Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsBlackberry Limited › 18310720
Last updated: April 19, 2026
Application No. 18/310,720

DETERMINING SECURITY OF LOCAL AREA NETWORK

Non-Final OA §101§103
Filed
May 02, 2023
Examiner
HOLLISTER, JAMES ROSS
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Blackberry Limited
OA Round
3 (Non-Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Interview Optional

+25.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 215 resolved cases, 2023–2026

Examiner Intelligence

HOLLISTER, JAMES ROSS View full profile →
Grants 75% — above average
75%
Career Allow Rate
162 granted / 215 resolved
+17.3% vs TC avg
Strong +26% interview lift
Without
With
+25.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
18 currently pending
Career history
233
Total Applications
across all art units

Statute-Specific Performance

§101
15.2%
-24.8% vs TC avg
§103
55.8%
+15.8% vs TC avg
§102
10.1%
-29.9% vs TC avg
§112
11.0%
-29.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 215 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Summary This action is a responsive to the request for continued examination filed on 10/29/2025. Claims 5-6, 12-13, 19-20 have been canceled. Claims 1-4, 7-11 and 14-18 are pending and have been examined. Claims 1-4, 7-11 and 14-18 are rejected. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/29/25 has been entered. Response to Arguments Rejection of Claims under 35 USC 101 Applicant’s Response: As an initial matter, the rejection should be withdrawn because the claims are not directed to any one of the groups of abstract ideas identified by the USPTO. In the 2019 Revised Patent Subject Matter Eligibility Guidance (issued in January, 2019 and updated in October, 2019, hereinafter, "Guidance"), the USPTO listed the following groups of abstract idea: mathematical concepts, methods of organizing human activity, and mental process. The instant claims are directed to secure data transmission in a telecommunications network. In particular, the Office Action states that the claimed invention belongs to the mental process because the claims include "determining" step. Applicant respectfully disagrees. Specifically, Applicant respectfully submits that the claim further recites, in addition to the "determining" step, steps of transmitting data to remote server in a LAN. In summary, claim 1 recites an operation of using VPN connection to transmit data in a LAN, and therefore cannot be performed in the mind or just using pen/pencil. Therefore, the Step 2A analysis fails that the 101 rejection should be withdrawn. In summary, the present Application demonstrates a distinct technical advantage in the practical field of telecommunication industry, and is not directed to an abstract idea at least under Step 2B analysis. Accordingly, independent claim 1 and other claims are eligible for allowance. Such action is respectfully requested. Should the rejections be maintained, Applicant kindly requests the Examiner to contact the undersigned attorney to discuss the rejection in further detail. Examiner’s Response: Applicant's arguments filed 9/22/25 have been fully considered but they are not persuasive. The Applicant argues that the claims 1) “determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list" recites an operation of using VPN connection to transmit data in a LAN and therefore cannot be performed solely in the mind; 2) the application demonstrates a distinct technical advantage in the practical field of telecommunication industry. The Examiner disagrees and will present the analysis of the independent claims below. The claims are examined under the broadest reasonable interpretation. The 2019 Revised Patent Subject Matter Eligibility Guidance lays out the steps for analysis of claims for an abstract idea. Step 1 is “Do the claims fall within the statutory categories?” Yes. Claims 1-4, 7 are a method. Claims 8-11, 14 are a One or more non-transitory computer-readable media and claims 15-18 are a system. The next step is Step 2A Prong 1, “Does the claim recite a judicial exception (an abstract idea)?” Yes. “determining, by an electronic device that is connected to a local area network (LAN),whether the LAN meets a security condition, wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list” and “determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind (mental process). That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, “determining” in the context of this claim encompasses the user manually looking at the data and making the decision based upon the list. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. The next step is Step 2A Prong 2, “Evaluating additional elements in the claim to determine whether they integrate the exception into a practical application of the exception” No. This judicial exception is not integrated into a practical application because the technical improvement is the improvement in the speed of network performance while providing security to the network operation in ¶ [0013] of the spec. From the claim scope, the claims fail to address this improvement is not enough to tie the claims towards the technical improvement. The claims are not patent eligible. Accordingly, the claim is not integrated into a practical application. The next step is Step 2B, “evaluate whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception”. No. