Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,021,069. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of US 10,021,069 are nearly identical to the claims of the current application.

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,608,989. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of US 10,608,989 are nearly identical to the claims of the current application.






Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 6, 10, 12-14, 15  is/are rejected under 35 U.S.C. 103 as being unpatentable over  Kilday US 8,719,903 in view of Skopp US 6,256,739 in view of Fan US 6,219,706

As per claim 1,   Kilday teaches An agent component configured to facilitate access control for a client device to access one or more services that are provided by a server, wherein the server includes the agent component and a firewall, wherein the client device is registered with a controller through a client registration request that includes identity information identifying the client device, the agent component comprising: one or more physical processors configured by machine-readable instructions to: receive an initial access grant instruction from the controller, wherein the initial access grant instruction causes the agent component to grant the client device access to the server for the first time; responsive to receiving the initial access grant instruction, dynamically configure the firewall to grant the client device access to the server;  (Column 2 lines 26-43) (session established, grant access) (Col 7 line 65 to Col 8 lines 3, 26-58) ( grant/deny access based on if there is an established session and then dynamic access group)
Kilday teaches access control but does not explicitly teach proxy or firewall to grant or deny access.

(Column 6 line 23 to Column 7 line 8) (Client and Access Control proxy are both registered with/used in conjunction with Proxy Control Daemon. Although not explicitly stated, since the components are in access databases and used with each other, they must have been previously registered)
It would have been obvious to one of ordinary skill at the time the invention was filed to use the registration of Skopp with Kilday because registration is a required step in constructing access control systems.
Fan teaches receive control instructions from the controller, wherein the control instructions cause the agent component to control the firewall, wherein the firewall controls access by the client device to the server, wherein the control instructions are based on whether a current session with the client device is established and whether access to the server is granted to the client device such that: responsive to the current session not being established and the access to the server being granted to the client device, a first control instruction to cause the agent component to control the firewall to remove the access by the client device to the server is received by the agent component, and responsive to the current session being established and the access to the server not being granted to the client device, a second control instruction to cause the agent component to control the firewall to grant the client device access to the server is received by the agent component; wherein the agent component is protected by the firewall, and wherein the agent component is adapted to dynamically configure the firewall to grant and/or 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the firewall of Fan with the previous combination because it is well known in the art and increases security.

As per claim 3, Fan teaches the agent component of claim 1, wherein the controller is protected by the firewall. (Column 4 lines 45-55)
As per claim 4,  Fan teaches the agent component of claim 1, wherein the agent component is configured to receive the control instructions from the controller through the firewall. (Column 4 lines 45-55; Column 7 lines 20-52; Column 11 lines 54-67)


As per claim 5,  Skopp teaches The agent component of claim 1, wherein the identity information included in the client registration request comprises information indicating an internet protocol (IP) address associated with the client device. (Col 6 lines 60-65) (IP Address)

As per claim 6, Skopp teaches the agent component of claim 1, wherein the receipt of the control instructions by the agent component is effectuated using user datagram protocol (UDP) or a transport layer protocol. (Column 2 lines 10-25) (Internet communications use well known Transport protocols)
Fan teaches using UDP or TCP (Column 7 lines 20-27).
As per claim 10,  Kilday teaches a method for facilitating access control for a client device to access one or more services that are provided by a server, the server including an agent component and a firewall, wherein the client device is registered with a controller through a client registration request that includes identity information identifying the client device, the method being implemented in a physical processor configured by machine-readable instructions to execute computer programs, the method comprising: transmitting an agent registration request from the agent component to register the agent component with the controller, the agent component being associated with the server; receiving an initial access grant instruction from the controller, wherein the initial access grant instruction causes the agent component to grant the client device access to the server for the first time; responsive to receiving the initial access grant instruction, dynamically configuring the firewall to grant the client access to the server;  (Column 2 lines 26-43) (session established, grant access) (Col 7 line 65 to Col 8 lines 3, 26-58) ( grant/deny access based on if there is an established session and then dynamic access group)
Kilday teaches access control but does not explicitly teach proxy or firewall to grant or deny access.
Skopp teaches transmit an agent registration request from the agent component to register the agent component with the controller, the agent component being associated with the server.  Skopp teaches the access control is configured for a proxy.
(Column 6 line 23 to Column 7 line 8) (Client and Access Control proxy are both registered with/used in conjunction with Proxy Control Daemon. Although not explicitly stated, since the 
It would have been obvious to one of ordinary skill at the time the invention was filed to use the registration of Skopp with Kilday because registration is a required step in constructing access control systems.
Fan teaches receive control instructions from the controller, wherein the control instructions cause the agent component to control the firewall, wherein the firewall controls access by the client device to the server, wherein the control instructions are based on whether a current session with the client device is established and whether access to the server is granted to the client device such that: responsive to the current session not being established and the access to the server being granted to the client device, a first control instruction to cause the agent component to control the firewall to remove access by the client device to the server is received by the agent component, and responsive to the current session being established and the access to the server not being granted to the client device, a second control instruction to cause the agent component to control the firewall to grant the client device access to the server is received by the agent component; wherein the agent component is protected by the firewall, and wherein the agent component is adapted to dynamically configure the firewall to grant and/or remove the access by the client device to the server.  (Column 7 line 20 to Column 52; Column 11 lines 54-67; Column 4 lines 45-55) (Fan teaches that if a session is established, dynamically adding permissions to the Firewall ACL to allow access, and when the session is not active then dynamically modifying the ACL in the firewall to remove/delete access)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the firewall of Fan with the previous combination because it is well known in the art and increases security.

