DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 02/09/2021. Claims 1-20 are currently pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/25/2021 was filed before the mailing date of the office action on 11/16/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 1 is objected to because of the following informalities: 
Regarding claim 1, line 8 of the claim reads “adata” which may be a typo error.  Appropriate correction is required.
Claim Rejections - 35 USC § 112
5.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


   Claim 1, 3, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1 and 20, the term “the behavior” was recited without sufficient antecedent for the term. It is not clear which behavior is being referred to.
Regarding claim 3, the term “the resource” was recited also without sufficient antecedent. It is unclear which resource is being referenced in the claim. 

Claim Rejections - 35 USC § 103
  The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

       Claims 1-7, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pat. No 10623285 to Shevade et al. (hereinafter Shevade) in view of US PGPub. No. 20160036833 to Ardeli et al. (hereinafter Ardeli)

 
Regarding claim 1, Shevade discloses a method, comprising: 
determining whether a virtual private network concentrator (VPNC) gateway (FIG. 4, Col. 14, lines 39-40 “primary PPE 410A”) is healthy (FIG. 12, Col. 25, lines 14-17 “inter and intra-PPE- pair health checks”), wherein the VPNC gateway is from a plurality of VPNC gateways (FIG. 4, Col. 14, lines 39-43 “primary PPE 410A, primary PPE 410K”) across one or more data centers of a network to receive forwarded traffic from the user (FIG. 4, Col. 14, lines 39-45 “440A, primary PPE 440B”); 
in response to determining that the VPNC gateway is healthy (FIG. 1, Col. 11, lines 11-17, wherein the PPE 110A is determined to be healthy by being able to send and receive VPN traffic), determining whether a service is healthy ( Col. 8, lines 4-8, “ensure that potential problems with VPN connectivity (as well as other types of provider network services) are dealt with promptly and effectively”), wherein the service is provided by a destination at a data center of the network (FIG. 1, Col. 9, lines 21-29,customer data center 140, and provider network 102); 
and in response to determining that the service is healthy, selecting the VPNC gateway to receive the forwarded traffic from the user (FIG. 4, Col. 14, lines 60-67 through Col. 15, line 1, wherein packets are being sent and received from between customer C1 to customer device 145A through PPE 410A); 
and in response to determining that the service is not healthy or in response to determining that the VPNC gateway is not healthy (Col. 11, lines 26-30,…”, in the event that the probability of a potential failure of the primary PPE, as estimated by a health management service…”), dynamically selecting a VPNC gateway from the plurality of VPNC gateways (FIG. 4, from secondary PPEs 410B or 410L) across the one or data centers for communicating traffic from the user based on the user rank (Col. 11, lines 30-34,  “in response to a detection of an overload condition at the primary PPE, some of its workload may be offloaded to the secondary PPE by making the appropriate network configuration changes”)  
However, Shevade even though designated PPEs as primary/active and secondary/standby or passive which examiner equates to ranking, does not explicitly disclose the following limitation:
assigning a ranking to a user based on one or more factors relating to the behavior of the user, wherein the user is associated with a client device; 
Ardeli discloses a reputation module that determines reputation score for clients based on the client activities in the network (¶0052, “…the reputation module 314 determines a reputation score for the client 170 based on the activities of the client 170”, wherein the activities of the user are interpreted as the behavior of the user), and FIG. 1 wherein clients are associated with laptops
Thus, one of ordinary skill in the art would have found it obvious to modify the method of Shevade to include the concept of assigning reputation score to clients based on their behavior in the network as disclosed by Ardeli and be motivated in doing so in order to control the assigned role of the client device in the enterprise organization-Ardeli abstract in part

Regarding claim 2, Shevade in view of Ardeli discloses the method of claim 1.
Shevade further discloses wherein determining that the VPNC gateway is healthy comprises: 
dynamically measuring a device health associated with the VPNC gateway (Col. 20, lines 65-67 “health metrics relevant to VPN connections may be obtained from a plurality of PPEs 1010 distributed around the provider network”); 
comparing the measured device health with a health/performance threshold (Col. 8, lines 29-31 “determines whether the probability of a failure at a monitored resource is above a first threshold.”); 
and determining that the measured device health is greater than the health/performance threshold (Col. 22, lines 59-61 “based on such a first analysis, that a probability that the monitored resource is in an unhealthy state is above a threshold”); 
.  

