DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-21 are presented for examination.

Priority
The claim for priority from US Application 16/385,178, now US Patent 10,979,395, filed on 16 April 2019 is duly noted.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12 of U.S. Patent No. 10,979,395 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the instant claims are anticipated by the ‘395 Patent as shown below. It is noted that claims 10-21 are similar to claims 1-9 and are therefore similarly rejected.
17/199,778
Patent 10,979,395
1. A network device associated communicably coupled to a network, the network device comprising: a processing resource including one or more processors; a non-transitory computer-readable storage medium embodying a set of instructions, which when executed by the processing resource causes the processing resource to: receive, from a remote device communicably coupled to the network and remote from the network device, a first message specifying a plurality of virtual private network (VPN) connection attributes corresponding to a lowest encryption and authentication suite supported by the remote device; automatically create a VPN tunnel entry based at least in part on the plurality of VPN connection attributes; generate a second message specifying encryption and authentication attributes based on corresponding encryption and authentication attributes of the plurality of VPN connection attributes; receive a third message from the remote device, wherein the third message is responsive to the second message and is indicative of a highest level encryption and authentication suite that the remote device is able to support; and transmit a random pre-shared key (PSK) to replace a temporary PSK received from the remote device as part of a connection request message so as to enable creation of a permanent tunnel and establishment of the VPN connection upon determining the network device is compatible with the highest level encryption and authentication suite.
2. The network device of claim 1, wherein the non-transitory computer-readable storage medium further embodying instructions, which when executed by the processing resource causes the processing resource to: determine the network device is compatible with the highest level encryption and authentication suite; and wherein transmitting the random pre-shared key (PSK) to replace the temporary PSK received from the remote device is done based at least in part upon determining compatibility with the highest level encryption and authentication suite.
3. The network device of claim 1, wherein the non-transitory computer-readable storage medium further embodying instructions, which when executed by the processing resource causes the processing resource to: determine the network device is not compatible with the highest level encryption and authentication suite; and upon determining the network device is not compatible with the highest level encryption and authentication suite, iteratively reduce a proposed level of encryption and authentication suite until a match is found between the remote device and the network device.
4. The network device of claim 1, wherein the first message is a phase 1 security parameter proposal message, and the second message is a phase 2 security association proposal message.

1. A method for automatically establishing a virtual private network (VPN) connection, the method comprising: receiving, by a network device associated with a first site of a private network, from a remote device associated with a second site of the private network, a phase 1 security parameter proposal message specifying a plurality of VPN connection attributes corresponding to a lowest encryption and authentication suite supported by the remote device; automatically creating, by the network device, a VPN tunnel entry based at least in part on the plurality of VPN connection attributes; generating, by the network device, a phase 2 security association proposal message specifying encryption and authentication attributes based on corresponding encryption and authentication attributes of the plurality of VPN connection attributes; responsive to processing of the phase 2 security association proposal message by the remote device, receiving, by the network device, from the remote device, a third message indicative of a highest level encryption and authentication suite that the remote device is able to support; and determining, by the network device, whether the network device is compatible with the highest level encryption and authentication suite; when said determining is affirmative, then transmitting, by the network device, a random pre-shared key (PSK) to replace a temporary PSK received from the remote device as part of a connection request message so as to enable creation of a permanent tunnel and establishment of the VPN connection; and when said determining is negative, then compatibility of the network device with a lower level encryption and authentication suite is determined by the remote device iteratively reducing a proposed level of encryption and authentication suite until a match is found between the remote device and the network device.

5. The network device of claim 1, wherein the plurality of VPN connection attributes are selected from any or a combination of an Internet Protocol (IP) address of the remote device, a fully qualified domain name (FQDN) of the remote device, a unique VPN connection name, a destination IP address, attributes of supported authentication, attributes of supported encryption, a randomized key life timer, a supported Diffie-Hellman (DH) group, and the temporary pre-shared key (PSK).
2. The method of claim 1, wherein the plurality of VPN connection attributes are selected from any or a combination of an Internet Protocol (IP) address of the remote device, a fully qualified domain name (FQDN) of the remote device, a unique VPN connection name, a destination IP address, attributes of supported authentication, attributes of supported encryption, a randomized key life timer, a supported Diffie-Hellman (DH) group, and the temporary pre-shared key (PSK).
6. The network device of claim 5, wherein the remote device configures the permanent tunnel based on the random PSK, the second message, and the connection request message.
3. The method of claim 2, wherein the remote device configures the permanent tunnel based on the random PSK, the second message, and the connection request message.
7. The network device of claim 5, wherein the non-transitory computer-readable storage medium further embodying instructions, which when executed by the processing resource causes the processing resource to: perform a connection speed test between the remote device and the network device; wherein when the connection speed test indicates a connection speed between the remote device and the network device meets or exceeds a minimum speed threshold, complete the VPN connection establishment by finalizing the permanent tunnel; and wherein when the connection speed between the remote device and the network device is less than the minimum speed threshold, iteratively revise a level of encryption or authentication between the remote device and the network device until the minimum speed threshold is achieved.
4. The method of claim 2, the method further comprises: performing, at the network device, a connection speed test between the remote device and the network device; when the connection speed test indicates a connection speed between the remote device and the network device meets or exceeds a minimum speed threshold, then completing the VPN connection establishment by finalizing the permanent tunnel; when the connection speed between the remote device and the network device is less than the minimum speed threshold, then a level of encryption or authentication is iteratively revised between the remote device and the network device until the minimum speed threshold is achieved.

8. The network device of claim 1, wherein the connection request message is authorized before the VPN tunnel entry is created.
5. The method of claim 1, wherein the connection request message is authorized before the VPN tunnel entry is created.
9. The network device of claim 1, wherein the network device comprises any or a combination of a hub, a network security device, a router, and a gateway device.
6. The method of claim 1, wherein the network device is any or a combination of a hub, a network security device, a router, and a gateway device.


Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Leone et al. (WO 2005/120007 A1) discloses a system and method for a secure connection in communication networks.
Rueppel et al. (US Patent 5,600,725) discloses a system and method for digital signature and key agreement.
Tajima et al. (US 2005/0172129 A1) discloses a system and method for random number generating and sharing.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SARAH SU/Primary Examiner, Art Unit 2431