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because: “in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating VPN connection and transmitting packets to the remote server using the VPN connection; or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection” are an insignificant extra-solution activity to the judicial exception. Accordingly, the claim does not recite additional elements that amount significantly more. Thus, the claims are not patent eligible. Rejection of Claims under 35 USC 103 Applicant’s Response: Applicant submits that the cited references fail to teach the newly added limitations of: determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list and in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating the VPN connection and transmitting packets to the remote server using the VPN connection; or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection. Examiner’s Response: Applicant’s arguments with respect to claims 10/29/25 have been considered but are moot because the arguments are directed to amended subject matter properly addressed with the newly cited references of Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1). The combination of Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1) teaches the language of the independent claims. All remaining arguments are now moot in regards to the new rejection. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-4, 7-11 and 14-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. Claims 1, 8 and 15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The claim(s) recite(s) “A method, comprising: determining, by an electronic device that is connected to a local area network (LAN),whether the LAN meets a security condition, wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list; determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; and in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating VPN connection and transmitting packets to the remote server using the VPN connection; or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection.” The limitation of “determining, by an electronic device that is connected to a local area network (LAN),whether the LAN meets a security condition, wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list”; and “determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind (mental process). That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, “determining” in the context of this claim encompasses the user manually looking at the data and making the decision. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application because the technical improvement is the improvement in the speed of network performance while providing security to the network operation in ¶ [0013] of the spec. From the claim scope, the claims fail to address this improvement is not enough to tie the claims towards the technical improvement. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because: “in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating VPN connection and transmitting packets to the remote server using the VPN connection; or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection” are an insignificant extra-solution activity to the judicial exception. Accordingly, the claim does not recite additional elements that amount significantly more. Thus, the claims are not patent eligible. Claims 2-4, 7, 9-11, 14 and 16-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. These claims are all directed towards an abstract idea (mental process) and/or insignificant extra-solution activity to the judicial exception. The claims are not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 8, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 20140244851 A1) and further in view of Hrastar (US 20040098610 A1). As to claim 1, Lee teaches a method, comprising: determining, by an electronic device that is connected to a local area network (LAN),whether the LAN meets a security condition (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); and in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating VPN connection and transmitting packets to the remote server using the VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network). However, it does not expressly teach the details of wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list. Hrastar, from analogous art, teaches wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component. ); and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component); based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hrastar into Lee in order to protect their local networks and act as security gates to fend off unauthorized traffic (See Hrastar ¶ [0021]). As to claim 8, Lee teaches a method, comprising: determining, by an electronic device that is connected to a local area network (LAN),whether the LAN meets a security condition, wherein the determining whether the LAN meets a security condition (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); and in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating the VPN connection and transmitting packets to the remote server using the VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network). However, it does not expressly teach the details wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list. Hrastar, from analogous art, teaches wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component. ); and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component); based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hrastar into Lee in order to protect their local networks and act as security gates to fend off unauthorized traffic (See Hrastar ¶ [0021]). As to claim 15, Lee teaches a system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising: determining, by the system that is connected to a local area network (LAN), whether the LAN meets a