Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is responsive to claims filed on October 2, 2020. Claims 1-20 are pending and presented for examination.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6-9 and 11-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hayes, US PGPub. No. 20210314260.
As per claim 1, Hayes teaches a method comprising: 
receiving, by a computing device, a message from a client device, the message including a connection request to establish the connection and authentication information (Fig. 10, Paragraph(s) [0014], [0068], [0111],[0135]; network client 16A “client device” sending a resource request 20 “message” to the trust router 12 “computing device”. Hayes further discloses that the resource request 20 on Fig. 4 includes an authentication object/key 22 (Paragraph(s) [0014], [0129]); 
extracting, by the computing device, the authentication information and the connection request from the message (Fig. 4, Paragraph(s) [0129]; a trust router 12 “computing device” extracting an authentication object 22 “authentication information” from the resource request 20 “message”. Hayes further discloses in Paragraph [0068] the receiving device, upon receiving the connection request, extracts the authorization key then processes the authorization key to determine if the TCP connection request is authorized); 
authenticating, by the computing device, a user of the client device based on the authentication information (Fig. 5, Paragraph(s) [0130]; a trust router 12 authenticating the authentication object 22); 
transmitting, by the computing device subsequent to authenticating the user, the connection request to a server device (Fig. 11, Paragraph(s) [0028], [0134], [0136]; the trust router  then sends the resource request 20 to the network resource “server device”); and
facilitating, by the computing device subsequent to the transmission of the connection request to the server device, establishment of the connection between the client device and the server device (Paragraph(s) [0016], [0143], [0202]).
As per claim 2, Hayes teaches the method of claim 1, wherein: the connection request is a handshake request, with the authentication information included in a control block that is appended to the handshake request (Paragraph(s) [0014], [0068]; routing the network request to its intended destination using a combination of traditional routing approaches that are influenced by identity information included with the network request that is authenticated. 
As per claims 3 and 16, Hayes teaches wherein the computing device is a gateway, and wherein the method comprises: 
exchanging, subsequent to establishment of the connection, data between the client device and the server device via the gateway over the connection, such that the gateway acts as a proxy in the connection between the client device and the server device (Paragraph(s) [0068]).
As per claim 4 , Hayes teaches the method of claim 1, wherein facilitating establishment of the connection comprises: 
subsequent to transmitting the connection request to the server device, receiving, by the computing device, a connection response from the server device and transmitting, by the computing device, the connection response to the client device (Paragraph(s) [0064], [0068], [0104]).
As per claim 6, Hayes teaches the method of claim 1, wherein facilitating establishment of the connection comprises: facilitating communication capability negotiation between the client device and the server device (Paragraph(s) [0061]).
As per claims 7 and 17, Hayes teaches wherein the connection request comprises one or more of: 
a request body specifying that the connection request is a handshake request, a field storing a value specifying one or more version numbers of a transport protocol supported by the client device, a field storing a value specifying a socket type of the client device, a field storing a value specifying an initial packet sequence, a field storing a value specifying a maximum packet size supported by the client device, a field storing a value specifying a maximum flow window size supported by the client device, a field storing a value specifying a connection type supported by the client device, a field storing a value specifying a socket in the client device, and a field storing a value specifying a cookie, and a field storing a value specifying an Internet Protocol (IP) address of a socket in the client device (Paragraph(s) [0065], [0067]).
As per claim 8, Hayes teaches the method of claim 1, wherein authenticating the client device comprises: 
transmitting, by the computing device, an authentication request including the authentication information to an authentication device, wherein the authentication device authenticates a user of the client device based on the authentication information (Paragraph(s) [0014-0015], [0080]); and 
receiving, by the computing device and from the authentication device, an authentication response confirming the authentication (Paragraph(s) [0064], [0080], [0084]).
As per claim 9, Hayes teaches the method of claim 1, wherein a virtualization agent being executed within the server device and a virtualization client application being executed within the client device is to communicate over the established connection, to maintain a virtual workspace within the client device (Paragraph(s) [0093], [0123], [0145], [0211]).
As per claim 11, Hayes teaches the method of claim 1, wherein the connection is based on a transport protocol comprising User Datagram Protocol-based Data Transfer Protocol (Paragraph(s) [0139]).
As per claim 12, Hayes teaches the method of claim 1, wherein the connection is based on Enlightened Data Transport protocol (Paragraph(s) [0139]).
