Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received July 12, 2022.  Claim 1 has been amended.  Therefore, claims 1-8 are pending and addressed below. 
Specifications
Applicant’s amendments to paragraph 0033 is sufficient to overcome the Specification objection, objection set forth in previous office action.  Therefore the objection is withdrawn.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-8 are rejected under 35 U.S.C. 103 as being unpatentable over TOLA (US2018/0375841 A1, publish date 12/27/2018) in view of Schwartz et al. (US20190149528 A1, publish date 05/16/2019). (on Applicant’s IDs filed 11/19/2020)

Claim 1:
With respect to claim 1, TOLA discloses a method for automatically securing endpoint device data communications (firewall and packet protection schema, Figure 40), the method comprising: 
establishing, between a first server and an endpoint device, a virtual private network (VPN) connection (utilizes a gateway server 3012 to monitor traffic, the gateway server 2012 is able to properly monitor traffic, a home user 3006 connecting through an option such as a virtual private network (VPN)” (0207, Figures 30b: Gateway Server 3012),
providing, by the first server, for the endpoint device, a network address translation (NAT) firewall service (the use of Network Address Translation (NAT) options, 0080) (firewall and packet protection schema, 0223, Figure 40); 
receiving, by the first server, a plurality of data packets from a third computing device (the virtual communications kernel 210 transmits the modified data packet to the physical layer 212, at which point the data packet may be transmitted across a network 214, 0093)
inspecting, by the first server, each of the received plurality of data packets (As a data packet travels from an application through the higher layers, the data packet can be inspected, 0083);
determining, by the first server, whether to block one of the plurality of data packets or to forward the one of the plurality of data packets to the endpoint device (Under conventional firewall and packet protection schemes, bad data 4010 can still be allowed to pass the firewall if the header information 4030 is checked and confirmed to be good, 0223) (Figure 40); and 
blocking, by the first server, the one of the plurality of data packets based upon a determination that the one of the plurality of data packets fails to satisfy a security rule (Under the security platform described above, the bad data 4010 is blocked whether the header is trusted 4050 or untrusted 4040, due in part to the redundancy of applying trusted packet rules and independent policy rules for each data packet sent through the system, 0223).


TOLA does not disclose establishing, between a first server and an endpoint device, a persistent virtual private network (VPN) connection, the endpoint device configured to automatically establish the persistent VPN connection upon establishing network connectivity; providing, by the first server, for the endpoint device, a network address translation (NAT) firewall service as claimed. 

However, Schwartz et al. teaches establishing, between a first server and an endpoint device, a persistent virtual private network (VPN) connection (a VPN profile may include a name for the profile, a description of the profile, a mobile device identification to which the profile pertains, various VPN security fields (e.g., client authentication method, enable password persistence), and various VPN parameter fields identifying connection parameters, 0060), the endpoint device configured to automatically establish the persistent VPN connection upon establishing network connectivity (In order to secure data being transmitted through this system 100, a mobile device 102A-12D might encrypt the data using methods such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), virtual private network (VPN), 0037); 
providing, by the first server, for the endpoint device, a network address translation (NAT) firewall service (allows basic routing functionality as well as the establishment of VPN, network address translation (NAT), and basic firewall, 0052). 


TOLA and Schwartz et al. are analogous art because they are from the same field of endeavor of Data communications over computer networks.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Schwartz et al. in TOLA for establishing, between a first server and an endpoint device, a persistent virtual private network (VPN) connection, the endpoint device configured to automatically establish the persistent VPN connection upon establishing network connectivity; providing, by the first server, for the endpoint device, a network address translation (NAT) firewall service as claimed for purposes of securing data being transmitted where internet is less secure and threat to security rises (see Schwartz et al. 0010, 0037).

Claim 2:
With respect to claim 2, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

TOLA discloses further comprising modifying a network connection setting of the endpoint device, the modification requiring a network adapter of the endpoint device to establish the VPN connection to the first server in order to receive network connectivity (modifications to the virtual communications kernel itself, or to operations carried out by the virtual communications kernel (e.g., modifying an encryption scheme implemented by the virtual communications kernel) may be performed through a simple update procedure, and may be tailored to a user's desires on a case-by-case basis, 0081) (The next time the VPN is turned on, that code gains access to the secured local network 214a directly through the VPN, 0207).