security condition (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); determining whether a Virtual Private Network (VPN) connection is used to transmit packets to a remote server based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); and in response to determining that the LAN does not meet the security condition based at least on the address of the reference server in the security list not being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address not matching the hostname corresponding to the reference server in the security list: initiating the VPN connection and transmitting packets to the remote server using the VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network); or in response to determining that the LAN meets the security condition based at least on the address of the reference server in the security list being included in the range indicated by the subnet mask of the LAN or the hostname of the device at the IP address matching the hostname corresponding to the reference server in the security list: transmitting the packets to the remote server without using a VPN connection (See ¶¶ [0093]-[0097], Fig. 6, Teaches that a determination is made as to whether the connection should be provided through a virtual network that connects the first network domain with a second network domain, different or separate from the first network domain. If the connection should be provided through the virtual network, a virtual network connection is established between the first end point in the first network domain and the destination, the destination being at a second end point in the second network domain. If the connection should not be provided through the virtual network, the data packet is passed outside the virtual network. The system stores a list of applications that are authorized or allowed to use the virtual network. This list may be referred to as a white list. In various other specific implementations, the system stores a list of applications that are not authorized or allowed to use the virtual network. This list may be referred to as a black list. In a specific implementation, an application not listed in the black list is allowed to use the virtual network). However, it does not expressly teach the details of wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN; and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list. Hrastar, from analogous art, teaches wherein the determining whether the LAN meets a security condition comprises: determining whether an Internet Protocol (IP) address of a reference server in a security list is included in a range indicated by a subnet mask of the LAN (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component. ); and determining whether a hostname of a device at the IP address matches a hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component); based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list; based on whether the IP address of the reference server in the security list is included in the range indicated by the subnet mask of the LAN and whether the hostname of the device at the IP address matches the hostname corresponding to the reference server in the security list (See ¶ [0155], Teaches that HALLOW Configure/etc/hosts.allow file Specifying which machines are allowed to connect to the hardware component. The Allow list screen displays your current list of allowed machines and allows modification. Machines allowed to connect to this hardware components can be specified. Only those whose IP address, subnet, fully qualified hostname, or domain name match an entry in this list are allowed to connect to this hardware component to run the available administrative programs and routines. HDENY Config/etc/host.deny file Identifying machines that may not connect to the hardware component. The Deny list screen displays your current list of denied machines and allows modification. Machines not allowed to connect to this hardware component can be specified. Anyone whose IP address, subnet, fully qualified hostname, or domain name matches an entry in this list are not allowed to connect to this hardware component). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hrastar into Lee in order to protect their local networks and act as security gates to fend off unauthorized traffic (See Hrastar ¶ [0021]). Claims 2, 9, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1) and further in view of Fuh et al. (US 6609154 B1). As to claim 2, the combination of Lee and Hrastar teaches the method according to claim 1 above. However, it does not expressly teach the details of wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address; receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information. Fuh et al., from analogous art, teaches wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address (See Col. 10 Ln 28, Teaches that User 302 uses browser 304 to send an HTTP request from client 306 for an electronic document, application or resource available at target server 222.); receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information (See Col. 10 Ln 47, Fig. 7a Teaches that then control passes to block 708 in which the authentication caches are searched for the source IP address. In block 710, the process tests whether the source IP address is found. For example, if Authentication Proxy 400 determines that the source IP address matches at least one IP address stored in the filtering mechanism 219, then the Authentication Proxy 400 attempts to authenticate the user 302. In the preferred embodiment, Authentication Proxy 400 searches authentication caches 432, 434 for the source IP address. The goal of this search is to determine if the source IP address of the HTTP packet corresponds to an entry in any of the authentication caches 432, 434.