Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are presented for examination. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Xie et al hereafter Xie (US pat. App. Pub. 20130083799) and in view of Kaminsky et al hereafter Kaminsky (US pat. App. Pub. 20100061253).  
4.	As per claims 1, and 11, Xie discloses a system, and a method for controlling network access, the system including a terminal, the terminal comprising: a communication circuitry; a processor operatively connected with the communication circuitry; and a memory operatively connected with the processor and storing a target application and an access control application, wherein the memory stores instructions that when executed by the processor (paragraphs: 29, 31, 50, 71; wherein it emphasizes a system comprises with a target application and an access control application), cause the terminal to: request network access of the target application to a server and receive tunnel information and authentication information, by means of the access control application; insert the authentication information into a transmission control protocol (TCP) packet and transmit the TCP packet to a gateway through a tunnel generated, by means of the access control application; and transmit a data packet, when a TCP session is established (paragraphs: 7-11, 20-21, 58, and 63). Although, Xie discusses about the transmission channel information. He does not specifically discuss a tunnel generated by the tunnel information. However, in the same field of endeavor, Kaminsky discloses a gateway through a tunnel generated by the tunnel information (paragraphs: 19, 22, and 26).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Kaminsky’s teachings of a gateway through a tunnel generated by the tunnel information with the teachings of Xie, for the purpose of effectively transmits the TCP packet through the appropriate tunnel.  
5.	As per claims 2, and 12, Xie discloses the system, and method wherein the instructions cause the terminal to: insert the authentication information into the TCP packet and transmit the TCP packet to the gateway, when requesting to release the TCP session; and delete the authentication information (paragraphs: 20, 152).  
6.	As per claim 3, and 13, Xie discloses the system, and method wherein the authenticationSerial No. Pending Preliminary Amendment Page 4 information is header information of data flow (paragraphs: 15, 71).  
7.	As per claim 4, and 14, Xie discloses the system, and method wherein the instructions cause the terminal to: insert the header information into a payload of the TCP packet (paragraphs: 85, 179).  
8.	As per claim 5, and 15, Xie discloses the system, and method wherein the instructions cause the terminal to: insert the header information into an IP header of the TCP packet (paragraphs: 11, 63).  
9.	As per claims 6, and 16, Xie discloses a system and a method for controlling network access, the system include a gateway, the gateway comprising: a communication circuitry; and a processor configured to control the communication circuitry to receive tunnel information and authentication information from a server (paragraphs: 29, 31, 50, 71) and receive a TCP packet from a terminal through a tunnel, authenticate the TCP packet based on the authentication information, and determine whether to generate a TCP session based on the authenticated result (paragraphs: 7-11, 20-21, 58, and 63). Although, Xie discusses about the transmission channel information. He does not specifically discuss a tunnel corresponding to the tunnel information. However, in the same field of endeavor, Kaminsky discloses a tunnel corresponding to the tunnel information (paragraphs: 19, 22, and 26).  
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Kaminsky’s teachings of a gateway through a tunnel generated by the tunnel information with the teachings of Xie, for the purpose of effectively transmits the TCP packet through the appropriate tunnel.  
10.	As per claim 7, Xie discloses the system, wherein the processor drops the TCP packet, when the authenticated result fails, and transmits the TCP packet to a destination node, when the authenticated result succeeds (paragraphs: 60, 168).  
11.	As per claim 8, Xie discloses the system, wherein the processor deletes authenticationSerial No. Pending Preliminary Amendment Page 5 information received from the server, when the authenticated result succeeds (paragraphs: 86, 184).  
12.	As per claim 9, Xie discloses the system, wherein the processor compares the authentication information received from the server with authentication information inserted into the TCP packet received from the terminal to determine whether to perform authentication (paragraphs: 62, 150).  
13.	As per claim 10, Xie discloses the system, wherein the authentication information is header information of data flow (paragraphs: 181, 189).   
14.	As per claim 17, Xie discloses the method, wherein the determining of whether to generate the TCP session includes: dropping the TCP packet, when the authenticated result fails; and transmitting the TCP packet to a destination node, when the authenticated result succeeds (paragraphs: 152, 192).  
15.	As per claim 18, Xie discloses the method comprising: deleting the authentication information received from the server, when the authenticated result succeeds (paragraphs: 20, 71).  
16.	As per claim 19, Xie discloses the method, wherein the authenticating of the TCP packet includes: comparing the authentication information received from the server with authentication information inserted into the TCP packet received from the terminal; determining that authentication succeeds, when identical to each other; and determining that authentication fails, when not identical to each other (paragraphs: 85, 191).  
17.	As per claim 20, Xie discloses the method, wherein the authentication information is header information of data flow (paragraphs: 11, 152).
Citation of References
18. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: 
Suhonen et al (US pat. app. Pub. 20050060328): discusses a virtual private network (VPN) gateway server 10 providing rules for wireless access over a secure tunnel connection to a corporate network 20. The corporate network 20 is protected by firewall functionality, with different access configurations for different remote users. The VPN gateway server 10 includes a user database 15 which provides rules specific for each user for the access to the corporate network 20 using the secure tunnel. The rules include specific sets of TCP ports associated with respective specific users. The gateway server 10 limits an authenticated user's access to the corporate network 20, which access is performed by means of the tunnel connection provided by the gateway server 10, to the associated allowed TCP server ports.  
Zheng (US pat. App. Pub. 20170041229): elaborates that communication between an OpenFlow device and an IP network device. According to the embodiments of the present disclosure, an OpenFlow control message is used to carry payload information, a field value that is in a packet header and that is used to determine a protocol type, and identification information of the IP network device that are in a TCP/IP data packet of an IP network control plane protocol message in order to encapsulate the IP network control plane protocol message into the OpenFlow control message for transmission between an OFS and an OFC, such that communication between the OpenFlow device and the IP network device can be implemented, the OFC does not need to process a TCP/IP protocol stack twice, and extra overheads of the OFC are avoided.  

Conclusion
19.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590.  The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436