DETAILED ACTION

This non-final office action is in response to claims 1-19 filed December 02, 2020 for examination. Claims 1-19 are being examined and are pending. 
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Preliminary Amendment

Preliminary amendment to the claims, filed 12/02/2020 has been acknowledged.
Information Disclosure Statement

The information disclosure statement filed 05/10/2021 has been placed in the application file and the information referred to therein has been considered as to the merits. 
Drawings

The drawings filed on 12/02/2020 have been accepted.
	
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	A)	The following claim languages are vague and indefinite:
Claims 1-4, 6-9, 12, 14-16: Claim recites “a number of VPN, each of the number of VPN…”, further recites “one of the number of VPN.”  Claim language “a number of the VPN” is unclear. It seems claim language is meant to be multiple VPNs. For examination purpose, the examiner construes “a plurality of VPN, each of the pluralities of VPN.” “one of the pluralities of VPN”
	Claim recites “to access at least part of the VPN profile of the VPN of the at least one VPN of the number of VPN” Claim language is not clear as it recites “..of the VPN of the at least one VPN of the number of VPN”
	Claims 3-5: Claim recites “to provide a further part of the VPN profile” It is unclear what a further part of the VPN profile means. 
	Claim 9: Claim recites “…to isolate processes and data of a mobile device from other processes and data of the mobile device.” It is unclear which processes are being isolated from which process. Examiner suggests to us “first/one”, “second/another” etc. to separate one process from another such as “…to isolate first/one process and data of a mobile device from second/another process and data of the mobile device.”
Dependent claims 5, 10-11, 13, and 17-19 do not cure the deficiencies set forth above.
	B)	The following claim language lacks antecedent basis:
	Claim 12. Claim recites “the mobile device” lacks antecedent basis.
	Claim 14: Claim recites “the step of” lacks antecedent basis.
C) For claims 1, 3, 5, and 16:
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 
The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification, as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a mobile device container configured to, the system configured to” in claims 1, 3, 5, 16 However, nowhere in specification clearly mentioned corresponding hardware structure or hardware with algorithm for a mobile device container and system. 
“A general purpose computer is usually only sufficient as the corresponding structure for performing a general computing function (e.g., “means for storing data”), but the corresponding structure for performing a specific function is required to be more than simply a general purpose computer or microprocessor.” (MPEP 2181)
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
** The examiner has found and cited several issues regarding 35 U.S.C. 112 rejections above. It is respectfully requested that, in preparing responses, the applicant check the claims for further 35 U.S.C. 112 rejections in the event that it was inadvertently missed by the examiner to advance prosecution.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 12-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because independent claim 12 recites “A mobile device container” but fails to positively recite any structural components, hardware features, or functional elements that are configured to perform. MPEP 2106.03 (I) dictates the Four Categories of Statutory Subject Matter where a machine (also known as a “device”) must be a “concrete thing, consisting of parts, or of certain devices and combination of devices.” Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d 1717, 1719 (Fed. Cir. 2014). This category “includes every mechanical device or combination of mechanical powers and devices to perform some function and produce a certain effect or result.” Nuijten, 500 F.3d at 1355, 84 USPQ2d at 1501 (quoting Corning v. Burden, 56 U.S. 252, 267, 14 L. Ed. 683, 690 (1854)). As the courts’ definitions of machines, manufactures and compositions of matter indicate, a product must have a physical or tangible form in order to fall within one of these statutory categories. Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d at 1719 (“For all categories except process claims, the eligible subject matter must exist in some physical or tangible form.”). Claim recites a first interface, a second interface which could be interpreted as software only. Therefore, claim 12 fails to fall into one of the four categories of statutory subject matter. 
Dependent Claim 13, which depends upon the device as claimed in claim 12, fails to positively recite any structural components, hardware features, or functional elements that would qualify as statutory subject matter. Therefore, claim 13 is also rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-3, 14, and 18-19 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by EP 2,629,570 A1 to TSE et al. hereinafter “TSE”.
