Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/21/2025 has been entered.
Claims 1-20 are pending and being considered.
Claims 1, 8 and 15 have been amended.
Response to 103
Applicant’s arguments filed on 10/24/2025 have been fully considered and are partially persuasive. In response to applicant’s argument on page 8 of remarks, the applicant argues that the VPN configuration information of Gorsica is not the same as executing a pre-configuration routine. The examiner acknowledges applicant’s point of view but respectfully disagrees because Gorsica on [0010 and 0018] teaches the computing device can use the VPN configuration information to establish VPN connection with remote device. See also on [0099] teaches the VPN configuration information allows the computing device to establish and use a VPN connection over a network to a VPN endpoint device. Just like instant application executing a pre-configuration routine enable VPN connection between risk mitigating computing device and risk assessment computing device.
Rest of applicant’s arguments are moot in view of new grounds of rejections. The arguments do not apply to the current art being used.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gorsica IV et al (hereinafter Gorsica) (US 20200344213) in view of Abraham (US 20170099159).
Regarding claim 1 Gorsica teaches a method of segmenting a communication network at a first location to (Gorsica on [0010 and claim 1] teaches the wearable device enables worldwide access to VPN servers or other VPN endpoint devices for secure data communication and privacy for a computing device);
executing, by a risk mitigation computing device within the communication network at the first location, a pre-configuration routine to access a risk assessment computer system that is remote from the first location and outside the communication network (Gorsica on [0010, 0018 and 0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 and text on [0084-0086] teaches executing VPN configuration information to establish VPN connection with remote device);
based on the execution of the pre-configuration routine, establishing, by the risk mitigation computing device, a virtual private network (VPN) tunnel between the risk mitigation computing device within the communication network and the risk assessment computer system outside the communication network (Gorsica on [0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 block 314and text on [0084-0087] teaches executing VPN configuration information to establish VPN connection with remote endpoint device);
initiating an authentication process to confirm an identity of a user operating the risk mitigation computing device (Gorsica on [0025 and 0032] teaches the user can authenticate himself or herself to both the wearable device 104 and the computing device 102 (e.g., using his or her name and password, using a scanned fingerprint, using a PIN). The wearable device 104 and the computing device 102 can then communicate with each other and verify that the same user (e.g., same user identifier) has authenticated himself or herself to both the wearable device 104 and the computing device).
Gorsica fails to explicitly teach upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel, however Abraham from analogous art teaches
and upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel (Abraham on [0024-0025] teaches a client device can establish VPN tunnels with a plurality of subnetworks which each use the same network prefix. Thus, rather than being required to disconnect a first VPN tunnel to a first subnetwork in order to establish a second VPN tunnel to a second subnetwork, a client device can have multiple simultaneously active VPN tunnels to subnetworks that share the same network prefix. Further teaches the user can begin using a second client device (e.g., desktop computer). Responsive to the user being authenticated on the second client device, the second client device can automatically retrieve the user's VPN profile to use to establish VPN tunnels to the same subnetworks i.e., interpreted in view of [0081] of instant application which discloses that adding a second device to subnetwork responsive to successful authentication).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Abraham into the teaching of Gorsica by establishing VPN connection to isolated subnetwork in response to authenticating the user. One would be motivated to do so in order to securely connect user with isolated subnetwork via VPN and prevents subnet conflicts which may arise due to attempts to establish VPN tunnels to different distinct subnetworks which use the same particular network prefix (Abraham on [0015]).
Regarding claim 8 Gorsica teaches a non-transitory computer-readable storage medium storing a plurality of instructions executable by one or more processors, the plurality of instructions when executed by the one or more processors cause the one or more processors to (Gorsica on [0107] teaches processor executing instructions stored in non-transitory memory):
execute, by a risk mitigation computing device within the communication network at the first location, a pre-configuration routine to access a risk assessment computer system that is remote from the first location and outside the communication network (Gorsica on [0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 and text on [0084-0086] teaches executing VPN configuration information to establish VPN connection with remote device);
based on the execution of the pre-configuration routine, establishing, by the risk mitigation computing device, a virtual private network (VPN) tunnel between the risk mitigation computing device within the communication network and the risk assessment computer system outside the communication network (Gorsica on [0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 block 314and text on [0084-0087] teaches executing VPN configuration information to establish VPN connection with remote endpoint device);
initiate an authentication process to confirm an identity of a user operating the risk mitigation computing device (Gorsica on [0025 and 0032] teaches the user can authenticate himself or herself to both the wearable device 104 and the computing device 102 (e.g., using his or her name and password, using a scanned fingerprint, using a PIN). The wearable device 104 and the computing device 102 can then communicate with each other and verify that the same user (e.g., same user identifier) has authenticated himself or herself to both the wearable device 104 and the computing device).
