Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/28/2021 has been entered.

Response to Arguments
In communications filed on 1/28/2021, claims 2-3, 22 are presented for examination. Claims 2, 9, and 16 are independent.
Amended claim(s): 2, 5, 9, 16
New claim: 22
Applicants’ arguments, see Applicant Arguments/Remarks filed 1/28/21, with respect to claim(s) rejected under prior art 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 2, 3, and 5-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20120005746 A1 (hereinafter ‘Wei’) in view of US 20070294368 A1 (hereinafter ‘Bombgaars’)

As regards claim 2, Wei (US 20120005746 A1) discloses: A privileged access management (PAM) apparatus comprising at least one computing device, the at least one computing device configured to: (Wei: Fig. 1)
push an access application to an endpoint device in response to receiving a first request from an accessor device, wherein the access application is automatically executed by the 
Note that server sending “distribution package for processing and installation on the mobile device” in response to a request from from the device implicitly discloses “push” as recited in the claim. However, pushing mechanism is well-known technique for sending software applications to a requesting entity. See e.g., (Bomgaars: Figs 3-4, ¶48-¶52). 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify Wei to include the pushing mechanism as taught by Bomgaars with the motivation to request and install application on a device the well-known mechanism of pushing applications in response to a request. (Bomgaars: Figs 3-4, ¶48-¶52)
Wei et al combination further discloses: receive a second request to connect from the access application; and (Wei: Fig. Fig. 2, 4A, ¶35, ¶37-¶42, i.e., after downloading the security software, the mobile device can later use the security software to connect (i.e., second, third and so forth requests) and access the resources. See also, Bomgaars: Figs 3-4, ¶48-¶52)


As regards claim 16, Wei discloses: A system comprising: a data store comprising an access application; (Wei: ¶6, ¶10; ¶38) an endpoint device; and a privileged access management (PAM) appliance in communication with the endpoint device and the data store, the PAM appliance being configured to: (Wei: Figs. 1, 4A-4C, ¶7, ¶35, ¶37-¶39) in response to receiving a first request from an accessor device, retrieve the access application from the data store; (Wei: Figs. 1, 2, 4A-4C, ¶7, ¶35, ¶37-¶43, i.e., i.e., the app package getting downloaded through a deployment mechanism upon request from the mobile device) push the access application to the endpoint device; (Wei: Fig. 4A, ¶7, ¶35, ¶37-¶39, i.e., the app package getting downloaded i.e., pushed to the device)
Note that server sending “distribution package for processing and installation on the mobile device” in response to a request from from the device implicitly discloses “push” as recited in the claim. However, pushing mechanism is well-known technique for sending software applications to a requesting entity. See e.g., (Bomgaars: Figs 3-4, ¶48-¶52). 

Wei et al combination further discloses: receive a second request for connection from the access application; and (Wei: Fig. Fig. 2, 4A, ¶35, ¶37-¶42, i.e., after downloading the security software, the mobile device can later use the security software to connect (i.e., second, third and so forth requests) and access the resources. See also, Bomgaars: Figs 3-4, ¶48-¶52) establish a session between the accessor device and the access application executed by the endpoint device. (Wei: Fig. 4A-4C, ¶37-¶42. See also, Bomgaars: Figs 3-4, ¶48-¶52)

Claim 9 recites substantially the same features recited in claims 2 and 16 above, and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 3, Wei et al combination discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to push the access application to the endpoint device based on at least one of: a system management 

As regards claim 5, Wei et al combination discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to: receive a third request from a second accessor device to access a second endpoint device; (Wei: Fig. 1, 4A-4C, ¶37-¶42) push another access application to the second endpoint device; (Wei: Fig. 1, 4A-4C, ¶37-¶42)  receive a fourth request to connect from the other access application; (Wei: Fig. 1, 4A-4C, ¶37-¶42) and establish a second session between the second accessor device and the second endpoint device. (Wei: Fig. 1, 4A-4C, ¶37-¶42)

As regards claim 6, Wei et al combination discloses the PAM apparatus of claim 2, wherein the endpoint device excludes a pre-installed access client. (Wei: Fig. 1, 4A-4C, ¶6-¶10, ¶37-¶42, i.e., the app package including the vpn access client is deployed on the device through a deployment mechanism i.e., excludes a pre-installed) 

