Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to the amendment filed 09/02/2022. 
In the instant amendment, claims 1-3, 10-11, 18 and 20 were amended; claims 8-9 and 17 are cancelled; claims 1, 10 and 20 are independent claims. Claims 1-7, 10-16 and 18-20 are pending in this application. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/02/2022 has been entered.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 10 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1, 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425) in view of Shue et al (“Shue,” US 20170063859) and further in view of Dumitriu et al (“Dumitriu,” US 20180227195). 

Regarding claim 1, Zhang discloses a method comprising: 
looking up a routing table based on source of packets from the networking device; (Zhang, [0125], [0296], [0403], [0162] describes looking up a routing table based on source of packets from the networking device)
selecting, using the routing table, a virtual network device with a virtual networking interface for the networking device, (Zhang, [0125], [0290]-[0291], [0353], [0403], describes selecting, using the routing table, a virtual network device with a virtual networking interface for the networking device)
wherein the virtual networking interface has an existing networking tunnel to the destination of packets from the networking device, (Zhang, [0290]-[0291], [0294], [0296], [0318] describes wherein the virtual networking interface has an existing networking tunnel to the destination of packets from the networking device)
and the existing networking tunnel corresponds to the application of the networking device, (Zhang, [0176], [0185], [0188], [0092], [0169], [0174], [0284], [0286], describes and the existing networking tunnel corresponds to the application of the networking device)
Zhang fails to explicitly disclose receiving, by an access controller, access rules for a networking device, wherein the access rules identify a source and destination of packets from the networking device.
However, in an analogous art, Shue discloses receiving, by an access controller, (Shue, [0010] describes receiving, by an access controller)
access rules for a networking device, (Shue, [0039]-[0040] describes access rules for a client device [networking device]). 
wherein the access rules identify a source and destination of packets from the networking device, (Shue, [0039]-[0040], [0056]-[0057] describes wherein the access rules identify a source and destination of packets from the networking device)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shue with the method and system of Zhang to include receiving, by an access controller, access rules for a networking device, wherein the access rules identify a source and destination of packets from the networking device. One would have been motivated to provide an access controller for providing access to a network resource (Shue, [0012]). 
Zhang and Shue fail to explicitly disclose and an application of the networking device
However, in an analogous art, Dumitriu discloses and an application of the networking device, (Dumitriu, [0081], [0062], [0111], [0077]-[0078], [0087] describes receiving by an access controller, access flow rules for a networking device where the flow rules identify a source and destination of packets and an VPN application of the client device [networking device]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dumitriu with the method and system of Zhang and Shue to include and an application of the networking device. One would have been motivated to implement and manage virtual networks (Dumitriu, [0002]).  

Regarding claim 10, claim 10 is directed to a system. Claim 10 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Regarding claim 20, claim 20 is directed to at least one non-transitory computer readable storage medium. Claim 20 is similar in scope to claim 1 and is therefore rejected under similar rationale. 

Claims 2-3, 11-12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859) in view of Dumitriu et al (“Dumitriu,” US 20180227195) and further in view of Glazemakers et al (“Glazemakers,” US 20170111310). 

Regarding claim 2, Zhang, Shue and Dumitriu disclose the method of claim 1. 
Zhang, Shue and Dumitriu fail to explicitly disclose wherein establishing the networking tunnels comprises creating a first networking tunnel with a first gateway to provide a dedicated network route between the networking device and a first network segment accessed via the first gateway,
However in an analogous art, Glazemakers discloses wherein establishing the networking tunnels comprises creating a first networking tunnel with a first gateway to provide a dedicated network route between the networking device and a first network segment accessed via the first gateway (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes establishing the networking tunnel by creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and network segment accessible via the first gateway described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Zhang, Shue and Dumitriu to include wherein further comprising creating a first networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 

Regarding claim 3, Zhang, Shue, Dumitriu and Glazemakers disclose the method of claim 2. 
Glazemakers further discloses further comprising creating a second networking tunnel with a second gateway to provide a dedicated network route between the networking device and a second network segment accessed via the second gateway (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes establishing the networking tunnel by creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and network segment accessible via the first gateway described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Zhang, Shue and Dumitriu to include wherein further comprising creating a first networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 

