Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to the amendment filed 05/18/2022. 
In the instant amendment, claims 1, 10 and 20 were amended; claims 1, 10 and 20 are independent claims. Claims 1-20 are pending in this application. THIS ACTION IS MADE FINAL. 

Response to Arguments
Applicant’s arguments filed 05/18/2022 have been fully considered but they are not persuasive. 
Applicant argues (on page 8) that Saxena does not disclose “receiving, by an access controller, access rules for a networking device.” 
In response, the Examiner respectfully disagrees with the applicant. Under a broadest reasonable interpretation (BRI), words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification. The plain meaning of a term means the ordinary and customary meaning given to the term by those of ordinary skill in the art at the time of invention. Here the limitation ends with a comma then the next line starts a new amended limitation where new prior art was applied. “Although the specifications may well indicate that certain embodiments are preferred, particular embodiments appearing in a specification will not be read into the claims when the claim language is broader than such embodiments.” (Electro Med. Sys. S.A. v. Cooper Life Sciences Inc., 34 F. 3d 1048, 1054 (Fed. Cir. 1994)). Thus Saxena discloses receiving, by an access controller, access rules for a networking device (See Saxena, 56, FIG 2, Col. 5, Line 34, Col. 10, Lines 1-22; FIG 3; Col. 4, Lines 7-27; Col. 10, Lines 1-22). 
Applicant’s arguments with respect to claim(s) 1, 10 and 20 with regard to the amended claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3, 6, 8-10, 12-14, 16-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295) in view of Seiver et al (“Seiver,” US 20160191532) and further in view of Petronic et al (“Petronic,” US 20160150043). 

Regarding claim 1, Saxena discloses a method comprising: 
Saxena discloses receiving, by an access controller, access rules for a networking device; (Saxena, 56, FIG 2, Col. 5, Line 34, Col. 10, Lines 1-22 describes receiving by an access controller, NAT rules for a networking device; FIG 3 shows network addresses for source and destination addresses of where the packet will go; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe establishing tunnels identified by rules). 
creating, by the access controller, a routing table; (Saxena, Col. 9, Lines 62-67; Col. 10, Lines 1-22, Col. 16, Lines 6-16 describes creating by the controller, a table that is used for routing. [Because creating of a routing table exists already. It must have been created previously])
adding, by the access controller to the routing table, a source-based routing rule for the networking device; (Saxena, Col. 6, Lines 17-41; Col. 10, Lines 1-22; Col. 15, Lines 5-22; Col. 16, Lines 6-16 describes adding by the access controller to the table that performs routing, a source based routing rule for the networking device)
and establishing networking tunnels identified by the received access rules, (Saxena, Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe establishing tunnels identified by rules)
Saxena further discloses based on the received access rules (Saxena, 56, FIG 2, Col. 5, Line 34, Col. 10, Lines 1-22 describes receiving by an access controller, NAT rules for a networking device; FIG 3 shows network addresses for source and destination addresses of where the packet will go; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe establishing tunnels identified by rules)
Saxena fails to explicitly disclose wherein the access rules comprise an identification of a communication device and access information on how to connect to network segments. 
However, in an analogous art, Seiver discloses wherein the access rules comprise an identification of a communication device (Seiver, [0032], [0091], [0022] describes wherein the access rules comprise an identification of a network device that performs communications [communication device]). 
and access information on how to connect to network segments, (Seiver, [0023], [0070], [0040] & [0065] describe and access information on how to connect to network segments where the access information can include firewall information, a level of access, access privileges and access records)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Petronic with the method and system of Saxena to include wherein the access rules comprise an identification of a communication device and access information on how to connect to network segments. One would have been motivated to obtain information describing network traffic between a plurality of network devices within a network (Seiver, [0004]). 
Saxena and Seiver fail to explicitly disclose creating, a virtual network device with a virtual networking interface for the networking device. 
However, in an analogous art, Petronic discloses creating, a virtual network device with a virtual networking interface for the networking device; (Petronic, [0035] & [0043], when proxy server 244 creates a virtual interface for an end-user device 132, it stores an indicator in memory for the virtual interface so the virtual interface can be recalled for later use, for example it can be configured to create a virtual interface memory entry (e.g. a table entry) for the virtual interface that is indexed or keyed (or otherwise searchable) using the IP address of the end-user device 132. All communications towards one or more origin servers initiated by the proxy server on behalf of an end user device using the source IP address transparency pass through the virtual interface corresponding to that end-user device [where access rules define where the network packet traffic goes using a network address])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Petronic with the method and system of Saxena and Seiver to include creating, a virtual network device with a virtual networking interface for the networking device. One would have been motivated to implement source address transparency for network communications and to forward the communications towards one or more origin servers initiated by the proxy server on behalf of the end user device using the source IP address as defined by the access rules of Saxena, (See Petronic [0001], [0035] & [0043]). 