Gorsica fails to explicitly teach upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel, however Abraham from analogous art teaches
and upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel (Abraham on [0024-0025] teaches a client device can establish VPN tunnels with a plurality of subnetworks which each use the same network prefix. Thus, rather than being required to disconnect a first VPN tunnel to a first subnetwork in order to establish a second VPN tunnel to a second subnetwork, a client device can have multiple simultaneously active VPN tunnels to subnetworks that share the same network prefix. Further teaches the user can begin using a second client device (e.g., desktop computer). Responsive to the user being authenticated on the second client device, the second client device can automatically retrieve the user's VPN profile to use to establish VPN tunnels to the same subnetworks i.e., interpreted in view of [0081] of instant application which discloses that adding a second device to subnetwork responsive to successful authentication).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Abraham into the teaching of Gorsica by establishing VPN connection to isolated subnetwork in response to authenticating the user. One would be motivated to do so in order to securely connect user with isolated subnetwork via VPN and prevents subnet conflicts which may arise due to attempts to establish VPN tunnels to different distinct subnetworks which use the same particular network prefix (Abraham on [0015]).
Regarding claim 15 Gorsica teaches a risk mitigation computing device for segmenting a secure communication network at a first location to include an (Gorsica on [0010] teaches the wearable device enables worldwide access to VPN servers or other VPN endpoint devices for secure data communication and privacy for a computing device);
one or more computer processors; one or more computer readable storage media for storing computer-implemented instructions, wherein the one or more computer processors are configured to execute the computer-implemented instructions to cause the risk mitigation computing device to perform a method comprising (Gorsica on [0107] teaches processor executing instructions stored in non-transitory memory):
executing, by a risk mitigation computing device within the communication network at the first location, a pre-configuration routine to access a risk assessment computer system that is remote from the first location and outside the communication network (Gorsica on [0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 and text on [0084-0086] teaches executing VPN configuration information to establish VPN connection with remote device);
based on the execution of the pre-configuration routine, establishing, by the risk mitigation computing device, a virtual private network (VPN) tunnel between the risk mitigation computing device within the communication network and the risk assessment computer system outside the communication network (Gorsica on [0045] teaches the computing device uses VPN configuration information including VPN credential when establishing connection with remote VPN endpoint device. See on [0050 and 0059] teaches executing VPN configuration information on the computing device to establish VPN connection with remote endpoint device. See on [0061] teaches If the VPN client control system 110 determines that a VPN connection is to be established, the VPN client control system 110 sends a request for the VPN credentials to the wearable device 104. In response, VPN configuration module 118 returns the VPN credentials 114 to the computing device 102. The VPN configuration module 118 also communicates the VPN credentials 114 to the computing device 102. The computing device 102 then establishes and uses the VPN connection. See Fig 3 block 314and text on [0084-0087] teaches executing VPN configuration information to establish VPN connection with remote endpoint device);
initiating an authentication process to confirm an identity of a user operating the risk mitigation computing device (Gorsica on [0025 and 0032] teaches the user can authenticate himself or herself to both the wearable device 104 and the computing device 102 (e.g., using his or her name and password, using a scanned fingerprint, using a PIN). The wearable device 104 and the computing device 102 can then communicate with each other and verify that the same user (e.g., same user identifier) has authenticated himself or herself to both the wearable device 104 and the computing device).
