above.  Hannel also discloses wherein the first trust data element for determining whether the user is reliable comprises an identification of the user, a biometric key, a password, a personal identification number (PIN), RFID tag, or NFC Tag; wherein the second trust data element for determining whether the device is reliable comprises a serial number of the device, a MAC address of the device, an IMEI of the device, a SIM, a number of the device or a Global Positioning System (GPS) position of the device, wherein the second network comprises at least one of an access network, a carrier network, or an Internet exchange network (user identification/credential, any network, para 254, 263, 264).

Response to Arguments
Applicant's arguments filed 1/13/22, pages 12-16 have been fully considered but they are not persuasive.  Therefore, rejection of claims 1-20 is maintained. 
Regarding Applicant’s concern for the amended limitations of claim 1, the rejections are updated accordingly. Please refer to above updated rejections.
Acharya-IBM discloses a server, comprising: a memory storing computer-readable instructions; and a processor coupled to the memory and configured to execute the instructions to: a computer program product comprising instructions for storage on a non-transitory computer-readable medium that, when executed by a processor, cause an apparatus to: a method implemented by a Virtual Private Network (VPN) server for remote access, comprising: obtaining, by a Virtual Private Network (VPN) server (para 59), trust data of a user accessing a network (authenticated client information and client data for secure communication of registered client, para 120, 151), determining, by the VPN server, a level corresponding to the trust data (authenticated client information and data for secure communication for dynamic access to the registered client, para 120, 151) and the level (specifying access to clients for access to application/vm instance/service based on access level using policies and rules to enforce access control rules, para 99-103), determining, by the VPN server, an access zone of the network corresponding to the level (first access zone based on first policy and second access zone based on second policy depending upon access level using policies and rules for specified access to client, para 170); and
establishing, by the VPN server (para 59), a VPN connection between a device used by the user and the first access zone (client access to the first access zone based on first policy using VPN server, para 151, 167). 

    PNG
    media_image4.png
    793
    513
    media_image4.png
    Greyscale

Acharya-IBM does not specifically mention about, which is well-known in the art, trust level, which Hannel discloses, para 176, 183, 203, 86. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Acharya-IBM to implement trust level and also one of ordinary skill in the art would have been motivated to do so because it could provide access based on trust level. When the trust level is low access is prevented to the secure resources. For example after certain period of time the trust level may be changed so that secure resources are accessed only during certain amount of time, and hence security of the resources is enhanced as suggested by Hannel, para 86, 176. 
Acharya-IBM and Hannel do not specifically mention about, which is well-known in the art, which Sprague discloses, a plurality of trust data elements, each trust data element having a corresponding assigned value (factors and numbers assigned to each of the factors regarding trust, figure 4A, for a user/device accessing a network, para 133-135), determining a number by adding the corresponding assigned value of each of the plurality of trust data elements obtained in the trust data (aggregating /overall / calculating the corresponding numbers of the factors to obtain a number regarding trust / score, para 127, 128, figure 4A), the number when the number exceeds a threshold (the number /score exceeding the threshold associated with trust, para 90, 38, 131). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Acharya-IBM to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known elements with associated values to known aggregated/ overall trust regarding an entity. A decision on whether the entity is considered trusted or not would be based on whether the aggregated/ overall number regarding trust exceeds a threshold or not. When the aggregated/ overall number meets the threshold, the entity would be considered for access based on trust level. When the trust level is low access is prevented to the secure resources, para 90, 38, 131. 



Conclusion
Amended limitations, a plurality of trust data elements, each trust data element having a corresponding assigned value, determining a number by adding the corresponding assigned value of each of the plurality of trust data elements obtained in the trust data, the number when the number exceeds a threshold, are well-known in the art, for deciding whether an entity can be trusted or not. Please see above rejections. Mere addition of such limitations to the rejections of prior office action would not make the claim subject matter novel. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571) 272-3973.  The examiner can normally be reached on Monday-Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2496