Regarding claim 2, Saxena, Seiver and Petronic disclose the method of claim 1. 
Saxena further discloses wherein establishing the networking tunnels comprises creating a first networking tunnel with a first gateway to provide a dedicated network route between the networking device and a first network segment accessed via the first gateway, (Saxena, Col. 2, Lines 56-67; Col. 3, Lines 1-5; Col. 5, Lines 16-31 describe a first gateway; Col. 8, Lines 60-67; Col. 9, Lines 1-3 describe routing from the networking device to a first network segment accessed by the first gateway as described in Col. 4, Lines 61-67; Col. 5, Lines 1-6).

Regarding claim 3, Saxena, Seiver and Petronic disclose the method of claim 2. 
Saxena further discloses wherein establishing the networking tunnels further comprises creating a second networking tunnel with a second gateway to provide a dedicated network route between the networking device and a second network segment accessed via the second gateway (Saxena, Col. 4, Lines 9-10 & 61-63 describe establishing different networking tunnels; Col. 5, Lines 16-31 and  41-51 describe using multiple gateways; Col. 8, Lines 55-59 describe a dedicated network route between the networking device and the second network segments accessed by the second gateway). 

Regarding claim 6, Saxena, Seiver and Petronic disclose the method of claim 2. 
Saxena further discloses further comprising, after establishing the first networking tunnel, adding a destination-based route in the routing table to route networking packets received on the networking interface with a network address within the first networking segment to the first networking tunnel, (Saxena, Col. 6, Lines 17-41, Col. 2, Lines 15-28; Col. 4, Lines 61-67; Col. 5, Lines 1-6 describes after establishing the first networking tunnel adding a destination based route using a destination address in the routing table to route networking packets received on the networking interface with a network address within the first networking segment to the first networking tunnel)
Petronic further discloses a virtual networking interface (Petronic, 334, FIG 4 describes creating and using a virtual networking interface)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Petronic with the method and system of Saxena and Seiver to include a virtual networking interface. One would have been motivated to implement source address transparency for network communications (Petronic, [0001]). 

Regarding claim 8, Saxena, Seiver and Petronic disclose the method of claim 1. 
Saxena further discloses further comprising, in response to receiving a network packet by the access controller, checking a source address of the packet to select a set of networking tunnels to which the packet is forwarded, (Saxena, Col. 6, Lines 17-41 & Col. 2, Lines 15-28 describes receiving a network packet by the controller and checking a source network address of the packet to select a set of networking tunnels to which the packet is forwarded)



Regarding claim 9, Saxena, Seiver and Petronic disclose the method of claim 8. 
Saxena further discloses further comprising performing destination-based routing to forward the packet to a first network tunnel of the selected set of networking tunnels, (Saxena, Col. 6, Lines 17-41 & Col. 2, Lines 15-28 describes receiving a network packet by the controller and checking a destination network address of the packet to forward the packet to the first network tunnel of the selected set of networking tunnels)

Regarding claim 10, claim 10 is directed to a system. Claim 10 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Regarding claim 20, claim 20 is directed to at least one non-transitory computer readable storage medium. Claim 20 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295), in view of Seiver et al (“Seiver,” US 20160191532), Petronic et al (“Petronic,” US 20160150043 as disclosed on the IDS filed on 07/08/2021) and further in view of Ringdahl et al (“Ringdahl,” US 20150058967). 

Regarding claim 4, Saxena, Seiver and Petronic disclose the method of claim 2. 
Saxena,  Seiver and Petronic fail disclose wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules.
However, in an analogous art, Ringdahl discloses wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules, (Ringdahl, 1150, 1154, 1155, FIG 1, [0012], [0026] & [0030]; FIG’s 3 & 4 and [0033]-[0038] disclose wherein the access policies comprise firewall rules for the first gateway, the method further comprising sending by the access controller, the access rules to the first gateway and wherein the first gateway uses the access rules to apply the firewall rules). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ringdahl with the method and system of Saxena, Seiver and Petronic to include wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules. One would have been motivated to control access to the gateway node from a public access network and to the remote server providing the virtual computing services (Ringdahl, [0037]). 




Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295), in view of Seiver et al (“Seiver,” US 20160191532) and Petronic et al (“Petronic,” US 20160150043 as disclosed on the IDS filed 07/08/2021) and further in view of Alexander et al (“Alexander,” US 20180062879). 