Regarding claim 1, TSE disclosed a system for establishing a secure connection between a mobile device container and a number of virtual private networks (VPN), comprising:
a mobile device container, configured to isolate a portion of a mobile device from another portion of the mobile device; (Para. 0077, In certain situations, a dual or plural mode of operation may exist for a mobile device, where the mobile device may run certain applications and access certain data in one portion that is not accessible or cannot be run in a second portion. Such modes of operation are described as "perimeters" herein. For example, a work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. Para. 0079, Corporate perimeter 930 may comprise a portion of memory on the mobile device segregated for data, applications, or both, which may be considered sensitive to a business, corporation, enterprise, government, non-profit organization, a user of the device or any other entity setting an information technology policy for the computing device.) 
a number of VPN, each of the number of VPN having a VPN profile; (Para. 0077. A work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. The perimeter of the application that wants a network connection may determine which network connection profile and consequently which interface may be used to establish the VPN connection. Para. 0059-0061, 0063. VPN having VPN profiles) 
a cryptographic token, configured to provide at least part of the VPN profile of at least one of the number of VPN; (Para. 0013.  Applications or data may be encrypted with a key associated with a perimeter and applications or data for a plurality of perimeters may be stored together. Para. 0111-0113, The encryption key for the stored data may be stored on mobile device 1005 (i.e. mobile device is used as cryptographic token), Para. 0059) 
a communication link, configured to link the mobile device container and the cryptographic token; (Para. 0111-0112.The corporate data may then be provided over a connection 1060 between mobile device 1005 and computing device 1000. Connection 1060 may comprise any short or long range wired or wireless connection, and examples of such connections include Bluetooth.TM., USB, Infrared Data Assn (IrDA), Wi-Fi, Radio-frequency identification (RFID), Near Field Communication (NFC) connections, among others. Communication over link 1060 can be secure.) wherein, to establish a secure connection to the at least one VPN of the number of VPN, the mobile device container is configured to access at least part of the VPN profile of the VPN of the at least one VPN of the number of VPN through the communication link configured to link the mobile device container and the cryptographic token (Para. 0077. A work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. The perimeter of the application that wants a network connection may determine which network connection profile and consequently which interface may be used to establish the VPN connection. Para. 0112, 0132. Communication over link 1060 can be secure. That is, corporate data that is passed to computing device 1000 or back to mobile device 1005 may be encrypted using a key known to both computing device 1000 and mobile device 1005. If a user provisions a connection by creating a connection profile, this may be considered to be a personal connection. On the other hand, if a connection is provisioned to the device based on an information technology policy at an enterprise server, for example by providing the device with a connection profile, this may be considered to be an enterprise connection. In some cases, personal connections may be migrated to enterprise connections through communication with the enterprise server. Other ways of designating a connection as personal or enterprise are also possible. See further 0059-0062).
Regarding claim 2, TSE further disclosed the system according to claim 1, wherein the number of VPN is configured to any of a multi-hop VPN, a double-hop VPN, a chaining VPN, a cascading VPN, subsequent VPN (Para. 0061-0063).
Regarding claim 3, TSE further disclosed the system according to claim 2, wherein the system is configured to provide a further part of the VPN profile of the at least one of the number of VPN to establish a secure connection to the VPN of the number of VPN, wherein at least one of the mobile device container, the VPN of the number of VPN, the communication link, is configured to provide the further part of the VPN profile (Para. 0111-0112, 0132).
Regarding claim 14, TSE disclosed a method for establishing a secure connection between a mobile device container, configured to isolate a portion of a mobile device from another portion of the mobile device, and a number of virtual private network (VPN) (Para. 0077, In certain situations, a dual or plural mode of operation may exist for a mobile device, where the mobile device may run certain applications and access certain data in one portion that is not accessible or cannot be run in a second portion. Such modes of operation are described as "perimeters" herein. For example, a work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. Para. 0079, Corporate perimeter 930 may comprise a portion of memory on the mobile device segregated for data, applications, or both, which may be considered sensitive to a business, corporation, enterprise, government, non-profit organization, a user of the device or any other entity setting an information technology policy for the computing device.), comprising the steps of: accessing at least part of a VPN profile of a VPN of the number of VPN from a smart card, wherein the step of accessing at least part of a VPN profile further comprises cryptographic processes connecting to the VPN (Para. 0013.  Applications or data may be encrypted with a key associated with a perimeter and applications or data for a plurality of perimeters may be stored together. Para. 0111-0113, The encryption key for the stored data may be stored on mobile device 1005 (i.e. mobile device is used as cryptographic token), Para. 0059).