As per claim 12,  Fan teaches the agent component of claim 10, wherein the controller is protected by the firewall. (Column 4 lines 45-55)
As per claim 13,  Fan teaches the agent component of claim 10, wherein the agent component is configured to receive the control instructions from the controller through the firewall. (Column 4 lines 45-55; Column 7 lines 20-52; Column 11 lines 54-67)
As per claim 14, Skopp teaches the method of claim 10, wherein the identity information included in the client registration request comprises information indicating an internet protocol (IP) address associated with the client device.  (Col 6 lines 60-65) (IP Address)
Fan teaches using IP address to modify Firewall (Column 8 lines 37-50).
As per claim 15, Skopp teaches the method of claim 10, wherein the receipt of the control instructions by the agent component is effectuated using user datagram protocol (UDP) or a transport layer protocol. (Column 2 lines 10-25) (Internet communications use well known Transport protocols)
Fan teaches using UDP or TCP (Column 7 lines 20-27).

Claims 2,11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kilday US 8,719,903 in view of Skopp US 6,256,739 in view of Fan US 6,219,706 in view of Hardie US 7,411,917
As per claim 2, Hardie teaches the agent component of claim 1, wherein the agent component and the client device are configured to register with the controller during startup.  (Column 4 lines 13-
As per claim 11, Hardie teaches the method of claim 10, wherein the agent component and the client device are configured to register with the controller during startup.  (Column 4 lines 13-17)Claims 7, 8, 16, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kilday US 8,719,903 in view of Skopp US 6,256,739 in view of Fan US 6,219,706 in view of Myers US 2009/0055642

As per claim 7,  Meyers teaches the agent component of claim 1, wherein the one or more physical processors are further configured to authenticate the agent component after the agent registration request has been transmitted and/or to authenticate the client device after the client registration request has been transmitted.   [0128] (registration and mutual authentication)
It would have been obvious to one of ordinary skill in the art to use the authentication of Meyers with the previous combination because it increases security.
As per claim 8,  Meyers teaches the agent component of claim 1, wherein the one or more physical processors are further configured to generate instructions to cause the client device to authenticate the controller subsequent to use of the client registration request and/or to generate   the method of claim 10, further comprising generating instructions to cause the client device to authenticate the controller subsequent to use of the client registration request and/or generating instructions to cause the agent component to authenticate the controller subsequent to transmission of the agent registration request. [0128] (registration and mutual authentication)

Claims 9, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kilday US 8,719,903 in view of Skopp US 6,256,739 in view of Fan US 6,219,706 in view of Hori US 2015/0201107

As per claim 9, Hori teaches the agent component of claim 1, wherein the one or more physical processors are further configured to generate a system log and to provide the system log to an administration server over a network.  [0051] (upload access logs)

As per claim 18, Hori teaches the method of claim 10, further comprising generating a system log and providing the system log to an administration server over a network. [0051] (upload access logs)


Allowable Subject Matter
Claims 10, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439