Gorsica fails to explicitly teach upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel, however Abraham from analogous art teaches
and upon receiving an authentication approval associated with the authentication process, establishing, by the risk mitigation computing device, the isolated secure subnetwork within the communication network and connecting the isolated secure subnetwork to the risk assessment computer system via the VPN tunnel (Abraham on [0024-0025] teaches a client device can establish VPN tunnels with a plurality of subnetworks which each use the same network prefix. Thus, rather than being required to disconnect a first VPN tunnel to a first subnetwork in order to establish a second VPN tunnel to a second subnetwork, a client device can have multiple simultaneously active VPN tunnels to subnetworks that share the same network prefix. Further teaches the user can begin using a second client device (e.g., desktop computer). Responsive to the user being authenticated on the second client device, the second client device can automatically retrieve the user's VPN profile to use to establish VPN tunnels to the same subnetworks i.e., interpreted in view of [0081] of instant application which discloses that adding a second device to subnetwork responsive to successful authentication).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Abraham into the teaching of Gorsica by establishing VPN connection to isolated subnetwork in response to authenticating the user. One would be motivated to do so in order to securely connect user with isolated subnetwork via VPN and prevents subnet conflicts which may arise due to attempts to establish VPN tunnels to different distinct subnetworks which use the same particular network prefix (Abraham on [0015]).
Regarding claim 2, 9 and 16 the combination of Gorsica and Abraham teaches all the limitations of claims 1, 8 and 15 respectively Gorsica further teaches wherein the pre-configuration routine includes implementing a risk sensing agent at the risk mitigation computing device (Gorsica Fig 1 block 118 and text on [0020] teaches the VPN configuration module 118 of the wearable device manages the transfer of the VPN credentials 114 to the computing device 102).
Regarding claim 3, 10 and 17 the combination of Gorsica and Abraham teaches all the limitations of claims 1, 8 and 15 respectively Gorsica further teaches wherein the pre-configuration routine includes deploying cloud-based nodes capable of acting as both VPN endpoints to IoT devices and corresponding masters computing devices (Gorsica on [0017] teaches the VPN endpoint device 106 can be any of a variety of types of VPN endpoint devices accessible to the computing device 102 via a network 108. For example, the VPN endpoint device 106 can be a tower server, a rack server, a desktop computing device, a VPN router, and so forth. The network 108 can include any of a variety of different networks, such as the Internet, Wi-Fi networks, wired networks, and so forth. See on [0021] teaches the computing device 102 includes a VPN client control system 110, and the VPN endpoint device 106 includes a VPN server control system 112. The VPN client control system 110 establishes a VPN connection 120 to the VPN server control system 112).
Regarding claim 4, 11 and 18 the combination of Gorsica and Abraham teaches all the limitations of claims 1, 8 and 15 respectively Gorsica further teaches wherein the risk sensing agent is configured to perform blocking, re-routing, or logging of data traveling on the VPN with the risk assessment computer system (Gorsica Fig 1 block 118 and text on [0020] teaches the VPN configuration module 118 of the wearable device manages the transfer of the VPN credentials 114 to the computing device 102. See on [0054] teaches the VPN configuration module 118 receives or obtains input from the wear status determination module 206 indicating whether the wearable device 104 is being worn by a user. See on [0057] teaches the VPN configuration module 118 of the wearable device 104 applies the engagement rules 116. The VPN configuration module 118 can obtain the wearable device context from sensors or module).
Regarding claim 5, 12 and 19 the combination of Gorsica and Abraham teaches all the limitations of claims 1, 8 and 15 respectively Gorsica further teaches wherein the authentication process includes a biometric authentication of a user operating the risk mitigation computing device (Gorsica on [0024-0025] teaches fingerprint authentication).
Regarding claim 6, 13 and 20 the combination of Gorsica and Abraham teaches all the limitations of claims 1, 8 and 15 respectively Gorsica further teaches wherein the authentication process includes a multi-factor authentication process of a user operating the risk mitigation computing device (Gorsica on [0024-0025 and 0032-0035] teaches multi-factor authentication).
Regarding claim 7 and 14 and the combination of Gorsica and Abraham teaches all the limitations of claims 1 and 8 respectively, Gorsica further teaches further comprising: switching a destination of the secure communication network via VPN from the risk assessment computer system to a second destination (Gorsica on [0078] teaches the wearable device 104 includes a switch that allows the user to select from multiple VPN endpoint devices. The switch allows the user to specify a default VPN endpoint device for the wearable device 104 to be used for VPN connections).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOEEN KHAN/ Primary Examiner, Art Unit 2436