Regarding claim 5, Saxena, Seiver and Petronic disclose the method of claim 2. 
Saxena, Seiver and Petronic fail to explicitly disclose wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; and announce the networking device within the first network segment. 
However, in an analogous art, Alexander discloses wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; (Alexander, [0026] & [0035] describe wherein the first gateway is configured to create a networking interface for communication between devices in the network segment and the network device)
and announce the networking device within the first network segment (Alexander, [0026] & [0035] describe all)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Alexander with the method and system of Saxena, Seiver and Petronic to include wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; and announce the networking device within the first network segment. One would have been motivated to increasing fixed network access capacity, such as increasing network access capacity available within a wireless mesh network by adding auxiliary gateway devices within a network supporting automatically segmenting and merging routing domains (Alexander, [0001]).  

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295), in view of Seiver et al (“Seiver,” US 20160191532) and Petronic et al (“Petronic,” US 20160150043 as disclosed on the IDS filed 07/08/2021) view Smith et al (“Smith,” US 20050243826) and further in view of Glazemakers et al (“Glazemakers,” US 20170111310). 

Regarding claim 7, Saxena, Seiver and Petronic disclose the method of claim 2. 
Petronic further discloses disclose wherein: the networking device is a first networking device; (Petronic, [0038]-[0039] & [0051] describes the networking device is the first networking device)
the access controller forwards a received packet to the virtual networking interface by looking up a source address in the routing table; (Petronic, [0038]-[0039] & [0051] describes when the traffic flow is detected, the proxy server determines the source IP address for the flow and searches the virtual interface table using that source IP address and if the virtual interface already exists, the proxy server uses that existing virtual interface to exchange data over the Internet; and the proxy server 460 receives this communication and the virtual interface sends this communication to the designated web server)
Saxena, Seiver and Petronic fail to explicitly disclose within the virtual network device, the packet is encapsulated. 
However, in an analogous art, Smith discloses within the virtual network device, the packet is encapsulated (Smith, [0061]-[0062] describes within the virtual network device the packet is encapsulated)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the method and system of Saxena, Seiver and Petronic to include within the virtual network device, the packet is encapsulated. One would have been motivated to add information to a packet before it travels to its destination (Smith, [0061]-[0062]).  
Saxena, Seiver, Petronic and Smith fail to explicitly disclose and the packet is forwarded over the first networking tunnel to the first gateway, thereby causing the first gateway to forward the packet to a second networking device in the first network segment, 
However, in an analogous art, Glazemakers discloses and the packet is forwarded over the first networking tunnel to the first gateway, thereby causing the first gateway to forward the packet to a second networking device in the first network segment, (Glazemakers, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes forwarding the packet over the first networking tunnel to the first gateway then causing the first gateway to forward the packet to the second networking device in the first segment which is described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Saxena, Seiver, Petronic and Smith to include within the virtual network device, the packet is encapsulated. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 

Claims 11-14, 16-18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295), in view of Seiver et al (“Seiver,” US 20160191532) and Petronic et al (“Petronic,” US 20160150043) and further in view of Glazemakers et al (“Glazemakers,” US 20170111310). 

Regarding claim 11, Saxena, Seiver and Petronic disclose the system of claim 10. 
and wherein the instructions are further configured to instruct the at least one processor to:  receive, by the virtual networking interface from the first gateway, a packet sent by a second networking device in the network segment; (Petronic, [0010] & [0042], the proxy server uses defined routing tables which may be multicast from an IP Gateway, for example) to route communications to the web server using the virtual IP address as the source address; all outgoing requests are forwarded by the virtual interface using the virtual IP address, these requests may be routed using the kernel level routing tables of the proxy server, which are provided by the IP gateway and the response from the web server operates a similar fashion in which the returning connection goes back to the proxy server and particularly to the virtual interface associated with the virtual IP address)
and in response to receiving the packet by the virtual networking interface, forward the packet to the first networking device,  (Petronic, [0010] & [0042], the proxy server uses defined routing tables which may be multicast from an IP Gateway, for example) to route communications to the web server using the virtual IP address as the source address; all outgoing requests are forwarded by the virtual interface using the virtual IP address, these requests may be routed using the kernel level routing tables of the proxy server, which are provided by the IP gateway and the response from the web server operates a similar fashion in which the returning connection goes back to the proxy server and particularly to the virtual interface associated with the virtual IP address)
Saxena, Seiver and Petronic fail to explicitly disclose wherein establishing the networking tunnel comprises creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. 
However, in an analogous art, Glazemakers discloses wherein establishing the networking tunnel comprises creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway, (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes establishing the networking tunnel by creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and network segment accessible via the first gateway described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Saxena, Seiver and Petronic to include wherein establishing the networking tunnel comprises creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 