Regarding claim 3, Shevade in view of Ardeli discloses the method of claim 2.
Shevade further discloses wherein the measured device health is associated with at least one of the resource (Col. 26, lines 11-14 “the HMS may set up a logically similar network path to verify, for example, the encryption and decryption capabilities of the PPE 1310 and the speed with which the PPE is able to perform its protocol processing”) availability of the VPNC gateway and the performance (Col. 26, lines 30-33 “checked for functionality (i.e., whether the PPE's encryption feature is working as expected) and/or performance (how long the packets take to reach their destination”) of the VPNC gateway.  

Regarding claim 4, Shevade in view of Ardeli discloses the method of claim 3.
Shevade further discloses wherein dynamically measuring the health associated with the VPNC gateway comprises monitoring Transmission Control Protocol (TCP)/ User Datagram Protocol (UDP) or Internet Control Message Protocol (ICMP) (Col. 25, lines 25-28 “TCP/IP”) uplink health checks (FIG. 12, Col. 25, lines 13-22 “peer health checks for the PPEs”) for each of the plurality of VPNC gateways at the data center.  


Regarding claim 5, Shevade in view of Ardeli discloses the method of claim 1.
Ardeli further discloses wherein assigning a ranking to a user comprises: 
calculating a user score for the user, wherein the score is based on one or more factors relating to the behavior of the user (¶0051 “…determining a reputation score for the one or more clients 170 based on the client activities”).; 
and assigning a rank of criticality to the user if the calculated user score is larger than a minimum (¶0059, wherein upgrading the client to a more privileged role if the reputation score is above or equal to the upgrade threshold is interpreted as assigning a rank of criticality to the user); 
and assigning a rank of non-critical to the user if the calculated score is less than a threshold (¶0058, wherein downgrading the client to a less privileged role if the reputation score is lower than a downgrade threshold is interpreted as assigning a rank of non-critical to the user).  
Thus, one of ordinary skill in the art would have found it obvious to modify the method of Shevade and Ardeli in claim 1 to include the concept of assigning a more privileged role or a less privileged role to the user as disclosed by Ardeli and be motivated in doing so in order to prevent the user from spreading spyware or malware to other clients 170, generating a denial of service attack, consuming network resources for unproductive purposes, etc- Ardeli ¶0058 in part.


Regarding claim 6, Shevade in view of Ardeli discloses the method of claim 5.
Shevade further discloses wherein the one or more factors relating to the behavior of the user comprises one or more of: location (Col. 1, lines 9-10 “geographical locatons”), bandwidth consumed by critical applications (Col. 7, lines 39-44, “network bandwidth”), quality of service (QoS) of the traffic (Col. 27, lines 38-44, “…measures of service quality…”), user reputation, user threat/security score (Col. 4, lines 33-40, the likelihood of security breaches…”), and user role.  

Regarding claim 7, Shevade in view of Ardeli discloses the method of claim 5.
Shevade further discloses wherein the VPNC gateway is designated as a primary VPNC gateway from the plurality of VPNC gateways at the data center, and a different VPNC gateway from the plurality of VPNC gateways at the data center is designated as a secondary VPNC gateway (FIG. 4, Col. 6, lines 6-20 “Primary or active PPE and Secondary or standby PPE”).  

