DETAILED ACTION
Claims 1-10 are presented for examination.
This is a first action on the merits based on Applicant’s claims filed on 2/12/2021 for U.S. Patent Application No. 17/268,193.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s claim for the benefit of a prior-filed PCT Patent Application No. PCT/JP2019/031777, filed 8/9/2019 is acknowledged; Applicant also claimed for the benefit of a prior-filed foreign priority to Japanese Patent Application No. JP2018152993 filed 8/15/2018. 
However, the foreign priority claim to Japanese Patent Application No. JP2018152993 has not been perfected yet, applicant may perfect the priority claim by submitting a certified English translation of Japanese Patent Application No. JP2018152993.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2/12/2021 and 11/16/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Claim Objections
Claims 1-5 are objected to because of the following informalities:  Claims 1-5 recite "one or more processors". However, the specification does not recite "one or more processors". Rather, the specification recites "various processing units", such as "central processing unit (CPU)" or "micro processing unit". Applicant is kindly requested to use the language used in the specification.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 line 3 recites the limitation " one or more processors", claim 1 line 5 recites the limitation “one or more processors”, and claim 1 line 8 recites a third instances of “one or more processors”.  It is unclear if the three instances of “one or more processors” are meant to have antecedent basis. For the purpose of examination, the three instances of “one or more processors” are interpreted to have antecedent basis. Claims 2-5 are dependent upon claim 1 and so are also indefinite via dependency. 
Claim 1 lines 3-4 recites the limitation “configured to acquire version information of an operating system (OS) of the terminal”, claim 1 lines 5-6 recites the limitation “a version of the OS of the terminal acquired by the acquisition unit”. It is unclear if the two are meant to have antecedent basis. For the purpose of examination, the second instance is interpreted as “the version of the OS of the terminal acquired by the acquisition unit”. Claims 2-5 are dependent upon claim 1 and so are also indefinite via dependency.
Claim 6 line 4 recites the limitation “acquiring version information of an operating system (OS) of the terminal”, and Claim 6 line 5 recites the limitation “a version of the OS of the terminal acquired in the acquiring”. It is unclear if the two are meant to have antecedent basis. For the purpose of examination, the second instance is interpreted as “the version of the OS of the terminal acquired 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-5 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim as a whole, under the broadest reasonable interpretation, can be interpreted as software per se. A "communication system" may be interpreted reasonably as either software or hardware. Furthermore, any of the units may also be software units. As to "one or more processors", under the broadest reasonable interpretation a "processor" may be either software or hardware. Only a "microprocessor" or "central processing unit" are considered hardware only. This is further supported with the open-ended definition in the specification for “processing unit”, e.g. ¶21: “Further, the control unit 23 functions as various processing units by various programs operating”.
Claims 2-5 depend on claim 1 and do not overcome the rejection of claim 1.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4 and 6, 7, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (U.S. 2007/0250627 hereinafter "May") in view of Kerr et al. (U.S. 8,584,194 hereinafter “Kerr”).

Claim 1. May disclosed a communication system (May, FIG. 1 system “10”) in which a terminal (May, FIG. 1 “client computer”) is connected to a network (May, FIG. 1 “network”; see client computer is connect to network in FIG. 1) and is connectable to a security apparatus ([0021] “redirecting [i.e. connectable] may involve redirecting the client computer to a webpage including at least one link to a network resource location [i.e. security apparatus] for downloading data for updating a configuration of the client computer”), the communication system comprising: 
an acquisition unit (May, FIG. 5 and [0100, 0106] “gateway node 12 includes a processor circuit shown generally at 140 [i.e. an acquisition unit]. The processor circuit 140 includes a microprocessor 142…[and a] parameter memory 146….The parameter memory 146 includes…a block of memory for storing a log 170”), including one or more processors (May, FIG. 5 microprocessor “142”), configured to acquire version information of an operating system (OS) of the terminal (May, FIG. 5 and [0108] “The log 170 is operable to record information associated with the data transmission” and see FIG. 4 wherein data transmission from the client includes client operating system version status information “Windows NT 5.1”); 
a comparison unit (May, FIG. 5 and [0100, 0106-0107] “gateway node 12 includes a processor circuit shown generally at 140 [i.e. a comparison unit]. The processor circuit 140 includes a microprocessor 142…[and a] parameter memory 146….The parameter memory 146 includes a block of memory for storing a table of criteria 168…The table of criteria 168 includes a plurality of record for holding criteria against which the status information is to be compared”), including one or more processors (May, FIG. 5 microprocessor “142”), configured to compare the version of the OS of the terminal acquired by the acquisition unit with a latest version of the corresponding OS (May, FIG. 5 and FIG. 8 [0133] “the microprocessor 142 to compare the status information included in the data transmission with the criteria in the table of criteria 168, and if the status information meets all of the criteria” and [0116] “gateway node 12 may be configured to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.”); and 
a setting unit (May, FIG. 5 and [0100-0101] “gateway node 12 includes a processor circuit shown generally at 140. The processor circuit 140 [i.e. a setting unit] includes a microprocessor 142, an input/output (I/O) port 148…The I/O 148 includes the first interface 28 and the second interface 30”), including one or more processors (May, FIG. 5 microprocessor “142”), configured to set, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a path along which traffic of the terminal passes through the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”), and set, when the version of the OS of the terminal meets criterion (May FIG. 8 step “252 Status Information meets criterion?” if the answer is “Y” then step “250 Allow data transmission to continue”), a path along which the traffic of the terminal does not pass through the security apparatus (May FIG. 8 step “252 Status Information meets criterion?” if the answer is “Y” then step “250 Allow data transmission to continue” which did not redirect client to aforementioned network resource location).  
	May did not explicitly disclose the version of the OS of the terminal meets criterion being that the version of the OS is the latest version.
	However, analogous art Kerr disclosed the version of the OS of the terminal meets criterion such that the version of the OS is the latest version  (Kerr, column 6 line 59 – column 7 line 3 “The set of security criteria 215 may be embodied in a wide variety of configuration and may have one or numerous requirements to ensure that the candidate node 201 will not pose a security risk to the network 200, once admitted to the network 200… the set of security criteria 215 may require that the candidate node 201 use…the most secure and updated version of its operating system”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect to another network resource location for updating the client computer, as taught in May to Kerr’s known system of security criteria that may require client node to use the most secure and updated version of its operating system, so as to provide improvement to yield the predictable result of improving security such that the client having the latest up to date operating system and will not pose a security risk to the network.

