DETAILED ACTION
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2. 5, 8-10, 12-13, 16-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Jagadish et al. (US20160057067A1) in view of Ner et al (US20120281559A1).
Regarding claim 1, Jagadish discloses a method, comprising (Fig 1, Fig 7A and para [0248] show an appliance device 200 is deployed as an intermediary device between a client 102 and a server 106): 
establishing an encrypted tunnel between a virtual private network (VPN) server and a VPN user device (para [0059] shows the appliance 200 provides a secure virtual private network connection from a first network 104 of the client 102 to the second network 104′ of the server 106, such as an SSL VPN connection; para [0104] shows the appliance’s encryption engine 234 uses a tunneling protocol to provide a virtual private network between a client 102 a-102 n and a server 106 a-106 n);
receiving via the encrypted tunnel a request from the VPN user device to establish a connection with a target device (para [0112] shows the appliance 200 comprises one or more virtual servers 106; para [0249] shows the virtual server receives a request from the client 102 to establish a connection with the server 106); 
converting the connection into a first connection between the VPN user device and the VPN server and a second connection between the VPN server and the target device (para [0250] shows the virtual server may determine the client-side MSS value of the first transport layer connection between the client and the virtual server 275; para [0251] shows the virtual server may be configured to determine a server-side MSS value between the device and the server; para [0117] shows the client transmits the packets via VLAN 704 to the appliance 200 based on the first MSS value of 1460 (Fig 7A); the appliance transmits the packets via VLAN 706 to the server 106 based on the second MSS value of 8960 (Fig 7A), e.g. the appliance converts a first connection (first MSS value) into a second connection (second MSS value)), 
wherein communication over the first connection between the VPN user device and the VPN server is carried out via the encrypted tunnel (para [0104] shows the appliance’s encryption engine 234 uses a tunneling protocol to provide a virtual private network between a client 102 a-102 n and a server 106 a-106 n), 
wherein the first connection uses first connection parameters and the second connection uses second connection parameters (para [0117] shows the client transmits the packets via VLAN 704 to the appliance 200 based on the first MSS value of 1460 (Fig 7A); the appliance transmits the packets via VLAN 706 to the server 106 based on the second MSS value of 8960 (Fig 7A), e.g. the appliance converts a first connection (first MSS value) into a second connection (second MSS value)), and 
converting first network packets received from the VPN user device according to the first connection parameters into second network packets according to the second connection parameters; and transmitting the second network packets to the target device (para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

	Jagadish discloses the appliance inspects the content of intercepted requests to identify the parameters (para [0123]) but fails to show:
the request uses initial connection parameters; and
at least one parameter of the first connection parameters or of the second connection parameters is different from a corresponding parameter of the initial connection parameters.
However, Ner discloses:
the request uses initial connection parameters; and at least one parameter of the first connection parameters is different from a corresponding parameter of the initial connection parameters ([Abstract] shows a network device is configured to receive, from a first computing device, a synchronization message including an initial maximum segment size value for a Transmission Control Protocol (TCP) socket connection between the first computing device and a second computing device that uses the wireless access network. When the initial maximum segment size value is larger than the configured maximum segment size value, the network device is configured to replace the initial maximum segment size value with the configured maximum segment size value to create a modified synchronization message, and send the modified synchronization message to the second computing device for establishing the TCP socket connection; Fig 3 and para [0128] show the client is the first computing device; the server is second computing device; the router is network device.)
The appliance 205 that comprises a performance enhancing proxy and router in Jagadish (Fig 1 and para [0054, 0095]) is mapped to the network device 120 that comprises a proxy server and a router in Ner (Fig 3 and para [0023]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Jagadish with the teaching of Ner in order to avoid packet fragmentation since typically, end users do not know the MTU size or the MSS that a network or a network segment in the TCP path can accommodate, and, therefore, the end user's operating system selects a default value. However, the default value may not be supported over the wireless access network (Ner; para [0002]).

Regarding claim 2, Jagadish-Ner as applied to claim 1 discloses the first connection parameters comprises a first maximum segment size (MSS) and the second connection parameters comprises a second MSS that is different from the first MSS (Jagadish; para [0117] shows the client transmits the packets via VLAN 704 to the appliance 200 based on the first MSS value of 1460 (Fig 7A); the appliance transmits the packets via VLAN 706 to the server 106 based on the second MSS value of 8960 (Fig 7A).)