As regards claim 7, Wei et al combination discloses the PAM apparatus of claim 2, wherein the at least one computing device 

As regards claim 8, Wei et al combination discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to manage access rights to the endpoint device. (Wei: Fig. 1, 4A-4C, ¶6-¶10, ¶37-¶42)

As regards claim 10, Wei et al combination discloses the method of claim 9, wherein sending the access application to the endpoint device is performed by a protocol agent on behalf of a privileged access management (PAM) appliance. (Wei: Figs. 1, 4A-4C, ¶7, ¶35, ¶37-¶42)

As regards claim 11, Wei et al combination discloses the method of claim 10, wherein the protocol agent communicates with the endpoint device on a local network and communicates with the PAM appliance on a wide-area network. (Wei: Figs. 1, 4A-4C, ¶7, ¶35, ¶37-¶42) 

As regards claim 12, Wei et al combination discloses the method of claim 9, wherein the session is based on an access 

As regards claim 13, Wei et al combination discloses the method of claim 12, wherein a PAM appliance establishes the session and the method further comprises managing, via the PAM appliance, access rights to a plurality of endpoint devices including the endpoint device and respective access session traffic. (Wei: Figs. 1, 4A-4C, 6,  ¶6-¶10, ¶25, ¶35, ¶37-¶45, ¶64)

As regards claim 14, Wei et al combination discloses the method of claim 9, further comprising determining an in-session policy for the session, wherein the in-session policy grants or denies access to at least one of: a tool, a command, a credentials, or a resource for the endpoint. (Wei: Figs. 1, 4A-4C, 6, 15,  ¶6-¶10, ¶25, ¶35, ¶37-¶45, ¶64, ¶99) As regards claim 15, Wei discloses the method of claim 9, wherein sending the access application to the endpoint device is performed by the accessor device. (Wei: Fig. 1, 4A-4C, ¶6-¶10, ¶37-¶42)

As regards claim 15, Wei et al combination discloses the method of claim 9, wherein sending the access application to the 

As regards claim 17, Wei et al combination discloses the system of claim 16, wherein the endpoint device is configured to: receive the access application from the PAM appliance; and (Wei: Figs. 1, 4A-4C, ¶7, ¶35, ¶37-¶42, ¶97) in response to receiving the access application, automatically execute the access application. (Wei: Figs. 1, 4A-4C, ¶7, ¶35, ¶37-¶42, ¶97)

As regards claim 18, Wei et al combination discloses the system of claim 16, further comprising a protocol agent in communication via a local area network with the endpoint device, wherein the access application is pushed to the endpoint device via the protocol agent. (Wei: Fig. 1, 4A-4C, ¶6-¶10, ¶37-¶42)

As regards claim 19, Wei et al combination discloses the system of claim 16, further comprising a protocol agent configured to: connect to the endpoint device using a first protocol via the first network; and connect to the PAM appliance using a second protocol via a second network. (Wei: Fig. 1, 4A-4C, ¶4, ¶24-¶30, ¶6-¶10, ¶37-¶42)

claim 20, Wei et al combination discloses the system of claim 16, further comprising a protocol agent configured to convert an access protocol used by the PAM appliance to another protocol used by the endpoint device. (Wei: Fig. 1, 4A-4C, ¶4, ¶24-¶30, ¶6-¶10, ¶37-¶42)

As regards claim 21, Wei et al combination discloses the system of claim 16, wherein the PAM appliance is further configured to establish a persistent connection to a protocol agent based on a certificate based authentication. (Wei: Fig. 1, 4A-4C, ¶4, ¶24-¶30, ¶6-¶10, ¶37-¶42)

As regards claim 22, Wei et al combination discloses the PAM apparatus of claim 2, wherein establishing the session comprises providing the accessor device with real time access control to resources of the endpoint device. (Wei: Fig. 1, 4A-4C, ¶4, ¶24-¶30, ¶6-¶10, ¶37-¶42)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995.  The examiner can normally be reached on Monday-Thursday: 5:30AM-5:30PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SYED A ZAIDI/Primary Examiner, Art Unit 2432