Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), filed on 10/25/2022 in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/25/2022 has been entered.  Claims 1-3, 5-11, 13-16 and 21-24 are pending.  
Response to Arguments
2.	Applicant's arguments have been fully considered but they are not persuasive. The applicant argues the following issues.
(A)	Rejection under 35 U.S.C. 102/103
Issue 1: The applicant argues with respect to claim 1 that the amended limitations overcome current rejection.
Examiner respectfully disagrees.  See Examiner’s response and clarification in the rejection section below.
 Issue 2: The applicant’s arguments regarding other independent claims and dependent claims are based on the applicant’s argument(s) for claim 1.  
See Examiner’s response above.
Claim Rejections - 35 USC § 102
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
4.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
5.	Claims 1-3, 8-11, 16, 21-23 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Johnson et al (US 2016/0380984).
As to claim 1, Johnson discloses a computer-implemented method comprising:
determining that a first endpoint group of a network is authorized to communicate with a second endpoint group of the network (abstract; [0022], the receiving of the second authorization token indicates an authorization, wherein a community of interest associated with the first endpoint is a first endpoint group, and a community of interest associated with the second endpoint is a second endpoint group);
determining that at least one of (i) a first endpoint within the first endpoint group and (ii) a second endpoint within the second endpoint group wants to communicate with the other of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group (abstract; [0022], sending the first message including the authorization token by the first endpoint indicates that the first endpoint wants to communicate with the second endpoint); and
based at least in part on determining that at least one of (i) a first endpoint within the first endpoint group and (ii) a second endpoint within the second endpoint group wants to communicate with the other of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group, establishing a tunnel between the first endpoint and the second endpoint (abstract; [0022],”based on the receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection”);
determining, at a first point in time, that the tunnel between the first endpoint and the second endpoint should be eliminated ([0159], “In example embodiments, each endpoint established as a client or server in an on-demand or always-on configuration can have one or more plurality of attributes, including a configurable keep-alive interval useable to establish frequency of messages used to maintain a secure session between endpoints, and a grace period before which an authorization service session is closed after no keep-alive message is received” wherein determining “no keep-alive message is received” is equivalent to determining that the session/tunnel should be eliminated at a first point of time, based on the initiation of the wait time for closing the service session);
after determining that the tunnel between the first endpoint and the second endpoint should be eliminated, automatically waiting a predetermined amount of time after the first point in time (see citation in the preceding limitations, the grace period is waited after determining that “no keep-alive message is received”, before closing the session); and 
after waiting the predetermined amount of time, eliminating, at a second point in time, the tunnel between the first endpoint and the second endpoint, wherein the second point in time is later than the first point in time (see citation in the preceding limitations, close the session after the grace period of waiting time, which is after determining that “no-keep-alive message is received”).
As to claim 9, see similar rejection to claim 1.
As to claim 21, see similar rejection to claim 1.
As to claim 2, Johnson discloses the computer-implemented method of claim 1, wherein determining that the tunnel between the first endpoint and the second endpoint should be eliminated comprises:
determining that at least one of (i) the first endpoint is no longer part of the first endpoint group or (ii) the second endpoint is no longer part of the second endpoint group; and based at least in part on determining that at least one of (i) the first endpoint is no longer part of the first endpoint group or (ii) the second endpoint is no longer part of the second endpoint group, eliminating the tunnel between the first endpoint and the second endpoint (abstract; [0159], “In example embodiments, each endpoint established as a client or server in an on-demand or always-on configuration can have one or more plurality of attributes, including a configurable keep-alive interval useable to establish frequency of messages used to maintain a secure session between endpoints, and a grace period before which an authorization service session is closed after no keep-alive message is received” wherein “no keep-alive message is received” indicates that the endpoint is no longer part of the group communicating with the other endpoint).
As to claim 10, see similar rejection to claim 2.
As to claim 22, see similar rejection to claim 2.
As to claim 3, Johnson discloses the computer-implemented method of claim 1, wherein determining that the tunnel between the first endpoint and the second endpoint should be eliminated comprises:
determining that the at least one of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group no longer wants to communicate with the other of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group; and based at least in part on determining that the at least one of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group no longer wants to communicate with the other of (i) the first endpoint within the first endpoint group and (ii) the second endpoint within the second endpoint group, eliminating the tunnel between the first endpoint and the second endpoint (abstract; [0159], “In example embodiments, each endpoint established as a client or server in an on-demand or always-on configuration can have one or more plurality of attributes, including a configurable keep-alive interval useable to establish frequency of messages used to maintain a secure session between endpoints, and a grace period before which an authorization service session is closed after no keep-alive message is received” wherein “no keep-alive message is received” also indicates that the endpoint no longer wants to communicate with the other endpoint).