Regarding claim 20, Shevade discloses a system, comprising: 
a hardware processor (FIG. 19, processor 9010, Col. 33, lines 37-38); and 
a non-transitory machine-readable storage medium encoded with instructions executable by the hardware processor to perform a method for dynamically selecting a virtual private network concentrator (VPNC), (Col. 34, lines 42-52, “non-transitory storage media or memory media”) the method comprising: 
determining whether a virtual private network concentrator (VPNC) gateway (FIG. 4, Col. 14, lines 39-40 “primary PPE 410A”) is healthy (FIG. 12, Col. 25, lines 14-17 “inter and intra-PPE- pair health checks”), wherein the VPNC gateway is from a plurality of VPNC gateways (FIG. 4, Col. 14, lines 39-43 “primary PPE 410A, primary PPE 410K”) across one or more data centers of a network to receive forwarded traffic from the user (FIG. 4, Col. 14, lines 39-45 “440A, primary PPE 440B”); 
in response to determining that the VPNC gateway is healthy (FIG. 1, Col. 11, lines 11-17, wherein the PPE 110A is determined to be healthy by being able to send and receive VPN traffic), determining whether a service is healthy ( Col. 8, lines 4-8, “ensure that potential problems with VPN connectivity (as well as other types of provider network services) are dealt with promptly and effectively”), wherein the service is provided by a destination at the data center of the network (FIG. 1, Col. 9, lines 21-29,customer data center 140, and provider network 102); 
and in response to determining that the service is healthy, selecting the VPNC gateway to receive the forwarded traffic from the user (FIG. 4, Col. 14, lines 60-67 through Col. 15, line 1, wherein packets are being sent and received from between customer C1 to customer device 145A through PPE 410A); 
and in response to determining that the service is not healthy or in response to determining that the VPNC gateway is not healthy (Col. 11, lines 26-30,…”, in the event that the probability of a potential failure of the primary PPE, as estimated by a health management service…”), dynamically selecting a VPNC gateway from the plurality of VPNC gateways (FIG. 4, from secondary PPEs 410B or 410L) across the one or data centers for communicating traffic from the user based on the user rank (Col. 11, lines 30-34,  “in response to a detection of an overload condition at the primary PPE, some of its workload may be offloaded to the secondary PPE by making the appropriate network configuration changes”)  
		However, Shevade does not explicitly disclose the following limitation:
assigning a ranking to a user based on one or more factors relating to the behavior of the user, wherein the user is associated with a client device; 
Ardeli discloses a reputation module that determines reputation score for clients based on the client activities in the network (¶0052, “…the reputation module 314 determines a reputation score for the client 170 based on the activities of the client 170”, wherein the activities of the user are interpreted as the behavior of the user), and FIG. 1 wherein clients are associated with laptops
Thus, one of ordinary skill in the art would have found it obvious to modify the method of Shevade to include the concept of assigning reputation score to clients based on their behavior in the network as disclosed by Ardeli and be motivated in doing so in order to control the assigned role of the client device in the enterprise organization-Ardeli abstract in part


10.	Claims 10-17 are rejected under 35 U.S.C. 103 as being unpatentable over US Pat. No 10623285 to Shevade et al. (hereinafter Shevade) in view of US Pat. No 10623285 to Shevade et al. (hereinafter Shevade).

Regarding claim 10, Shevade discloses system comprising: 
a network (FIG. 1, provider network 102); 
a plurality of client devices at the branch office (Col. 4, lines 58-60 “devices at the customer's data center or office premises”); 
a branch office gateway at the branch office, the branch office gateway forwarding traffic from the plurality of client devices to the network (FIG. 4, Col. 6, lines 21-55, “…packets of customer C1's traffic may be transmitted in either direction between C1's data center and C1's IVN…”); 
one or more data centers associated with the network (FIG. 4 “data centers 440A and 440B); 
and a plurality of VPNC (FIG. 4, PPE 410 A, 410B, 410K and 410L) gateways across the one or more data centers (FIG. 4, data centers 440A and 440B), the plurality of VPNC gateways including a primary VPNC gateway (FIG. 4 PPE 410A) for communicating the forwarding traffic from the plurality of client devices via a tunnel (FIG. 4,  dual-tunnel VPN connection 452A to customer gateway 160A at data center 440A) through the network (FIG. 4, Col. 14, lines 33-45).  
 The invention of Shevade does not explicitly disclose:	
a branch office associated with the network 
However, in (Col. 1, lines 6-12), in the disclosed background of the invention, it is noted that many companies and organizations do have computer systems located in multiple distinct geographical locations (“branch offices”) to support their operations.
 In view of such teaching, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have the system of FIG. 4 in Shevade’s teachings combined with the teaching of the disclosed background of the invention and implemented in one of the organization’s distinct geographical locations (branch office) based on rationale of applying one of suitable alternate known technique to a known device (method, or product) ready for improvement to yield predictable results-MPEP 2143.I; 

Regarding claim 11, Shevade discloses the system of claim 10, wherein the branch office gateway dynamically monitors a health of each of the plurality of VPNC gateways (FIG. 12, Col. 25, lines 1-22 “peer health checks).  