Regarding claim 11, Zhang, Shue and Dumitriu disclose the system of claim 10. 
Zhang, Shue and Dumitriu fail to explicitly disclose wherein further comprising creating a first networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. 
However, in an analogous art, Glazemakers discloses wherein further comprising creating a first networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway, (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes establishing the networking tunnel by creating the networking tunnel with a first gateway to provide a dedicated network route between the first networking device and network segment accessible via the first gateway described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Zhang, Shue and Dumitriu to include wherein further comprising creating a first networking tunnel with a first gateway to provide a dedicated network route between the first networking device and a network segment accessible via the first gateway. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 


Regarding claim 12, Zhang, Shue and Dumitriu disclose the system of claim 10. 
Zhang, Shue and Dumitriu fail to explicitly disclose wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; determine, based on the request, the network address for the first networking device; and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device.
However, in an analogous art, Glazemakers discloses wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; (Glazemakers, [0041], processor; FIG 2 and associated text in paragraphs [0042]-[0067] describes receiving by an authentication server from the first networking device, a request for a network address for the first networking device)
determine, based on the request, the network address for the first networking device; (Glazemakers, FIG 2 and associated text in paragraphs [0042]-[0067] describe determine based on the request the network address for the first networking device)
and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device, (Glazemakers, FIG 2 and associated text in paragraphs [0042]-[0067] describe forwarding to the first networking device in reply to the request, the network address for the first networking device, and the network address of the controller, wherein the access controller is to serve as the default gateway for the first networking device). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dumitriu with the method and system of Zhang, Shue and Dumitriu to include wherein the instructions are further configured to instruct the at least one processor to: receive, by an authentication service from the first networking device, a request for a network address for the first networking device; determine, based on the request, the network address for the first networking device; and send, to the first networking device in reply to the request, the network address for the first networking device, and a network address of the access controller, wherein the access controller is to serve as a default gateway for the first networking device. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]).

Regarding claim 18, Zhang, Shue and Dumitriu disclose the system of claim 10. 
Zhang further discloses the existing networking tunnel  (Zhang, [0290]-[0291], [0294], [0296], [0318] describes the existing networking tunnel)
Zhang, Shue and Dumitriu fail to explicitly disclose wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate.
However, in an analogous art, Glazemakers discloses wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate (Glazemakers, FIG 2, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes a networking tunnel is created with a first gateway and the network segment is accessible via the first gateway and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Zhang, Shue and Dumitriu to include wherein the networking tunnel is established with a first gateway, a network segment is accessible via the first gateway, and the access rules identify networking devices in the network segment with which the first networking device is allowed to communicate. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]).


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859), Dumitriu et al (“Dumitriu,” US 20180227195) in view of Glazemakers et al (“Glazemakers,” US 20170111310) and further in view of Ringdahl et al (“Ringdahl,” US 20150058967). 

Regarding claim 4, Zhang, Shue, Dumitriu and Glazemakers disclose the method of claim 2. 
Zhang, Shue, Dumitriu and Glazemakers fail disclose wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules.
However, in an analogous art, Ringdahl discloses wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules, (Ringdahl, 1150, 1154, 1155, FIG 1, [0012], [0026] & [0030]; FIG’s 3 & 4 and [0033]-[0038] disclose wherein the access policies comprise firewall rules for the first gateway, the method further comprising sending by the access controller, the access rules to the first gateway and wherein the first gateway uses the access rules to apply the firewall rules). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ringdahl with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include wherein the access rules comprise firewall rules for the first gateway, the method further comprising sending, by the access controller, the access rules to the first gateway, wherein the first gateway uses the access rules to apply the firewall rules. One would have been motivated to control access to the gateway node from a public access network and to the remote server providing the virtual computing services (Ringdahl, [0037]). 

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859) in view of Dumitriu et al (“Dumitriu,” US 20180227195) in view of Glazemakers et al (“Glazemakers,” US 20170111310) and further in view of Alexander et al (“Alexander,” US 20180062879). 