Regarding claim 5, Jagadish-Ner as applied to claim 1 discloses respective payloads of the first network packets are smaller than respective payloads of the second network packets (Jagadish; para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

Regarding claims 8-9 and 13, claims 8-9 and 13 are directed to a virtual private network (VPN) server. Claims 8-9 and 13 require limitations that are similar to those recited in the method claims 1-2 and 5 to carry out the method steps.  And since the references of Jagadish-Ner combined teach the method including limitations required to carry out the method steps, therefore claims 8-9 and 13 would have also been obvious in view of the method disclosed in Jagadish-Ner combined.
Furthermore, Jagadish-Ner as combined discloses a processor (Jagadish; para [0078]).

Regarding claim 10, Jagadish-Ner as applied to claim 8 discloses the at least one parameter of the first connection includes a first maximum segment size (MSS) and the second connection parameters comprises a second MSS. (Jagadish; para [0117] shows the client transmits the packets via VLAN 704 to the appliance 200 based on the first MSS value of 1460 (Fig 7A); the appliance transmits the packets via VLAN 706 to the server 106 based on the second MSS value of 8960 (Fig 7A).)

Regarding claim 12, Jagadish-Ner as applied to claim 8 discloses protocol data units sent over the first connection and the second connection are of a same standard transfer unit size (Jagadish; Fig 7A and para [0271] show the packet engine 548 or the device 200 may maintain the first MSS value in response to determining that the MSS value of the VLAN 706 is equal to the MSS value of the corresponding VLAN interface 10/2.)

Regarding claims 16-17, claims 16-17 are directed to a computer readable medium. Claims 16-17 require limitations that are similar to those recited in the method claims 1-2 to carry out the method steps.  And since the references of Jagadish-Ner combined teach the method including limitations required to carry out the method steps, therefore claims 16-17 would have also been obvious in view of the method disclosed in Jagadish-Ner combined.
Furthermore, Jagadish-Ner as combined discloses a computer readable medium (Jagadish; para [0079]).

Regarding claim 19, Jagadish-Ner as applied to claim 16 discloses packets sent over the first connection and the second connection are of a same standard transfer unit size (Jagadish; Fig 7A and para [0271] show the packet engine 548 or the device 200 may maintain the first MSS value in response to determining that the MSS value of the VLAN 706 is equal to the MSS value of the corresponding VLAN interface 10/2.)

Claims 3-4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jagadish in view of Ner, further in view of Vedula et al (US20120243410A1).
Regarding claims 3, 11 and 18, Jagadish-Ner as applied to claims 2, 10 and 17 discloses converting the connection with the target device into the first connection between the VPN user device and the VPN server and the second connection between the VPN server and the target device comprises (Jagadish; para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server): 
setting the first MSS and the second MSS (Jagadish; para [0117] shows the client transmits the packets via VLAN 704 to the appliance 200 based on the first MSS value of 1460 (Fig 7A); the appliance transmits the packets via VLAN 706 to the server 106 based on the second MSS value of 8960 (Fig 7A), e.g. the appliance converts a first connection (first MSS value) into a second connection (second MSS value)), 
wherein at least one of the first MSS or the second MSS is different from an initial MSS of the initial connection parameters (Ner; [Abstract] shows network device is configured to receive, from a first computing device, a synchronization message including an initial maximum segment size value for a Transmission Control Protocol (TCP) socket connection between the first computing device and a second computing device that uses the wireless access network. When the initial maximum segment size value is larger than the configured maximum segment size value, the network device is configured to replace the initial maximum segment size value with the configured maximum segment size value to create a modified synchronization message, and send the modified synchronization message to the second computing device for establishing the TCP socket connection; Fig 3 and para [0128] show the client is the first computing device; the server is second computing device; the router is network device.)
Jagadish-Ner discloses encapsulation (Jagadish; para [0244]) but fails to teach setting the first MSS and the second MSS to prevent packet fragmentation that is due to VPN-related encapsulation overhead.
However, Vedula discloses setting the first MSS and the second MSS to prevent packet fragmentation that is due to VPN-related encapsulation overhead (para [0007] shows that since the encapsulation overhead is non-trivial and varies with packet size and with the site-specific networking technology, it is important for a “throughput limiter” (e.g., packet scheduler) at each VPN peer (i.e., the VPN router and the VPN gateway) to take into account the actual underlying network protocol overhead in its available bandwidth calculations in order to avoid buffer overflows. Furthermore, the overhead information may be useful in setting the path Maximum Transmission Unit (MTU) and the Transmission Control Protocol (TCP) Maximum Segment Size (MSS) accordingly to avoid packet fragmentation.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Jagadish-Ner with the teaching of Vedula in order to benefit the VPN gateway as it communicates with different VPN routers operating in different types of underlying network infrastructures—including non-dedicated local loop networks such as cable and wireless (Vedula; para [0007]).