Claim 2. May in view of Kerr disclosed the communication system according to claim 1, further comprising a network device (May, FIG. 1 and 5 Gateway node  “12”) configured to connect the terminal (May, FIG. 1 “Client Computer”) to the network (May, FIG. 1 “Network”; see that Client computer is connected to the network via Gateway node 12) and including the acquisition unit (May, FIG. 5, Gateway node “12” includes the processor circuit “140” with “Log 170” and microprocessor “142”) the comparison unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with “Table of Criteria 168” and microprocessor “142”), and the setting unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with “I/O 148, Interface” and microprocessor “142”).  

Claim 4. (Original) May in view of Kerr disclosed the communication system according to claim 1, further comprising a virtual network device (May, FIG. 1, 5, and [0101] “the first interface 28 is operably configured to implement one or more logical interfaces…The first interface 28 may be a VLAN switch [i.e. Virtual Local Area Network switch is a Virtual Network Device]…the first interface 28 and/or the second interface…may be another type of logical interface such as a tunnel”) configured to connect to the terminal (May, FIG. 1 “Client Computer”) via a network device (May, FIG. 1 and 5 Gateway node  “12”) and including the acquisition unit (May, FIG. 5, Gateway node “12” includes the processor circuit “140” with “Log 170” and microprocessor “142”), the comparison unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with “Table of Criteria 168” and microprocessor “142”), and the setting unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with microprocessor “142”).

Claim 6. May disclosed a communication method (May, Title “Method, Apparatus, Signals And Medium for Enforcing Compliance with a Policy On A Client Computer”) executed by a communication system (May, FIG. 1 system “10”)  in which a terminal (May, FIG. 1 “client computer”) is connected to a network (May, FIG. 1 “network”; see client computer is connected to network in FIG. 1)  and is connectable to a security apparatus ([0021] “redirecting [i.e. connectable] may involve redirecting the client computer to a webpage including at least one link to a network resource location [i.e. security apparatus] for downloading data for updating a configuration of the client computer”), the communication method comprising: 
acquiring version information of an operating system (OS) of the terminal (May, FIG. 5 and [0108] “The log 170 is operable to record information associated with the data transmission” and see FIG. 4 wherein data transmission from the client includes client operating system version status information “Windows NT 5.1”); 
comparing the version of the OS of the terminal acquired (May, FIG. 5 and FIG. 8 [0133] “the microprocessor 142 to compare the status information included in the data transmission with the criteria in the table of criteria 168, and if the status information meets all of the criteria” and [0116] “gateway node 12 may be configured to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.”); and 
setting, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a path along which traffic of the terminal passes through the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”), and setting, when the version of the OS of the terminal meets criterion (May FIG. 8 step “252 Status Information meets criterion?” if the answer is “Y” then step “250 Allow data transmission to continue”), a path along which the traffic of the terminal does not pass through the security apparatus (May FIG. 8 step “252 Status Information meets criterion?” if the answer is “Y” then step “250 Allow data transmission to continue” which did not redirect client to aforementioned network resource location).  
	May did not explicitly disclose the version of the OS of the terminal meets criterion being that the version of the OS is the latest version.
However, analogous art Kerr disclosed the version of the OS of the terminal meets criterion such that the version of the OS is the latest version  (Kerr, column 6 line 59 – column 7 line 3 “The set of security criteria 215 may be embodied in a wide variety of configuration and may have one or numerous requirements to ensure that the candidate node 201 will not pose a security risk to the network 200, once admitted to the network 200… the set of security criteria 215 may require that the candidate node 201 use…the most secure and updated version of its operating system”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect to another network resource location for updating the client computer, as taught in May to Kerr’s known system of security criteria that may require client node to use the most secure and updated version of its operating system, so as to provide improvement to yield the predictable result of improving security such that the client having the latest up to date operating system and will not pose a security risk to the network.