Regarding claim 5, Zhang, Shue, Dumitriu and Glazemakers disclose the method of claim 2. 
Zhang, Shue, Dumitriu and Glazemakers fail to explicitly disclose wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; and announce the networking device within the first network segment. 
However, in an analogous art, Alexander discloses wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; (Alexander, [0026] & [0035] describe wherein the first gateway is configured to create a networking interface for communication between devices in the network segment and the network device)
and announce the networking device within the first network segment (Alexander, [0026] & [0035] describe all)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Alexander with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include wherein the first gateway is configured to: create a networking interface for communication between devices in the first network segment and the networking device; and announce the networking device within the first network segment. One would have been motivated to increasing fixed network access capacity, such as increasing network access capacity available within a wireless mesh network by adding auxiliary gateway devices within a network supporting automatically segmenting and merging routing domains (Alexander, [0001]).  

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859), Dumitriu et al (“Dumitriu,” US 20180227195) in view of Glazemakers et al (“Glazemakers,” US 20170111310) and further in view of Saxena et al (“Saxena,” US 8,498,295).

Regarding claim 6, Zhang, Shue, Dumitriu and Glazemakers disclose the method of claim 2. 
Zhang further discloses received on the virtual networking interface (Zhang, [0290]-[0291], [0294], [0296], [0318] describes receiving virtual networking interface)
Zhang, Shue, Dumitriu and Glazemakers fail to explicitly disclose further comprising,  after establishing the first networking tunnel, adding a destination-based route in the routing table to route networking packets with a network address within the first networking segment to the first networking tunnel
However, Saxena discloses further comprising,  after establishing the first networking tunnel, adding a destination-based route in the routing table to route networking packets with a network address within the first networking segment to the first networking tunnel, (Saxena, Col. 6, Lines 17-41, Col. 2, Lines 15-28; Col. 4, Lines 61-67; Col. 5, Lines 1-6 describes after establishing the first networking tunnel adding a destination based route using a destination address in the routing table to route networking packets received on the networking interface with a network address within the first networking segment to the first networking tunnel)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Saxena with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include further comprising,  after establishing the first networking tunnel, adding a destination-based route in the routing table to route networking packets received on the virtual networking interface with a network address within the first networking segment to the first networking tunnel. One would have been motivated to deploy network-layer protocols across computer networks (Saxena, Col. 1, Lines 7-9).


Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859), Dumitriu et al (“Dumitriu,” US 20180227195), in view of Glazemakers et al (“Glazemakers,” US 20170111310) in view Smith et al (“Smith,” US 20050243826) 

Regarding claim 7, Zhang, Shue, Dumitriu and Glazemakers disclose the method of claim 2. 
Zhang further discloses disclose wherein: the networking device is a first networking device; (Zhang, [0125], [0296], [0403], [0162] describes wherein: the networking device is a first networking device)
the access controller forwards a received packet to the virtual networking interface by looking up a source address in the routing table; (Zhang, [0125], [0290]-[0291], [0353], [0403], [0134] describes the access controller forwards a received packet to the virtual networking interface by looking up a source address in the routing table)
Glazemakers further discloses and the packet is forwarded over the first networking tunnel to the first gateway, thereby causing the first gateway to forward the packet to a second networking device in the first network segment, (Glazemakers, [0023], [0046], [0050] & [0071] describes the packet; [0020] & [0026] describes forwarding the packet over the first networking tunnel to the first gateway then causing the first gateway to forward the packet to the second networking device in the first segment which is described in paragraphs [0022], [0024], [0043] and [0047])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Glazemakers with the method and system of Zhang, Shue and Dumitriu to include within the virtual network device, the packet is encapsulated. One would have been motivated to resolving of network addresses from host names for client devices, and more particularly but not limited to the resolving of host names for hosts located in a segmented private network (Glazemakers, [0002]). 
Zhang, Shue, Dumitriu and Glazemakers fail to explicitly disclose within the virtual network device, the packet is encapsulated. 
However, in an analogous art, Smith discloses within the virtual network device, the packet is encapsulated (Smith, [0061]-[0062] describes within the virtual network device the packet is encapsulated)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include within the virtual network device, the packet is encapsulated. One would have been motivated to add information to a packet before it travels to its destination (Smith, [0061]-[0062]).  