Regarding claim 18, TSE further disclosed the system according to claim 1, wherein the VPN profile of each of the number of VPN comprises at least one of: a challenge response authentication, user identification (ID), mobile device ID, mobile device container ID, a cryptographic key, an encrypted key, a private key, a public key, a certificate, public key certificate, generic secret, personal identification number (PIN), password, one-time password, application programming interface (API) key, API token, biometric identification, fingerprint identification, palm veins identification, face identification, DNA identification, palmprint identification, iris identification, hand geometrics identification, retina identification, voice ID identification, VPN server information, port number, hostname, network address, target system, configuration information, time-out information, compression information, IP address, identification number in at least one of plaintext cyphertext (TSE, Para. 0112, 0133.).
Regarding claim 19, TSE further disclosed the system according to claim 1, wherein the cryptographic token is provided by at least one of: a smart card, an integrated circuit card (ICC), a universal serial bus (USB) medium, a quick response (QR) code, an optical medium, an audio medium, a photographic medium, a holographic medium, a transaction authentication number (TAN) generator, a smart watch, a near field communication (NFC) medium, a radio-frequency identification (RFID) medium, a user. and wherein the communication link comprises at least one of Bluetooth, a wired card reader, a wireless card reader, NFC, RFID, a body area network (BAN), a biometric recognition device, an optical recognition device, a QR recognition device, a fingerprint recognition device, a palm veins recognition device, a face recognition device, a DNA recognition device, a palmprint recognition device, an iris recognition device, a hand geometrics recognition device, a retina recognition device, a voice ID recognition device (TSE, Para. 0159, 0172-0173).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 9-10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over TSE in view of US 2013/0297933 A1 to Fiducia et al. hereinafter “Fiducia”.
Regarding claim 9, TSE disclosed a smart card, comprising: memory, cryptographic logic, a central processing unit, a communication interface configured to communicate with a mobile device container, (Para. 0009-0011. Computing device 100. Para. 0112) wherein the mobile device container is configured to isolate processes and data of a mobile device from other processes and data of the mobile device, (Para. 0077, In certain situations, a dual or plural mode of operation may exist for a mobile device, where the mobile device may run certain applications and access certain data in one portion that is not accessible or cannot be run in a second portion. Such modes of operation are described as "perimeters" herein. For example, a work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. Para. 0079, Corporate perimeter 930 may comprise a portion of memory on the mobile device segregated for data, applications, or both, which may be considered sensitive to a business, corporation, enterprise, government, non-profit organization, a user of the device or any other entity setting an information technology policy for the computing device.) and wherein the mobile device container is configured to establish a secure connection to a number of VPN, (Para. 0111-0112.The corporate data may then be provided over a connection 1060 between mobile device 1005 and computing device 1000. Connection 1060 may comprise any short or long range wired or wireless connection, and examples of such connections include Bluetooth.TM., USB, Infrared Data Assn (IrDA), Wi-Fi, Radio-frequency identification (RFID), Near Field Communication (NFC) connections, among others. Communication over link 1060 can be secure.) each VPN having a VPN profile, (Para. 0077. Para. 0059-0061, 0063. VPN having VPN profiles) wherein the smart card is configured to provide, using the cryptographic logic, upon request of the mobile device container, at least part of a VPN profile of a VPN of the number of VPN (Para. 0077. A work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. The perimeter of the application that wants a network connection may determine which network connection profile and consequently which interface may be used to establish the VPN connection. Para. 0059-0061, 0063. VPN having VPN profiles. Para. 0112, 0132. Communication over link 1060 can be secure. That is, corporate data that is passed to computing device 1000 or back to mobile device 1005 may be encrypted using a key known to both computing device 1000 and mobile device 1005. If a user provisions a connection by creating a connection profile, this may be considered to be a personal connection. On the other hand, if a connection is provisioned to the device based on an information technology policy at an enterprise server, for example by providing the device with a connection profile, this may be considered to be an enterprise connection. In some cases, personal connections may be migrated to enterprise connections through communication with the enterprise server. Other ways of designating a connection as personal or enterprise are also possible. See further 0059-0062)
TSE’s computing device is interpreted as smart card, however the analogous art Fiducia explicitly teaches a smart card employ public key infrastructure and establish secured VPN connection (Fiducia, Para. 0005, 0009, See also abstract.)