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fuh et al. into the combination of Lee and Hrastar in order to guard against unwanted network traffic or access by unauthorized users (See Fuh et al. See Col. 1 Ln 30). As to claim 9, the combination of Lee and Hrastar teaches the one or more computer-readable media according to claim 8 above. However, it does not expressly teach the details of wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address; receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information. Fuh et al., from analogous art, teaches wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address (See Col. 10 Ln 28, Teaches that User 302 uses browser 304 to send an HTTP request from client 306 for an electronic document, application or resource available at target server 222.); receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information (See Col. 10 Ln 47, Fig. 7a Teaches that then control passes to block 708 in which the authentication caches are searched for the source IP address. In block 710, the process tests whether the source IP address is found. For example, if Authentication Proxy 400 determines that the source IP address matches at least one IP address stored in the filtering mechanism 219, then the Authentication Proxy 400 attempts to authenticate the user 302. In the preferred embodiment, Authentication Proxy 400 searches authentication caches 432, 434 for the source IP address. The goal of this search is to determine if the source IP address of the HTTP packet corresponds to an entry in any of the authentication caches 432, 434.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fuh et al. into the combination of Lee and Hrastar in order to guard against unwanted network traffic or access by unauthorized users (See Fuh et al. See Col. 1 Ln 30). As to claim 16, the combination of Lee and Hrastar teaches the system according to claim 15 above. However, it does not expressly teach the details of wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address; receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information. Fuh et al., from analogous art, teaches wherein the determining whether the LAN meets a security condition further comprises: transmitting a connection request to the device at the IP address (See Col. 10 Ln 28, Teaches that User 302 uses browser 304 to send an HTTP request from client 306 for an electronic document, application or resource available at target server 222.); receiving authentication information from the device; and determining that the LAN meets the security condition based on the authentication information (See Col. 10 Ln 47, Fig. 7a Teaches that then control passes to block 708 in which the authentication caches are searched for the source IP address. In block 710, the process tests whether the source IP address is found. For example, if Authentication Proxy 400 determines that the source IP address matches at least one IP address stored in the filtering mechanism 219, then the Authentication Proxy 400 attempts to authenticate the user 302. In the preferred embodiment, Authentication Proxy 400 searches authentication caches 432, 434 for the source IP address. The goal of this search is to determine if the source IP address of the HTTP packet corresponds to an entry in any of the authentication caches 432, 434.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fuh et al. into the combination of Lee and Hrastar in order to guard against unwanted network traffic or access by unauthorized users (See Fuh et al. See Col. 1 Ln 30). Claims 3, 10, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1) and Fuh et al. (US 6609154 B1) and further in view of Wang et al. (US 20220070102 A1). As to claim 3, the combination of Lee and Hrastar and Fuh et al. teaches the method according to claim 2 above. However, it does not expressly teach the details of wherein the connection request is transmitted using a secure network protocol that is configured in the security list. Wang et al., from analogous art, teaches wherein the connection request is transmitted using a secure network protocol that is configured in the security list (See ¶ [0049], Fig. 8, Teaches that After extracting the header fields, the process 500 performs (at 525) a lookup on the appropriate ACL table associated with the logical router using the extracted set of header fields. The appropriate ACL table, as noted above, is the ACL table with rules for the direction of the data message (ingress or egress) as well as for the correct network layer protocol (e.g., IPv4 or IPv6).). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar and Fuh et al. in order to use a table (e.g., an access control list (ACL) table) to determine whether the data message is subject to rate limiting controls defined for the logical router, and only if the data message is subject to such rate limiting controls, (ii) determines whether to allow the data message according to a rate limiting mechanism for the logical router (See Wang et al. ¶ [0002]). As to claim 10, the combination of Lee and Hrastar and Fuh et al. teaches the one or more computer-readable media according to claim 9 above. However, it does not expressly teach the details of wherein the connection request is transmitted using a secure network protocol that is configured in the security list. Wang et al., from analogous art, teaches wherein the connection request is transmitted using a secure network protocol that is configured in the security list (See ¶ [0049], Fig. 8, Teaches that After extracting the header fields, the process 500 performs (at 525) a lookup on the appropriate ACL table associated with the logical router using the extracted set of header fields. The appropriate ACL table, as noted above, is the ACL table with rules for the direction of the data message (ingress or egress) as well as for the correct network layer protocol (e.g., IPv4 or IPv6).). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar and Fuh et al. in order to use a table (e.g., an access control list (ACL) table) to determine whether the data message is subject to rate limiting controls defined for the logical router, and only if the data message is subject to such rate limiting controls, (ii) determines whether to allow the data message according to a rate limiting mechanism for the logical router (See Wang et al. ¶ [0002]). As to claim 17, the combination of Lee and Hrastar and Fuh et al. teaches the system according to claim 16 above. However, it does not expressly teach the details of wherein the connection request is transmitted using a secure network protocol that is configured in the security list. Wang et al., from analogous art, teaches wherein the connection request is transmitted using a secure network protocol that is configured in the security list (See ¶ [0049], Fig. 8, Teaches that After extracting the header fields, the process 500 performs (at 525) a lookup on the appropriate ACL table associated with the logical router using the extracted set of header fields. The appropriate ACL table, as noted above, is the ACL table with rules for the direction of the data message (ingress or egress) as well as for the correct network layer protocol (e.g., IPv4 or IPv6).). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar and Fuh et al. in order to use a table (e.g., an access control list (ACL) table) to determine whether the data message is subject to rate limiting controls defined for the logical router, and only if the data message is subject to such rate limiting controls, (ii) determines whether to allow the data message according to a rate limiting mechanism for the logical router (See Wang et al. ¶ [0002]). Claims 4, 11, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1) and further in view of Gourlay et al. (US 20140280846 A1). As to claim 4, the combination of Lee and Hrastar teaches the method according to claim 1 above. However, it does not expressly teach the details of wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure. Gourlay et al., from analogous art, teaches wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure (See ¶ [0043], Teaches that the network policy engine 212 can determine a DNS name of the device 206. In one embodiment, the network element 204 further includes a secondary DNS server to provide redundancy for a primary DNS server in the network 218. In this embodiment, the network policy engine 212 retrieves the DNS name for the device 206 by doing a reverse DNS lookup from the secondary DNS server using the IP address of the device 206. The determined DNS name can be a fully qualified domain name or a partial domain name.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar in order to determining a network policy for a port of a network element based on a device that is linked to that port (See Gourlay et al. ¶ [0002]). As to claim 11, the combination of Lee and Hrastar teaches the one or more computer-readable media according to claim 8 above. However, it does not expressly teach the details of wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure. Gourlay et al., from analogous art, teaches wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure (See ¶ [0043], Teaches that the network policy engine 212 can determine a DNS name of the device 206. In one embodiment, the network element 204 further includes a secondary DNS server to provide redundancy for a primary DNS server in the network 218. In this embodiment, the network policy engine 212 retrieves the DNS name for the device 206 by doing a reverse DNS lookup from the secondary DNS server using the IP address of the device 206. The determined DNS name can be a fully qualified domain name or a partial domain name.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar in order to determining a network policy for a port of a network element based on a device that is linked to that port (See Gourlay et al. ¶ [0002]). As to claim 18, the combination of Lee and Hrastar teaches the system according to claim 15 above. However, it does not expressly teach the details of wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure. Gourlay et al., from analogous art, teaches wherein the hostname is determined by using a reverse Domain Name System (DNS) lookup procedure (See ¶ [0043], Teaches that the network policy engine 212 can determine a DNS name of the device 206. In one embodiment, the network element 204 further includes a secondary DNS server to provide redundancy for a primary DNS server in the network 218. In this embodiment, the network policy engine 212 retrieves the DNS name for the device 206 by doing a reverse DNS lookup from the secondary DNS server using the IP address of the device 206. The determined DNS name can be a fully qualified domain name or a partial domain name.