Regarding claim 4, Jagadish-Ner-Vedula as applied to claim 3 discloses packets sent over the first connection and the second connection are of a same standard transfer unit size (Jagadish; Fig 7A and para [0271] show the packet engine 548 or the device 200 may maintain the first MSS value in response to determining that the MSS value of the VLAN 706 is equal to the MSS value of the corresponding VLAN interface 10/2.)

Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Jagadish in view of Ner, further in view of Nathan et al (US20150350160A1).
Regarding claims 6 and 14, Jagadish-Ner as applied to claims 1 and 8 fails to teach setting the second connection parameters based on a distance between the VPN server and the target device.
However, Nathan discloses setting the second connection parameters based on a distance between the VPN server and the target device (para [0059] shows a virtual private networking tunneling analysis was performed using raw networking data including MSS data and round trip time (RTT) data for client-server connections, results were obtained showing, for each of several MSS values, connection made via VPN tunnel from a location near to the proxy server).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Jagadish-Ner with the teaching of Nathan in order to identify connection made via VPN tunnel from a location near to the proxy server (Nathan; para [0059]).

Claims 7, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jagadish in view of Ner, further in view of Tweedly et al (US7136377B1).
Regarding claims 7 and 15, Jagadish-Ner as applied to claims 1 and 8 fails to teach the first network packets include VPN encapsulation headers that are not included in the second network packets.
However, Tweedly discloses the first network packets include encapsulation headers that are not included in the second network packets ([col 4 lines 39-41] shows a tunnel packet encapsulates one or more tunneled datagrams in a network-deliverable format; [col 10 lines 35-50] shows if the header type is FH (Full Header), the header contains full RTP/UDP/IP headers, and the contents of the switching context may be reset. If the header type is not FH, the context represented in the header should already exist when the packet arrives. The source IP address and context ID are used at block 188 to match the header to an existing context.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Jagadish-Ner with the teaching of Tweedly in order to relieve the switch of having to determine when an incoming context identifier (CID) is no longer in use since the re-use must start with a full header, the full header reinitializes the context to its current stream (Tweedly; [col 10 lines 39-42]).

Regarding claim 20, Jagadish-Ner as applied to claim 16 discloses respective payloads of the first network packets are smaller than respective payloads of the second network packets (Jagadish; para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)
Jagadish-Ner fails to teach the first network packets include VPN encapsulation headers that are not included in the second network packets.
However, Tweedly discloses the first network packets include encapsulation headers that are not included in the second network packets ([col 4 lines 39-41] shows a tunnel packet encapsulates one or more tunneled datagrams in a network-deliverable format; [col 10 lines 35-50] shows if the header type is FH (Full Header), the header contains full RTP/UDP/IP headers, and the contents of the switching context may be reset. If the header type is not FH, the context represented in the header should already exist when the packet arrives. The source IP address and context ID are used at block 188 to match the header to an existing context.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Jagadish-Ner with the teaching of Tweedly in order to relieve the switch of having to determine when an incoming context identifier (CID) is no longer in use since the re-use must start with a full header, the full header reinitializes the context to its current stream (Tweedly; [col 10 lines 39-42]).
Citation of Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Backman (US20080107026A1) discloses in para [0001-0005] the client sending information to the host what maximum segment size MSS the client can handle; the host sending a response to the client what maximum segment size MSS the host can handle.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TAN DOAN/Primary Examiner, Art Unit 2442