As to claim 11, see similar rejection to claim 3.
As to claim 23, see similar rejection to claim 3.
As to claim 8, Johnson discloses the computer-implemented method of claim 5, further comprising:
determining that the first endpoint group is no longer authorized to communicate with the second endpoint group; and based at least in part on determining that the first endpoint group is no longer authorized to communicate with the second endpoint group, eliminating all tunnels between the first endpoint group and the second endpoint group between each region in each region pair ([0022], “upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state”, wherein the termination message issued by at least one of the first and second endpoints indicates that the first endpoint  group is no longer authorized to communicate with the second endpoint group).
As to claim 16, see similar rejection to claim 8.
Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

8.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
9.	Claims 5-7, 13-15 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson, as applied to claim 1 above, and in view of Sung (US 2016/0020922).
As to claim 5, Johnson discloses the claimed invention substantially as discussed in claim 1, including:
determining regions of the network in which a first site of the network is active and regions of the network in which a second site of the network is active ([0197], “LAN”, “WAN”); 
determining the regions in which the first endpoint group is deployed ([0197], “LAN”, “WAN” for the first endpoint);
determining the regions in which the second endpoint group is deployed (0197], “LAN”, “WAN” for the second endpoint);
but does not expressly disclose based at least in part on (i) the regions in which the first endpoint group is deployed and (ii) the regions in which the second endpoint group is deployed, establishing region pairs, each region pair comprising a region in which the first endpoint group is deployed and a region in which the second endpoint group is deployed, each region in each region pair being active for communication with each other; and establishing a tunnel between the first endpoint group and the second endpoint group in each region pair.
Sung discloses based at least in part on (i) the regions in which a first endpoint group is deployed and (ii) the regions in which a second endpoint group is deployed, establishing region pairs, each region pair comprising a region in which the first endpoint group is deployed and a region in which the second endpoint group is deployed, each region in each region pair being active for communication with each other; and establishing a tunnel between the first endpoint group and the second endpoint group in each region pair (figures 1-3; each WAN interface indicates a network region; see [0045], “A tunnel, such as tunnels 201a, 201b, 201c and 201d, is established between two networks. Through a tunnel, hosts from two different networks can communicate as in the same network, such as in the same IP subnet. The tunnels, for example, can be implemented using Secure Sockets Layer (SSL), L2TP, Internet Protocol Security (IPSec) and SSL, IPSec and Layer 2 Tunneling Protocol (L2TP) or Point-to-Point Tunneling Protocol (PPTP). One or more tunnels can be established between two network interfaces, such as WAN interface 121c and 131c. Therefore, there could be more than the four tunnels, i.e. tunnels 201a, 201b, 201c and 201d, to be established between node 101 and node 102. For example, WAN interface 121b may also establish another tunnel with WAN interface 131c if wireless networks 180 can communicate with interconnected networks 171.”; see also [0105], “allows data to be transmitted to and received from node 102 through one or more tunnels. The one or more tunnels can be established via a pair of WAN interfaces, such as WAN interface 121b and WAN interface 131b.”, see also [0031]; [0035]-[0036]).
Before the effective filing date of the invention, it would have been obvious for an ordinary skilled in the art to combine Johnson with Sung.  The suggestion/motivation of the combination would have been to enable hosts from two different networks to communicate as in the same network (Sung, [0045]).
As to claim 13, see similar rejection to claim 5.
As to claim 24, see similar rejection to claim 5.
As to claim 6, Johnson-Sung discloses the computer-implemented method of claim 5, further comprising:
determining that regions within a region pair are no longer active for communication with each other; and based at least in part on determining that regions within the region pair are no longer active for communication with each other, eliminating the tunnel between the regions of the region pair (Sung, [0083], “If a connection through tunnel 201b fails, node 101 then starts using tunnel 201c and 201d for transmitting data. The connection through tunnel 201b may fail for various reasons, such as traffic congestion, tunnel 201b not having enough capacity, no network coverage, or equipment malfunctioning”, wherein “no network coverage” indicates inactive regions, and the failed tunnel is equivalent to the tunnel being eliminated).
As to claim 14, see similar rejection to claim 6.
As to claim 7, Johnson-Sung discloses the computer-implemented method of claim 6, further comprising:
prior to eliminating the tunnel between the regions of the region pair, waiting a predetermined amount of time (Johnson, [0022], “timeout”, Sung, see citation in rejection to claim 5 regarding regions).
As to claim 15, see similar rejection to claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUA FAN whose telephone number is (571)270-5311.  The examiner can normally be reached on 9-6.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571)272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/HUA FAN/Primary Examiner, Art Unit 2458