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang et al. into the combination of Lee and Hrastar in order to determining a network policy for a port of a network element based on a device that is linked to that port (See Gourlay et al. ¶ [0002]). Claims 7, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 20140244851 A1) and Hrastar (US 20040098610 A1) and further in view of Fink (US 7817607 B1). As to claim 7, the combination of Lee and Hrastar teaches the method according to claim 1 above. However, it does not expressly teach the details of wherein the security list includes information of an enterprise server and a home server. Fink, from analogous art, teaches wherein the security list includes information of an enterprise server and a home server (See Col 5 Ln. 11 Teaches that The home agent 118 will authenticate the mobile subscriber (as more fully described below) and reference the access control list 120 to determine the appropriate communication protocol to be established. The home agent 118 will then establish a communication protocol that allows the communication to be sent to the first private network through VLAN Interface A 122. VLAN Interface A 122 interfaces first with load balancer A 126 which balances traffic over the VLAN 128 associated with the first private network. After passing through VLAN A 128, any of the plurality of servers associated with the first private network, e.g., server A1 134 or server A2 136, can be reached via the frame relay network or virtual private network (VPN) 130 associated with the first private network.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fink into the combination of Lee and Hrastar in order to access a router serving as the home agent and connect to their specific private network(s) (See Fink Col 1 ln 19). As to claim 14, the combination of Lee and Hrastar teaches the one or more computer-readable media according to claim 8 above. However, it does not expressly teach the details of wherein the security list includes information of an enterprise server and a home server. Fink, from analogous art, teaches wherein the security list includes information of an enterprise server and a home server (See Col 5 Ln. 11 Teaches that The home agent 118 will authenticate the mobile subscriber (as more fully described below) and reference the access control list 120 to determine the appropriate communication protocol to be established. The home agent 118 will then establish a communication protocol that allows the communication to be sent to the first private network through VLAN Interface A 122. VLAN Interface A 122 interfaces first with load balancer A 126 which balances traffic over the VLAN 128 associated with the first private network. After passing through VLAN A 128, any of the plurality of servers associated with the first private network, e.g., server A1 134 or server A2 136, can be reached via the frame relay network or virtual private network (VPN) 130 associated with the first private network.). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fink into the combination of Lee and Hrastar in order to access a router serving as the home agent and connect to their specific private network(s) (See Fink Col 1 ln 19). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Nagarajan et al. (US 20180351791 A1) teaches Systems, methods, and computer-readable media for performing network assurance in a traditional network. In some examples, a system can collect respective sets of configurations programmed at network devices in a network and, based on the respective sets of configurations, determine a network-wide configuration of the network, the network-wide configuration including virtual local area networks (VLANs), access control lists (ACLs) associated with the VLANs, subnets, and/or a topology. Based on the network-wide configuration of the network, the system can compare the ACLs for each of the VLANs to yield a VLAN consistency check, compare respective configurations of the subnets to yield a subnet consistency check, and perform a topology consistency check based on the topology. Based on the VLAN consistency check, the subnet consistency check, and the topology consistency check, the system can determine whether the respective sets of configurations programmed at the network devices contain a configuration error. Any inquiry concerning this communication or earlier communications from the examiner should be directed to James R Hollister whose telephone number is (571)270-3152. The examiner can normally be reached Mon - Fri 7:30 am - 4:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. James Hollister /J.R.H./Examiner, Art Unit 2499 1/9/26 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

May 02, 2023
Application Filed
Feb 15, 2025
Non-Final Rejection — §101, §103
May 08, 2025
Response Filed
Jul 31, 2025
Final Rejection — §101, §103
Sep 22, 2025
Response after Non-Final Action
Oct 29, 2025
Request for Continued Examination
Nov 03, 2025
Response after Non-Final Action
Jan 09, 2026
Non-Final Rejection — §101, §103
Mar 18, 2026
Applicant Interview (Telephonic)
Mar 18, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

18/202,173
Patent 12602472
BLINDING COUNTERMEASURE TO SECURE MULTIPLICATION OPERATIONS AGAINST SIDE CHANNEL ATTACKS
2y 5m to grant Granted Apr 14, 2026
18/236,454
Patent 12603892
Global mapping to internal applications
2y 5m to grant Granted Apr 14, 2026
18/138,798
Patent 12598170
REVERSE AUTHENTICATOR OF VIRTUAL OBJECTS AND ENTITIES IN VIRTUAL REALITY COMPUTING ENVIRONMENTS
2y 5m to grant Granted Apr 07, 2026
18/104,056
Patent 12580940
SECURITY ASSESSMENT OF SERVICES BEING MIGRATED TO A CLOUD PLATFORM
2y 5m to grant Granted Mar 17, 2026
15/710,889
Patent 12563252
Low Latency Adaptive Bitrate Linear Video Delivery System
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+25.6%)
2y 8m
Median Time to Grant
High
PTA Risk
Based on 215 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month