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of TSE by including the smart card as taught by Fiducia into TSE’s computing device in order to ease the authorization and employment of a secure mobile solution in an enterprise (Fiducia, Para. 0009).
Regarding claim 10, TSE-Fiducia combination further disclosed the smart card according to claim 9, wherein the VPN profile comprises at least one of the following: a challenge response authentication, user identification (ID), mobile device ID, mobile device container ID, a cryptographic key, an encrypted key, a private key, a public key, a certificate, public key certificate, generic secret, personal identification number (PIN), password, one-time password, API key, API token, biometric identification, fingerprint identification, palm veins identification, face identification, DNA identification, palmprint identification, iris identification, hand geometrics identification, retina identification, voice ID identification VPN server information, port number, hostname, network address, target system, configuration information, time-out information, compression information, IP address, identification number, in at least one of plaintext cyphertext (TSE, Para. 0112. Fiducia, Para. 0005, 0031).
Regarding claim 12, TSE disclosed a mobile device container, configured to isolate a portion of the mobile device from another portion of the mobile device (Para. 0077, In certain situations, a dual or plural mode of operation may exist for a mobile device, where the mobile device may run certain applications and access certain data in one portion that is not accessible or cannot be run in a second portion. Such modes of operation are described as "perimeters" herein. For example, a work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. Para. 0079, Corporate perimeter 930 may comprise a portion of memory on the mobile device segregated for data, applications, or both, which may be considered sensitive to a business, corporation, enterprise, government, non-profit organization, a user of the device or any other entity setting an information technology policy for the computing device.), comprising a first interface, configured to securely connect to a number of VPN, a second interface, configured to communicate with an integrated circuit card (ICC), (Para. 0007. The present disclosure provides a method at a computing device, the method comprising: maintaining, at the computing device, a prioritized list of connection interfaces available for virtual private network connection; 0033.  Line 212 showing a first cellular interface and line 214 showing a second cellular interface, indicate both are accessible from a mobile device and can both be used for VPN connections. Para. 0061.) wherein the ICC is configured to provide at least part of a VPN profile of a VPN of the number of VPN, wherein, for establishing a secure connection to the VPN of the number of VPN over the first interface, the mobile device container is configured to access at least part of the VPN profile of the VPN of the number of VPN over the second interface (Para. 0077. A work perimeter may be used for enterprise applications and data, and a personal perimeter may be used for personal applications and data. The perimeter of the application that wants a network connection may determine which network connection profile and consequently which interface may be used to establish the VPN connection. Para. 0112, 0132. Communication over link 1060 can be secure. That is, corporate data that is passed to computing device 1000 or back to mobile device 1005 may be encrypted using a key known to both computing device 1000 and mobile device 1005. If a user provisions a connection by creating a connection profile, this may be considered to be a personal connection. On the other hand, if a connection is provisioned to the device based on an information technology policy at an enterprise server, for example by providing the device with a connection profile, this may be considered to be an enterprise connection. In some cases, personal connections may be migrated to enterprise connections through communication with the enterprise server. Other ways of designating a connection as personal or enterprise are also possible. See further 0059-0062).
TSE’s computing device is interpreted as integrated circuit card, however the analogous art Fiducia explicitly teaches a smart card employ public key infrastructure and establish secured VPN connection (Fiducia, Para. 0005, 0009, See also abstract.)
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of TSE by including the smart card as taught by Fiducia into TSE’s computing device in order to ease the authorization and employment of a secure mobile solution in an enterprise (Fiducia, Para. 0009).
Regarding claim 13, TSE-Fiducia combination further disclosed the mobile device container according to claim 12, wherein the VPN profile comprises at least one of the following: a challenge response authentication, user identification (ID), mobile device ID, mobile device container ID, a cryptographic key, an encrypted key, a private key, a public key, a certificate, public key certificate, generic secret, personal identification number (PIN), password, one-time password, API key, API token, biometric identification, fingerprint identification, palm veins identification, face identification, DNA identification, palmprint identification, iris identification, hand geometrics identification, retina identification, voice ID identification VPN server information, port number, hostname, network address, target system, configuration information, time-out information, compression information, IP address, identification number, in at least one of plaintext cyphertext (TSE, Para. 0112. Fiducia, Para. 0005, 0031).