Claim 3:
With respect to claim 3, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

TOLA discloses further comprising modifying a network connection setting of the endpoint device, the modification disabling a second network adapter, the second network adapter configured to transmit network traffic without using the VPN connection (modifications to the virtual communications kernel itself, or to operations carried out by the virtual communications kernel (e.g., modifying an encryption scheme implemented by the virtual communications kernel) may be performed through a simple update procedure, and may be tailored to a user's desires on a case-by-case basis, 0081) (the user can simply shut down the VPN, turn on an insecure application and possibly download malicious code. The next time the VPN is turned on, that code gains access to the secured local network 214a directly through the VPN, 0207)

Claim 4:
With respect to claim 4, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

Schwatz et al. teaches wherein modifying further comprising modifying a routing table of the endpoint device forcing all network traffic to flow through the VPN connection (A policy and charging rules function (PCRF) 412 is part of a method to enforce data flow policies, 0050) (An application function (AF) 416 connects to the PCRF 412 via the Rx reference point and allows external application logic to change PCRF rules, 0051).

TOLA and Schwartz et al. are analogous art because they are from the same field of endeavor of Data communications over computer networks.

The motivation for combining TOLA and Schwartz et al. is recited in claim 1.  

Claim 5:
With respect to claim 5, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

Schwatz et al. teaches further comprising modifying a network connection setting of the endpoint device, the modification requiring all network traffic to flow through the VPN connection (A policy and charging rules function (PCRF) 412 is part of a method to enforce data flow policies, 0050) (An application function (AF) 416 connects to the PCRF 412 via the Rx reference point and allows external application logic to change PCRF rules, 0051).
TOLA and Schwartz et al. are analogous art because they are from the same field of endeavor of Data communications over computer networks.

The motivation for combining TOLA and Schwartz et al. is recited in claim 1.  

Claim 6:
With respect to claim 6, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

TOLA discloses further comprising: generating, by the first server, a log including an identification of a determination to block the one of the plurality of data packets; and transmitting, by the first server, the log to an analysis server for analysis to determine whether the blocked packet is part of a plurality of data packets comprising malicious traffic (bad data 4010 can still be allowed to pass the firewall if the header information 4030 is checked and confirmed to be good. Under the security platform described above, the bad data 4010 is blocked whether the header is trusted 4050 or untrusted 4040, due in part to the redundancy of applying trusted packet rules and independent policy rules for each data packet sent through the system, 0223, Figure 40)

Claim 7:
With respect to claim 7, the combination of TOLA and Schwartz et al. discloses the limitations of claim 1, as addressed. 

further comprising: receiving, by an analysis server, from each of a plurality of security servers, an identification of a determination to block the one of the plurality of data packets, the plurality of security servers on a network and including the first server; analyzing, by the analysis server, each received identification to determine whether there is a pattern of traffic matching a known malicious traffic pattern; analyzing, by the analysis server, each received identification to determine whether there is a pattern of traffic across endpoint devices satisfying a threshold level of anomalous traffic and comprising a malicious traffic pattern; generating, by the analysis server, an update to a security rule set based on determining that there is a malicious traffic pattern in data packets received across the network; and distributing, by the analysis server, to each of the plurality of security servers, the update to the security rule set (bad data 4010 can still be allowed to pass the firewall if the header information 4030 is checked and confirmed to be good. Under the security platform described above, the bad data 4010 is blocked whether the header is trusted 4050 or untrusted 4040, due in part to the redundancy of applying trusted packet rules and independent policy rules for each data packet sent through the system, 0223) (Firewall Rues, Trusted Packet Rules, Policy Rules, Figure 40).

Claim 8:
With respect to claim 8, TOLA discloses a method for automatically securing endpoint device data communications in a network (firewall and packet protection schema, Figure 40), the method comprising: 
receiving, by an analysis server, from each of a plurality of security servers, an identification of a determination to block at least one of the plurality of data packets (Under conventional firewall and packet protection schemes, bad data 4010 can still be allowed to pass the firewall if the header information 4030 is checked and confirmed to be good., 0223) (Figure 40) received via a virtual private network (VPN) connection from at least one endpoint device (a home user 3006 connecting through an option such as a virtual private network (VPN), 0207), the plurality of security servers on a network and including the first server (VPN Servers, 0014); 
analyzing, by the analysis server, each received identification to determine whether there is a pattern of traffic matching a known malicious traffic pattern (Under conventional firewall and packet protection schemes, bad data 4010 can still be allowed to pass the firewall if the header information 4030 is checked and confirmed to be good., 0223) (Figure 40);
analyzing, by the analysis server, each received identification to determine whether there is a pattern of traffic across endpoint devices satisfying a threshold level of anomalous traffic and comprising a malicious traffic pattern (bad/good/untrusted/trust header, Figure 40) (applying trusted packet rules and independent policy rules for each data packet sent through the system, 0223).