Claim 7. May in view of Kerr disclosed the communication method according to claim 6, further comprising: connecting the terminal (May, FIG. 1 “Client Computer”) to the network (May, FIG. 1 “Network”) via a network device (May, FIG. 1 and 5 Gateway node  “12”; see that Client computer is connected to the network via Gateway node 12).  

Claim 9. May in view of Kerr disclosed the communication method according to claim 6, further comprising: connecting a virtual network device (May, FIG. 1, 5, and [0101] “the first interface 28 is operably configured to implement one or more logical interfaces…The first interface 28 may be a VLAN switch [i.e. Virtual Local Area Network switch is a Virtual Network Device]…the first interface 28 and/or the second interface…may be another type of logical interface such as a tunnel”) to the terminal (May, FIG. 1 “Client Computer”) via a network device (May, FIG. 1 and 5 Gateway node  “12”; see that VLAN switch 28 is connected to the client computer via Gateway node 12).  


Claims 3, 5, 8 , and 10 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (U.S. 2007/0250627 hereinafter "May") in view of Kerr et al. (U.S. 8,584,194 hereinafter “Kerr”), further in view of Van Dussen (U.S. 2019/0253274 hereinafter “Van Dussen”)

Claim 3. May in view of Kerr disclosed the communication system according to claim 2, wherein the setting unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with “I/O 148, Interface” and microprocessor “142”) is configured to establish, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured [i.e. configured to establish] to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a connection using (May, FIG. 1, 5, and [0101] “the first interface 28 and/or the second interface…may be…logical interface such as a tunnel”) between the network device and the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”).  
	May in view of Kerr did not explicitly disclose that the tunnel being an L2 tunnel.
	However analogous art Van Dussen disclosed the tunnel being an L2 tunnel (Van Dussen [0056] “tunnel 442 can take other forms, such as various types of virtual private network (VPN) or Layer 2 (L2) tunneling protocols like VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE), or other suitable overlay network protocol”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect via tunnel interface to another network resource location for updating the client computer, as taught in May; and the known technique of security criteria being that client has the latest updated operating system, to Van Dussen’s known system of tunnel taking various forms such as Layer 2 (L2) tunneling protocols like VXLAN, so as to provide improvement to yield the predictable result of secure connection, that can be used to migrate to overlay network dynamically created in computing service provider network, without any impact to existing corporate infrastructure (Van Dussen [0056] “secure transport layer tunnel can provide a link layer (i.e., L2)…With an L2 network overlay, instances of an application executing…can be seamlessly migrated to the overlay network dynamically created in computing service provider network 404A, without any impact to existing corporate infrastructure”).

Claim 5. May in view of Kerr disclosed the communication system according to claim 4, wherein the setting unit (May, FIG. 5, Gateway node “12” the processor circuit “140” with “I/O 148, Interface” and microprocessor “142”) is configured to establish, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured [i.e. configured to establish] to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a connection using (May, FIG. 1, 5, and [0101] “the first interface 28 and/or the second interface…may be…logical interface such as a tunnel”) between the virtual network device and the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”).  
May in view of Kerr did not explicitly disclose that the tunnel being an L2 tunnel.
	However analogous art Van Dussen disclosed the tunnel being an L2 tunnel (Van Dussen [0056] “tunnel 442 can take other forms, such as various types of virtual private network (VPN) or Layer 2 (L2) tunneling protocols like VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE), or other suitable overlay network protocol”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect via tunnel interface to another network resource location for updating the client computer, as taught in May; and the known technique of security criteria being that client has the latest updated operating system, to Van Dussen’s known system of tunnel taking various forms such as Layer 2 (L2) tunneling protocols like VXLAN, so as to provide improvement to yield the predictable result of secure connection, that can be used to migrate to overlay network dynamically created in computing service provider network, without any impact to existing corporate infrastructure (Van Dussen [0056] “secure transport layer tunnel can provide a link layer (i.e., L2)…With an L2 network overlay, instances of an application executing…can be seamlessly migrated to the overlay network dynamically created in computing service provider network 404A, without any impact to existing corporate infrastructure”).