Regarding claim 12, Shevade discloses the system of claim 11, wherein the branch office gateway dynamically assesses whether the primary VPNC gateway is healthy or not healthy based on the monitored health (Col. 27, lines 4-24, wherein the health of monitored node MN1 such as a primary PPE of a PPE pair is being monitored).  

Regarding claim 13, Shevade discloses the system of claim 12, wherein the branch office gateway (FIG. 1, PPE 110A), dynamically receives a rank (FIG. 1, Col. 6, lines 6-8 “primary or active PPE”) assigned to each user (FIG. 1 “customer”) associated with each of the plurality of client devices (FIG. 4 “customer devices 145A, 145B, 145K, and 145L”).  

Regarding claim 14, Shevade discloses the system of claim 13, wherein the rank is based on the behavior of the user on the network, comprising one or more of: location (Col. 1, lines 9-10 “geographical locatons”), bandwidth consumed by critical applications (Col. 7, lines 39-44, “network bandwidth”), quality of service (QoS) of the traffic (Col. 27, lines 38-44, “…measures of service quality…”), user reputation, user threat/security score (Col. 4, lines 33-40, the likelihood of security breaches…”), and user role.  
  
Regarding claim 15, Shevade discloses the system of claim 13, wherein the rank comprises a critical user ranking (Col. 19, lines 66-67 through Col. 20, line 1, “the primary or active PPE”) and a non- critical (Col. 20, lines 1-3, “secondary or backup PPE”) use ranking.  

Regarding claim 16, Shevade discloses The system of claim 10, wherein the branch office gateway dynamically selects a secondary VPNC gateway VPNC gateway for receiving the forwarding traffic from client devices associated with users assigned to the non-critical user ranking (FIG. 1, Col. 11, lines 20-23, wherein the secondary PPE 110B may be used for some of the VPN traffic between the customer data center and customer C1 120A, PPE 110B is a non-critical (passive or standby) user ranking).  

Regarding claim 17, Shevade discloses the system of claim 10, wherein the branch of dynamically selects the secondary VPNC gateway in response to dynamically assessing that the primary VPNC gateway is not healthy (Col. 11, lines 26-30 “the secondary PPE may be granted the primary role on the event of a failure at the primary PPE (or in the event that the probability of a potential failure of the primary PPE, as estimated by a health management service, exceeds a threshold)”).  

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over US Pat. No. 10623285 to Shevade et al. (hereinafter Shevade) in view of US Pat. No. 10992543 to Rachamadugu et al. (hereinafter Rachamadugu). 

Regarding claim 18, Shevade discloses the system of claim 10.
Shevade further discloses wherein secondary VPNC gateway such as PPE 110B is used for VPN traffic between the customer data center and customer C1 120A, (Col. 11, lines 26-30).
However, Shevade does not explicitly teach that such traffic is from a new client device added to the network.
Rachamadugu discloses an agent that may add a new device to a network to offload processing and to move a processing task of the overloaded device to another network device (¶0140 “…when an agent provides a status update that its associated device is overloaded, the agent may add a new device to a network to offload processing and/or move a processing task of the overloaded device to another network device).
	Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Shevade to include addition of new network devices to offload processing and move processing task of the overloaded device to another network device as disclosed by Rachamadugu and motivated in doing so in order to ensure continuous functionality of the system and to improve the network efficiency. 

Allowable Subject Matter
   Claims 8, 9, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495                                                                                                                                                                                                        

/PONNOREAY PICH/Primary Examiner, Art Unit 2495