Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
This is the initial office action has been issued in response to patent application, 17/075394, filed on 20 October 2020.  Claims 1-20, as originally filed, are currently pending and have been considered below.  


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1, 10, 11, 14, and 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Moineau et al. (US2004/0215957 A1, publish date 10/28/2004).

Claim 1:
With respect to claim 1, Moineau et al. discloses a method (an apparatus for secure communication between at least one user client station via at least one port device and a network, Figures 1 and 3), comprising: 
receiving, by a router computing device (router 12, Figure 1), an indication of an association (mobile sends associate, Figure 3, 30) between a client computing device (two mobile units 22 and 24, Figure 1) and virtual private network (VPN) configuration data for a VPN (VPN server 14, Figure 1), the indication comprising an identifier of the client computing device and the VPN configuration data (the mobile unit must open a PPTP connection with the VPN server 14, 0046) (attribution of an IP address, Figure 3, 31);
binding, by the router computing device, a VPN client session instantiated by the router computing device to a network interface (new VPN connection will be used to authenticate the user of the mobile unit 22 and encrypt further wireless communication, 0046) (creation of a VPN, Figure 3, 32); 
implementing, by the router computing device, a firewall rule to route network traffic to and from the client computing device via the network interface (Once the new VPN connection is created, policies related to this particular user are loaded into the firewall system 10 by the VPN server 14, 0046) (Rule application, Figure 3, 33); 
establishing, by the router computing device, a connection with the VPN using the VPN client session and the VPN configuration data (Once the new VPN connection is created, policies related to this particular user are loaded into the firewall system 10 by the VPN server 14, 0046) (data transmission under VPN, Figure 3, 34)
receiving, by the router computing device, network traffic for the client computing device; and routing, by the router computing device, the network traffic via the network interface (this exchange of information is done safely for the user and the wireless local access network as a VPN is created between the WLAN port 20 and the mobile unit 22, All information sent by the mobile unit 22 is collected by the WLAN port 20 and is sent to the VPN server 14 via the firewall system 10 and the router 12, 0044) (data transmission under VPN, Figure 3, 34).

Claims 10, 14:
With respect to claims 10, 14, Moineau et al. discloses wherein: the network traffic comprises outbound network traffic from the client computing device and inbound network traffic from the VPN directed to the client computing device; and routing the network traffic via the network interface comprises: routing the outbound network traffic to the VPN; and routing the inbound network traffic to the client computing device (The incoming traffic from the firewall system 10 and the VPN server 14 is routed according to these policies, 0033) (all the outgoing traffic of the VPN server 14, 0042).


Claim 11:
With respect to claim 11, Moineau et al. discloses a router computing device (an apparatus for secure communication between at least one user client station via at least one port device and a network, router 12, Figures 1 and 3), comprising: 
a system memory; and a processor device communicatively coupled to the system memory (Figures 1 and 3) and configured to: 
receive an indication of an association (mobile sends associate, Figure 3, 30) between a client computing device (two mobile units 22 and 24, Figure 1) and virtual private network (VPN) configuration data for a VPN (VPN server 14, Figure 1), the indication comprising an identifier of the client computing device and the VPN configuration data (the mobile unit must open a PPTP connection with the VPN server 14, 0046) (attribution of an IP address, Figure 3, 31);
bind a VPN client session instantiated by the router computing device to a network interface (new VPN connection will be used to authenticate the user of the mobile unit 22 and encrypt further wireless communication, 0046) (creation of a VPN, Figure 3, 32);
implement a firewall rule to route network traffic to and from the client computing device via the network interface (Once the new VPN connection is created, policies related to this particular user are loaded into the firewall system 10 by the VPN server 14, 0046) (Rule application, Figure 3, 33); 


establish a connection with the VPN using the VPN client session and the VPN configuration data (Once the new VPN connection is created, policies related to this particular user are loaded into the firewall system 10 by the VPN server 14, 0046) (data transmission under VPN, Figure 3, 34);
receive network traffic for the client computing device; and route the network traffic via the network interface (this exchange of information is done safely for the user and the wireless local access network as a VPN is created between the WLAN port 20 and the mobile unit 22, All information sent by the mobile unit 22 is collected by the WLAN port 20 and is sent to the VPN server 14 via the firewall system 10 and the router 12, 0044) (data transmission under VPN, Figure 3, 34).

Claim 15:
With respect to claim 15, Moineau et al. discloses a server computing device (an apparatus for secure communication between at least one user client station via at least one port device and a network, Figures 1 and 3), comprising: a system memory; and a processor device communicatively coupled to the system memory (Figures 1 and 3), and configured to: 
obtain virtual private network (VPN) configuration data for a VPN (new VPN connection will be used to authenticate the user of the mobile unit 22 and encrypt further wireless communication, 0046) (creation of a VPN, Figure 3, 32);
associate a client computing device (mobile sends associate, Figure 3, 30) with the VPN configuration data (the mobile unit must open a PPTP connection with the VPN server 14, 0046) (attribution of an IP address, Figure 3, 31); and
transmit an indication of an association between the client computing device and the VPN configuration data to a router computing device, the indication comprising an identifier of the client computing device and the VPN configuration data (the mobile unit must open a PPTP connection with the VPN server 14, 0046) (attribution of an IP address, Figure 3, 31).