Claims 13, 14, 16  and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859), Dumitriu et al (“Dumitriu,” US 20180227195), in view of Glazemakers et al (“Glazemakers,” US 20170111310) and further in view of Goelitz et al (“Goelitz,” US 20200021556). 
Regarding claim 13, Zhang, Shue, Dumitriu and Glazemakers disclose the system of claim 12. 
Zhang, Shue, Dumitriu and Glazemakers fails to explicitly disclose wherein the instructions are further configured to instruct the at least one processor to determine, by the authentication service, the access rules for the first networking device, and wherein the access rules comprise the network address for the first networking device.
However, in an analogous art, Goelitz discloses wherein the instructions are further configured to instruct the at least one processor to determine, by the authentication service,  the access rules for the first networking device, (Goelitz, [0047]-[0048] describes wherein the instructions are further configured to instruct the at least one processor to determine, by the authentication service,  the access rules for the first networking device)
and wherein the access rules comprise the network address for the first networking device, (Goelitz, [0044], [0047]-[0048], [0058], describes and wherein the access rules comprise the network address for the first networking device)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Goelitz with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include within the virtual network device, the packet is encapsulated. One would have been motivated to provide address migration to enable customers to move all or part of their existing publicly routable network address space to a provider network for use within the provider network (Goelitz, [0015]). 

Regarding claim 14, Zhang, Shue, Dumitriu, Glazemakers and Goelitz disclose the system of claim 13. 
Goelitz further discloses wherein the access rules further comprise a network address of a remote gateway, (Goelitz, [0047]-[0048], [0058], [0027] describes wherein the access rules further comprise a network address of a remote gateway)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Goelitz with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include within the virtual network device, the packet is encapsulated. One would have been motivated to provide address migration to enable customers to move all or part of their existing publicly routable network address space to a provider network for use within the provider network (Goelitz, [0015]). 

Regarding claim 16, Zhang, Shue, Dumitriu and Glazemakers disclose the system of claim 13. 
Shue further discloses wherein the access controller is configured to (Shue, [0010] describes wherein the access controller is configured to)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shue with the method and system of Zhang to include wherein the access controller is configured to. One would have been motivated to provide an access controller for providing access to a network resource (Shue, [0012]). 
Goelitz further discloses receive the access rules from the authentication service, (Goelitz, [0047]-[0048], [0052], describes wherein the instructions are further configured to instruct the at least one processor to determine, by the authentication service,  the access rules for the first networking device)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Goelitz with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include receive the access rules from the authentication service. One would have been motivated to provide address migration to enable customers to move all or part of their existing publicly routable network address space to a provider network for use within the provider network (Goelitz, [0015]). 

Regarding claim 19, Zhang, Shue, Dimitriu and Glazemakers disclose the system of claim 18. 
Zhang, Shue, Dumitriu and Glazemakers fail to explicitly disclose wherein each of the access rules comprises at least one condition that needs to be fulfilled in order for the first networking device to have access to the identified networking devices. 
However, in an analogous art, Goelitz discloses wherein each of the access rules comprises at least one condition that needs to be fulfilled in order for the first networking device to have access to the identified networking devices (Goelitz, [0047]-[0048], [0052], describes wherein each of the access rules comprises at least one condition that needs to be fulfilled in order for the first networking device to have access to the identified networking devices)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Goelitz with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include wherein each of the access rules comprises at least one condition that needs to be fulfilled in order for the first networking device to have access to the identified networking devices. One would have been motivated to provide address migration to enable customers to move all or part of their existing publicly routable network address space to a provider network for use within the provider network (Goelitz, [0015]). 

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20180041425), Shue et al (“Shue,” US 20170063859), Dumitriu et al (“Dumitriu,” US 20180227195), Glazemakers et al (“Glazemakers,” US 20170111310) in view of Goelitz et al (“Goelitz,” US 20200021556) and further in view of Jung et al (“Jung,” US 20150288658). 

Regarding claim 15, Zhang, Shue, Dumitriu and Glazemakers disclose the system of claim 13. 
Zhang, Shue, Dumitriu and Glazemakers fail to explicitly disclose wherein the access rules further comprise authentication information for setting up the networking tunnel.
However, in an analogous art, Jung discloses wherein the access rules further comprise authentication information for setting up the networking tunnel (Jung, [0008] & [0009] describes wherein the access policies further comprise authentication information for setting up and creating a network tunnel). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jung with the method and system of Zhang, Shue, Dumitriu and Glazemakers to include wherein the access rules further comprise authentication information for setting up the networking tunnel. One would have been motivated to control access to wireless security to all layers in the wireless network sections (Jung, [0007]). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439       



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439