Claim 8. May in view of Kerr disclosed the communication method according to claim 7, further comprising: establishing, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured [i.e. establishing] to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a connection using (May, FIG. 1, 5, and [0101] “the first interface 28 and/or the second interface…may be…logical interface such as a tunnel”) between the network device and the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”).  
May in view of Kerr did not explicitly disclose that the tunnel being an L2 tunnel.
	However analogous art Van Dussen disclosed the tunnel being an L2 tunnel (Van Dussen [0056] “tunnel 442 can take other forms, such as various types of virtual private network (VPN) or Layer 2 (L2) tunneling protocols like VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE), or other suitable overlay network protocol”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect via tunnel interface to another network resource location for updating the client computer, as taught in May; and the known technique of security criteria being that client has the latest updated operating system, to Van Dussen’s known system of tunnel taking various forms such as Layer 2 (L2) tunneling protocols like VXLAN, so as to provide improvement to yield the predictable result of secure connection, that can be used to migrate to overlay network dynamically created in computing service provider network, without any impact to existing corporate infrastructure (Van Dussen [0056] “secure transport layer tunnel can provide a link layer (i.e., L2) …With an L2 network overlay, instances of an application executing…can be seamlessly migrated to the overlay network dynamically created in computing service provider network 404A, without any impact to existing corporate infrastructure”).

Claim 10. May in view of Kerr disclosed the communication method according to claim 9, further comprising: establishing, when the version of the OS of the terminal is not the latest version (May [0116] “operating system program configuration may be determined by reading the operating system configuration codes 64 and the gateway node 12 may be configured [i.e. establishing] to prevent data transmissions from client computers 14 that do not have a certain configuration or version of operating system. For example, data transmissions may be prevented from client computers 14 that have Microsoft Windows XP operating system installed, but which have not installed a service pack (SP) such as SP2.” And see FIG. 8 step “252 Status Information meets criterion?” if the answer is “N” such as aforementioned have Microsoft Windows XP operating installed but SP2 not installed, then go to “Take action 256”), a connection using (May, FIG. 1, 5, and [0101] “the first interface 28 and/or the second interface…may be…logical interface such as a tunnel”) between the virtual network device and the security apparatus (May, FIG. 8 and [0141] process 256 “the processor circuit 140 of the gateway node 12 may send an HTTP redirect response to the client computer 14, which redirects [i.e. set a path] the client computer to a web page…The web page may include links to network resources [i.e. security apparatus, aforementioned network resource location] for downloading data…or updating the configuration of the client computer”).
May in view of Kerr did not explicitly disclose that the tunnel being an L2 tunnel.
	However analogous art Van Dussen disclosed the tunnel being an L2 tunnel (Van Dussen [0056] “tunnel 442 can take other forms, such as various types of virtual private network (VPN) or Layer 2 (L2) tunneling protocols like VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE), or other suitable overlay network protocol”)
	A person having ordinary skill in the art would have been motivated before the effective filing date of the claimed invention, to apply the known technique of checking client operating system version to see if criterion is met so as to allow data transmission to continue or redirect via tunnel interface to another network resource location for updating the client computer, as taught in May; and the known technique of security criteria being that client has the latest updated operating system, to Van Dussen’s known system of tunnel taking various forms such as Layer 2 (L2) tunneling protocols like VXLAN, so as to provide improvement to yield the predictable result of secure connection, that can be used to migrate to overlay network dynamically created in computing service provider network, without any impact to existing corporate infrastructure (Van Dussen [0056] “secure transport layer tunnel can provide a link layer (i.e., L2)…With an L2 network overlay, instances of an application executing…can be seamlessly migrated to the overlay network dynamically created in computing service provider network 404A, without any impact to existing corporate infrastructure”).


Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Chanda et al. US 2020/0014662 [0028] “In some embodiments, the firewall engine 208 can allow, block, or re-route data message flows based on any number of context attributes…these context-based firewall rules can block data message flows associated with …use of old version of software”; [0038] “VXLAN is an L2 overlay scheme over a Layer 3 (L3) network. VXLAN encapsulates an Ethernet L2 frame in IP (MAC-in-UDP encapsulation) and allows VMs to be a part of virtualized L2 subnets operating in separate physical L3 networks”; also see [0043] “the firewall action parameter 504 can be…re-route…a rule identifier can also include a context attributes, such as…application version”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALBERT SHIH whose telephone number is (571)272-5631. The examiner can normally be reached Monday-Friday 8:00am - 4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.K.S./Examiner, Art Unit 4173                                                                                                                                                                                                        

/ALEXANDER LAGOR/SPE Trainer, Art Unit 4173