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 2-9, 12-13, 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Moineau et al. (US2004/0215957 A1, publish date 10/28/2004) in view of Varadhan et al. (US2010/0043068 A1, publish date 02/18/2010).

Claim 2:
With respect to claim 2, Moineau et al. discloses the limitations of claim 1, as addressed.

Moineau et al. does not disclose further comprising: 
obtaining, by a server computing device, the VPN configuration data; 
associating, by the server computing device, the client computing device with the VPN configuration data; and transmitting, by the server computing device, the indication of the association between the client computing device and the VPN configuration data to the router computing device as claimed. 

However, Varadhan et al. teaches network router configured to send and receive packets for customer virtual private networks (VPN) (0013) (Figure 2), further comprising: 
obtaining, by a server computing device (the router may be an edge router that provides broadband access, such as a Broadband Remote Access Server (BRAS), 0113), the VPN configuration data; associating, by the server computing device, the client computing device with the VPN configuration data; and transmitting, by the server computing device, the indication of the association between the client computing device and the VPN configuration data to the router computing device (the route lookup indicates that the packet is to be encapsulated and output by forwarding engine 106 as an VPN packet, firewall 123 accesses the configuration data and determines whether the administrator has defined any output zone that includes the customer VPN to which the packet will be output (150), 0072) (mapping information 160 provided by a routing component to an integrated firewall of a network device, a plurality of entries, each entry listing a customer VPN identifier 162, forwarding component, inbound traffic, next hop, 0075-0077) (Figures 8, 11).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Varadhan et al. in Moineau et al. for further comprising: 
obtaining, by a server computing device, the VPN configuration data; 
associating, by the server computing device, the client computing device with the VPN configuration data; and transmitting, by the server computing device, the indication of the association between the client computing device and the VPN configuration data to the router computing device as claimed for purposes of enhancing the secure communication between client station and a network system of Moineau et al. by 
allowing zone-based security policies to be defined and applied for the different network interfaces of the firewall, allows security zones to be defined for VPN tunnels carrying communications for customer VPNs. (see Varadhan et al. 0012)

Claims 3, 16:
With respect to claims 3, 16, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claim 2 and Moineau et al. discloses limitations of claim 15, as addressed. 

Varadhan et al. teaches network router configured to send and receive packets for customer virtual private networks (VPN) (0013) (Figure 2), wherein obtaining the VPN configuration data comprises retrieving, by the server computing device, the VPN configuration data from a VPN configuration database (the route lookup indicates that the packet is to be encapsulated and output by forwarding engine 106 as an VPN packet, firewall 123 accesses the configuration data and determines whether the administrator has defined any output zone that includes the customer VPN to which the packet will be output (150), 0072) (mapping information 160 provided by a routing component to an integrated firewall of a network device, a plurality of entries, each entry listing a customer VPN identifier 162, forwarding component, inbound traffic, next hop, 0075-0077) (Figures 8, 11).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

The motivation for combining Moineau et al. and Varadhan et al. is recited in claim 2.

Claims 4, 17:
With respect to claims 4, 17, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claims 2 and Moineau et al. discloses limitations of claim 15, as addressed. 

Varadhan et al. teaches network router configured to send and receive packets for customer virtual private networks (VPN) (0013) (Figure 2), wherein obtaining the VPN configuration data comprises receiving, by the server computing device, a first user input from a user, the first user input comprising the VPN configuration data (the network router provides a user interface by which a user specifies one or more zones to be recognized by the firewall,  allows the user to define the zones by specifying the customer VPNs as interfaces associated with the zones, 0012-0013).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

The motivation for combining Moineau et al. and Varadhan et al. is recited in claim 2.

Claims 5, 18:
With respect to claims 5, 18, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claim 2 and Moineau et al. discloses limitations of claim 15, as addressed. 

Varadhan et al. teaches network router configured to send and receive packets for customer virtual private networks (VPN) (0013) (Figure 2), wherein associating the client computing device with the VPN configuration data comprises receiving, by the server computing device, a second user input from a user indicating the association of the client computing device with the VPN configuration data (the network router provides a user interface by which a user specifies one or more zones to be recognized by the firewall,  allows the user to define the zones by specifying the customer VPNs as interfaces associated with the zones, 0012-0013) (easily service multiple customers of the service provider network, 0016) (VPN_customer_A, B, C, Figure 8, 11).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

The motivation for combining Moineau et al. and Varadhan et al. is recited in claim 2.

Claims 6, 12, 19:
With respect to claims 6, 12, 19, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claims 2 and Moineau et al. discloses the limitations of claim 11 and 15, as addressed. 