TOLA does not disclose via a persistent virtual private network (VPN) connection; generating, by the analysis server, an update to a security rule set based on determining that there is a malicious traffic pattern in data packets received across the network; and distributing, by the analysis server, to each of the plurality of security servers, the update to the security rule set as claimed.

However, Schwartz et al. teaches a persistent virtual private network (VPN) connection (a VPN profile may include a name for the profile, a description of the profile, a mobile device identification to which the profile pertains, various VPN security fields (e.g., client authentication method, enable password persistence), and various VPN parameter fields identifying connection parameters, 0060);
generating, by the analysis server, an update to a security rule set based on determining that there is a malicious traffic pattern in data packets received across the network (A policy and charging rules function (PCRF) 412 is part of a method to enforce data flow policies, 0050) (An application function (AF) 416 connects to the PCRF 412 via the Rx reference point and allows external application logic to change PCRF rules, 0051); and
distributing, by the analysis server, to each of the plurality of security servers, the update to the security rule set (A policy and charging rules function (PCRF) 412 is part of a method to enforce data flow policies, 0050) (An application function (AF) 416 connects to the PCRF 412 via the Rx reference point and allows external application logic to change PCRF rules, 0051).

TOLA and Schwartz et al. are analogous art because they are from the same field of endeavor of Data communications over computer networks.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Schwartz et al. in TOLA for via a persistent virtual private network (VPN) connection; generating, by the analysis server, an update to a security rule set based on determining that there is a malicious traffic pattern in data packets received across the network; and distributing, by the analysis server, to each of the plurality of security servers, the update to the security rule set as claimed for purposes of securing data being transmitted where internet is less secure and threat to security rises (see Schwartz et al. 0010, 0037).


Response to Remarks/Arguments
Applicant's arguments filed on July 12, 2022 have been fully considered but they are not persuasive.  In the remarks, Applicant argues that:

(1) Tola focuses on modifying an endpoint computing device through the installation of the virtual communications kernel on to that device (see, e.g., Tola at [0209]) but does not suggest the use of a separate computing device (e.g., a server) to determine whether or not to allow the endpoint computing device to receive intercepted packets addressed to the endpoint device.

 (2) Regarding Schwartz, Applicant respectfully submits that the VPN profile taught by Schwartz identifies connection parameters but does not teach or suggest using such parameters to configure an endpoint device to automatically establish a persistent VPN connection upon establishing network connectivity or to determine whether or not to block data intended for a recipient endpoint device.

(3) Schwartz explicitly teaches that no security functions are performed on the endpoint device at all. (see, e.g., Schwartz at col. 4, lines 61-62) and provides no teaching or suggestion of securing the inbound data packets addressed to endpoint devices.
Since Schwartz teaches away from having any functionality performed by the endoiint device, the teaching od Schwatrz cannot be applied to the system of Tola, which requires all functionality performed by the endpoint device. 


In response to remark/arguments (1), Examiner respectfully disagrees.  TOLA discloses “utilizes a gateway server 3012 to monitor traffic. … the gateway server 2012 is able to properly monitor traffic … a home user 3006 connecting through an option such as a virtual private network (VPN)” (0207, Figures 30b: Gateway Server 3012).
Therefore, Examiner maintains that combination of TOLA and Schwartz et al. does teach and suggest this limitation.
In response to remark/arguments (2) and (3), Examiner respectfully disagrees.  
Schwartz et al. teaches “In order to secure data being transmitted through this system 100, a mobile device 102A-12D might encrypt the data using methods such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), virtual private network (VPN)” (0037, Figure 1), “to encrypt data from the mobile device 102 to the secured server 118” (0057), “A VPN profile include …  mobile device identification to which the profile pertains, various VPN security fields (e.g., client authentication method, enable password persistence), and various VPN parameter fields identifying connection parameters” (0060).  Therefore, Examiner maintains that combination of TOLA and Schwartz et al. does teach and suggest this limitation.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433