As per claim 13, Hayes teaches a computer system comprising: 
a client device (Fig. 11 – element 16A, Paragraph(s) [0093], [0101]) comprising: 
a network interface (Fig. 11 – element 16A, Paragraph(s) [0093]); 
a memory to store instructions (Paragraph(s) [0093]); and 
one or more processors coupled to the memory and the network interface (Paragraph(s) [0093]), the one or more processors configured to 
generate a handshake message (Paragraph(s) [0014], [0068]) that comprises (i) a handshake request to establish a connection (Fig. 1, Paragraph(s) [0019], [0061], [0068], [0103]; a network client desiring to send a network request to a network resource to establish a TCP session), and (ii) a control block appended to the handshake request, the control block including an authentication token (Paragraph(s) [0068]; the initiator generates an authorization key “authorization token” and sends a TCP connection request, inserting an authorization key in the SEQ and ACK fields, to the desired network connected device), and cause transmission of the handshake message, including the handshake request and the control block, to a gateway device (Fig. 10, Paragraph(s) [0014], [0068], [0111], [0135]; network client 16A “client device” sending a resource request 20 to the trust router 12 “gateway device”. It is noted that Hayes discloses that the resource request 20 on Fig. 4 includes an authentication object/key 22 (Paragraph(s) [0014], [0129]).
As per claim 14, Hayes teaches the computer system of claim 13, further comprising: 
the gateway device comprising another network interface, another memory, and another one or more processors coupled to the other network interface and the other memory (Paragraph(s) [0145], [0211]), wherein the other one or more processors of the gateway device are configured to receive the handshake message from the client device (Paragraph(s) [0014], [0068], [0135]), cause transmission of the authentication token from the handshake message to an authentication device (Paragraph(s) [0028], [0134], [0136]), receive a response from the authentication device authenticating a user of the client device (Paragraph(s) [0130]), cause transmission of the handshake request from the handshake message to a server device (Paragraph(s) [0028], [0134], [0136]), receive a handshake response from the server device (Paragraph(s) [0064]), and cause transmission of the handshake response to the client device (Paragraph(s) [0104]).
As per claims 15 and 20, Hayes teaches wherein the other one or more processors of the gateway device are configured to: 
establish, subsequent to transmission of the handshake response to the client device, a proxy channel between the client device and the server device for communication between the client device and the server device (Fig. 11, Paragraph(s) [0068]).
As per claim 18, Hayes teaches a non-transitory computer readable medium storing processor executable instructions (Paragraph(s) [0093])  to establish a communication channel between a first device and a second device (Fig. 1, Paragraph(s) [0126]; a network client 16 “first device” and a network resource 18 “second device”), the instructions comprising instructions to: 
receive, from the first device, a control packet comprising (i) a first section including one or more parameters of the first device for establishing the communication channel, and (ii) a second section including an authentication token (Fig. 10, Paragraph(s) [0014], [0111], [0135]; network client 16A “first device” sending a resource request 20 “control packet” to the trust router 12. In further details, Hayes discloses in Paragraph [0068] the initiator generates an authorization key “authorization token” and sends a TCP connection request, inserting an authorization key in the SEQ and ACK fields, to the desired network connected device. Additionally, Fig. 4 shows trust router 12 extracting an authentication object/key 22 “second section - authentication token” from the resource request 20 received from the network client 16); 
cause transmission of the authentication token to an authentication device (Fig. 38, Paragraph(s) [0015], [0061], [0135], [0192]); 
receive a response from the authentication device confirming an authentication (Paragraph(s) [0064], [0202]); and 
cause transmission of the one or more parameters of the first device to the second device (Paragraph(s) [0028], [0134], [0136]; the trust router  then sends the resource request 20 to the network resource “second device”).
As per claim 19, Hayes teaches the non-transitory computer readable medium of claim 18, wherein the control packet is a first control packet (Paragraph(s) [0014]; the authentication occurs on the first packet of a network session of flow), and wherein the instructions further comprise instructions to: 
receive a second control packet from the second device, in response to transmission of the configuration parameters to the second device and cause transmission of the second control packet to the first device (Paragraph(s) [0014], [0068], [0111]).

Allowable Subject Matter	
Claims 5 and 10 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. An explanation of the distinct features cited on said claims will be provided once the instant application is due for issue.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please refer to form PTO-892 (Notice of Reference Cited) for a list of relevant prior art.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED A WASEL whose telephone number is (571) 272-2669.  The examiner can normally be reached Mon-Fri (8:00 am – 4:30 pm).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on (571)272-3949.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free)? If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MOHAMED A. WASEL/Primary Examiner, Art Unit 2454