Moineau et al. discloses binding the VPN client session for the client computing device to the network interface comprises binding a VPN client session for the client computing device group to the network interface (new VPN connection will be used to authenticate the user of the mobile unit 22 and encrypt further wireless communication, 0046) (creation of a VPN, Figure 3, 32); and 
implementing the firewall rule comprises implementing a firewall rule to route network traffic to and from the plurality of client computing devices (two mobile units 22 and 24, Figure 1) via the network interface (Once the new VPN connection is created, policies related to this particular user are loaded into the firewall system 10 by the VPN server 14, 0046) (Rule application, Figure 3, 33).

Varadhan et al. teaches wherein: associating the client computing device with the VPN configuration data comprises: 
defining, by the server computing device, a client computing device group comprising a plurality of client computing devices including the client computing device (the network router provides a user interface by which a user specifies one or more zones to be recognized by the firewall,  allows the user to define the zones by specifying the customer VPNs as interfaces associated with the zones, 0012-0013) (easily service multiple customers of the service provider network, 0016) (VPN_customer_A, B, C, Figure 8, 11); and associating the client computing device group with the VPN configuration data (the route lookup indicates that the packet is to be encapsulated and output by forwarding engine 106 as an VPN packet, firewall 123 accesses the configuration data and determines whether the administrator has defined any output zone that includes the customer VPN to which the packet will be output (150), 0072) (mapping information 160 provided by a routing component to an integrated firewall of a network device, a plurality of entries, each entry listing a customer VPN identifier 162, forwarding component, inbound traffic, next hop, 0075-0077);
the indication of the association between the client computing device and the VPN configuration data comprises an indication of an association between the client computing device group and the VPN configuration data (Figures 8, 11).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Varadhan et al. in Moineau et al. for wherein: associating the client computing device with the VPN configuration data comprises: defining, by the server computing device, a client computing device group comprising a plurality of client computing devices including the client computing device; and associating the client computing device group with the VPN configuration data; the indication of the association between the client computing device and the VPN configuration data comprises an indication of an association between the client computing device group and the VPN configuration data; binding the VPN client session for the client computing device to the network interface comprises binding a VPN client session for the client computing device group to the network interface; and implementing the firewall rule comprises implementing a firewall rule to route network traffic to and from the plurality of client computing devices via the network interface as claimed for purposes of enhancing the secure communication between client station and a network system of Moineau et al. by allowing zone-based security policies to be defined and applied for the different network interfaces of the firewall, allows security zones to be defined for VPN tunnels carrying communications for customer VPNs. (see Varadhan et al. 0012)

Claim 7:
With respect to claim 7, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claim 6, as addressed. 

Varadhan et al. teaches wherein defining the client computing device group comprises automatically defining the client computing device group based on one or more common attributes of the plurality of client computing devices (the corresponding one of virtual security system 40 may be automatically determined by UI 215, 0082).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

The motivation for combining Moineau et al. and Varadhan et al. is recited in claim 2.

Claims 8, 20:
With respect to claims 8, 20, the combination of Moineau et al. and Varadhan et al. discloses the limitations of claims 6, 19, as addressed. 

Varadhan et al. teaches wherein defining the client computing device group comprises: receiving, by the server computing device, a third user input identifying the plurality of client computing devices as members of the client computing device group; and defining the client computing device group based on the third user input (easily service multiple customers of the service provider network, 0016) (VPN_customer_A, B, C, Figure 8, 11).

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

The motivation for combining Moineau et al. and Varadhan et al. is recited in claim 2.


Claims 9, 13:
With respect to claims 9, 13, Moineau et al. discloses the limitations of claims 1, 11, as addressed. 

Moineau et al. does not disclose wherein implementing the firewall rule to route the network traffic to and from the client computing device via the network interface comprises defining a firewall rule specified using one of OpenFlow and iptables as claimed. 

However, Varadhan et al. teaches network router configured to send and receive packets for customer virtual private networks (VPN) (0013) (Figure 2), wherein implementing the firewall rule to route the network traffic to and from the client computing device via the network interface comprises defining a firewall rule specified using one of OpenFlow and iptables (to dynamically configure a flow table, 0049) (Forwarding Plane, Flow control Unit, Forwarding Component, Figure 4)

Moineau et al. and Varadhan et al. are analogous art because they are from the same field of endeavor of Virtual Private Networks Traffic.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Varadhan et al. in Moineau et al. for wherein implementing the firewall rule to route the network traffic to and from the client computing device via the network interface comprises defining a firewall rule specified using one of OpenFlow and iptables as claimed for purposes of enhancing the secure communication between client station and a network system of Moineau et al. by allowing zone-based security policies to be defined and applied for the different network interfaces of the firewall, allows security zones to be defined for VPN tunnels carrying communications for customer VPNs. (see Varadhan et al. 0012)



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433      

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433