Regarding claim 12, Saxena, Seiver and Petronic disclose the system of claim 10. 
Saxena, Seiver and Petronic fail to explicitly disclose wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; determine, based on the request, the network address for the first networking device; and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device.
However, in an analogous art, Glazemakers discloses wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; (Glazemakers, [0041], processor; FIG 2 and associated text in paragraphs [0042]-[0067] describes receiving by an authentication server from the first networking device, a request for a network address for the first networking device)
determine, based on the request, the network address for the first networking device; (Glazemakers, FIG 2 and associated text in paragraphs [0042]-[0067] describe determine based on the request the network address for the first networking device)
and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device, (Glazemakers, FIG 2 and associated text in paragraphs [0042]-[0067] describe forwarding to the first networking device in reply to the request, the network address for the first networking device, and the network address of the controller, wherein the access controller is to serve as the default gateway for the first networking device). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Petronic with the method and system of Saxena and Seiver to include wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; determine, based on the request, the network address for the first networking device; and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]).

Regarding claim 13, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 12. 
Saxena further discloses wherein the instructions are further configured to instruct the at least one processor to determine, by the authentication service, the access rules for the first networking device, and wherein the access rules comprise the network address for the first networking device, (Saxena, Figures 1-2, Col. 5, Lines 34; Col. 10, Lines 1-22; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describes determining by the server that performs authentication the NAT rules for the first networking device and wherein the NAT rules comprise the network address for the first networking device)

Regarding claim 14, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 13. 
Saxena further discloses wherein the access rules further comprise a network address of a remote gateway, (Saxena, Figures 1-2, Col. 5, Lines 34; Col. 10, Lines 1-22; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe wherein the NAT rules [access rules] comprise a network address of a gateway which is remote)
Regarding claim 16, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 13. 
Saxena further discloses wherein the access controller is configured to receive the access rules from the authentication service, (Saxena, FIG 2, Col. 5, Lines 34; Col. 10, Lines 1-22; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe wherein the NAT rules [access rules] comprise a network address of a gateway which is remote)

Regarding claim 17, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 16. 
Saxena further discloses wherein the access controller is configured to establish the network tunnel in response to receiving the access rules from the authentication service, (Saxena, FIG 2, Col. 5, Lines 34; Col. 10, Lines 1-22; Col. 4, Lines 7-27; Col. 10, Lines 1-22 describe wherein the access controller is configured to establish the network tunnel in response to receiving the NAT rules [access rules] from the server that performs authentication)

Regarding claim 18, Saxena, Seiver and Petronic disclose the system of claim 10. 
Saxena, Seiver and Petronic fail to explicitly disclose wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate.
However, in an analogous art, Glazemakers discloses wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes a networking tunnel is created with a first gateway and the network segment is accessible via the first gateway and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Saxena, Seiver and Petronic to include wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]).

Regarding claim 19, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 18. 
Saxena further discloses wherein each of the access rules comprises at least one respective condition that needs to be fulfilled in order for the first networking device to have access to the identified networking devices (Saxena, Col. 13, Lines 64-67; Col. 14, Lines 1-5; Col. 5, Lines 41-51 describe wherein each of the rules comprises at least one condition that needs to be fulfilled such as a time constraint for the first networking device to have access to the identified networking devices).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena et al (“Saxena,” US 8,498,295), in view of Seiver et al (“Seiver,” US 20160191532), Petronic et al (“Petronic,” US 20160150043 as disclosed on the IDS filed on 07/08/2021) in view of Glazemakers et al (“Glazemakers,” US 20170111310) and further in view of Jung et al (“Jung,” US 20150288658). 

Regarding claim 15, Saxena, Seiver, Petronic and Glazemakers disclose the system of claim 13. 
Saxena, Seiver, Petronic and Glazemakers fail to explicitly disclose wherein the access rules further comprise authentication information for setting up the networking tunnel.
However, in an analogous art, Jung discloses wherein the access rules further comprise authentication information for setting up the networking tunnel (Jung, [0008] & [0009] describes wherein the access policies further comprise authentication information for setting up and creating a network tunnel). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jung with the method and system of Saxena, Petronic and Glazemakers to include wherein the access rules further comprise authentication information for setting up the networking tunnel. One would have been motivated to control access to wireless security to all layers in the wireless network sections (Jung, [0007]). 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439