Allowable Subject Matter
Claims 4, 11, 15-17 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, 35 U.S.C. 101 set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  None of the prior arts on the record teaches the following limitation if incorporated into the base claim and any intervening claims.
Claim 4. The system according to claim 3, further comprising an additional cryptographic token, configured to provide the further part of the VPN profile of the at least one of the number of VPN; an additional communication link, configured to link the mobile device container and the additional cryptographic token; wherein, to establish a secure connection to the at least one VPN of the number of VPN, the mobile device container is configured to access the further part of the VPN profile of the at least one of the number of VPN from at least one of the mobile device container, the VPN of the number of VPN, the communication link, the additional cryptographic token.
Dependent claims 5-8 would also be allowable based on their dependency to allowable claim 4.
Claim 11. The smart card according to claim 10, wherein the smart card is further configured, upon a subsequent request of the mobile device container, to selectively provide at least part of a subsequent VPN profile only if the mobile device container successfully established a secure connection to the VPN.
Claim 15. The method according to claim 14, further comprising accessing at least part of a VPN profile of a subsequent VPN of the number of VPN selectively provided upon successful connection to the VPN by at least one of the smart card, the mobile device container, the VPN of the number of VPN, the communication link, a cryptographic token, connecting to the subsequent VPN.
Claim 16. The system according to claim 1, wherein the system is configured to provide a further part of the VPN profile of the at least one of the number of VPN to establish a secure connection to the VPN of the number of VPN, wherein at least one of the mobile device container, the VPN of the number of VPN, the communication link, is configured to provide the further part of the VPN profile.
Claim 17. The system according to claim 1, wherein, to establish a secure connection to a subsequent VPN, the system is further configured to selectively provide at least part of the VPN profile of the subsequent VPN only if the connection between the mobile device container and the VPN has been successfully established.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
WO 2007/059624 A1 (Risvan et al.): [0006] The present method and system overcome the deficiencies of the prior art by allowing the connection to a VPN merely by connecting a mobile device to a computer. In one embodiment, the mobile device preferably includes configuration information, such as password, user profile, and information about a remote virtual private network server, stored on the device. When connected, the mobile device tells the computer to initiate virtual private network (VPN) software situated on the computer, and the information from the mobile device is then passed to the VPN software. This enables the connection of the computer to a VPN without the user having to enter any information. 
US 2007/0271606 A1 (Amann et al.): [0004] Typically, VPN clients for wired or wireless communications devices are implemented in software so that they can be conveniently and easily downloaded from a remote server onto a wireless communications device. Less typically, these VPN clients are implemented in hardware and either incorporated into the design of the communications device or implemented as a smart card for insertion into the communications device as an option. One software VPN client is described in United States patent application 2004/0268148 A1 and assigned to Samsung Electronics Co. As described on page 2 starting with the description of FIG. 2, the VPN client is installed in the mobile device by downloading the client using an ordinary web browser. Once installed in the mobile device, the VPN client operates to communicate with a security service manager server in order to establish and maintain a secure and authenticated communication session. Another VPN client is described in U.S. Pat. No. 6,079,020 assigned to VPnet Technologies, Inc. As explained in column 6, starting on line 25, the VPN client can be implemented in either software or in hardware. The structure and operation of the VPN client is described starting in column 8, on line 41. US patent application 2004/0208155 A1 describes a VPN client implemented in hardware. As explained on page one, paragraph 6, a hardware implementation is used in order maintain the performance of a mobile communication system. Page 6, paragraph 27 of WO2005/057341 A2 assigned to Koolspan, Inc. describes a hardware implementation of a VPN client which in this case is contained in a smart card. The smart card is inserted into a wireless communications device to provide VPN functionality. The applicant describes an advantage of the smart card VPN implementation as being that it provides a technique for remote, secure access without requiring a VPN client program.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Shawnchoy Rahman/Primary Examiner, Art Unit 2438