DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communication filed 12/16/2020. Claims 1-20 are canceled and claims 21-35 are newly added. Claims 21-35 are pending.

Remarks
1) Rejections under 35 U.S.C. 112(b)
Per rejections of claims 1-2, 6, 8-9, 15-16, and 20, Remarks: page 11 are acknowledged. Nonetheless, in response to cancellation of claims 1-20, the respective 112(b) rejections are moot.

2) Rejections under 35 U.S.C. 103
Applicant’s arguments with respect to claims 21-35, Remarks: pages 12-17 regarding Barton (US2014/0109174A1) in view of Haung (US2020/0076902A1) have been fully considered. Nonetheless, in response to cancellation of claims 1-20, the respective 103 rejections of claims 1-20 are moot.


Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 



Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Such claim limitations are:

“computer-implemented steps of: 
…
module to reconfigure said micro-segmentation policies and generate reconfigured micro-segmentation policies in response to said user device connecting to said enterprise application server via said remote access gateway; 
triggering said controller module to push said reconfigured micro- segmentation policies onto said user device via a new communication path established by said remote access gateway, and facilitate communication between said user device and said enterprise application server, in line with said reconfigured micro-segmentation policies, until said user device is connected to said enterprise application server via said remote access gateway; 
triggering said controller module to enforce said micro-segmentation policies on said user device and said enterprise application server, until said user device is connected to said enterprise application server via said enterprise local DNS server; 
triggering said controller module to enforce said reconfigured micro- segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device connecting to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server; and 
triggering said controller module to selectively switch between enforcing said micro-segmentation policies on said user device and said enterprise application server, and enforcing said reconfigured micro-segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device switching between said enterprise local DNS server and said remote access gateway respectively for connecting to said enterprise application server” in claim 28,

the step of triggering, by said user device, said remote access gateway to establish said new communication path between said user device and said controller module, in response to said user device connecting to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server” in claim 29,

“… wherein said method further includes the step of causing said controller module to identify said user device as connected to said enterprise application server via said remote access gateway, in an event said enterprise local DNS server is unreachable to said user device” in claim 31,

“… wherein method further includes the step of configuring said controller module to replace said micro-segmentation policies with said reconfigured micro-segmentation policies, in an event said user device is identified as connected to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server” in claim 32 and

“… wherein method further includes the step of configuring said controller module to replace said reconfigured micro- segmentation policies with said micro-segmentation policies, in an event said user device is identified as connected to said enterprise application server via said enterprise local DNS server, instead of said remote access gateway” in claim 33.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with 

“at least one user device accessible to said user, said user device configured to be connected to said enterprise application server via an enterprise local DNS server, said user device further configured to be connected to said enterprise application server alternatively via a remote access gateway; 
a controller module communicably coupled to said enterprise application server, said controller module configured to store micro-segmentation policies applicable to communication between said user device and said enterprise application server; and 
wherein said controller module [that]:
reconfigures said micro-segmentation policies and generates reconfigured micro-segmentation policies, in response to said user device connecting to said enterprise application server via said remote access gateway; 
pushes said reconfigured micro-segmentation policies onto said user device via a new communication path established by said remote access gateway, and facilitates communication between said user device and said enterprise application server, in line with said reconfigured micro- segmentation policies, until said user device is connected to said enterprise application server via said remote access gateway; 
enforces said micro-segmentation policies on said user device and said enterprise application server, until said user device is connected to said enterprise application server via said enterprise local DNS server, and enforces said reconfigured micro-segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device connecting to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server; and 
selectively switches between enforcing said micro-segmentation policies on said user device and said enterprise application server, and enforcing said reconfigured micro-segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device switching between said enterprise local DNS server and said remote access gateway respectively for connecting to said enterprise application server” in claim 21,

“… wherein said controller module [that] identifies said user device as connected to said enterprise application server via said remote access gateway, in an event said enterprise local DNS server is determined to be unreachable to said user device” in claim 24,

“… wherein said controller module is further configured to replace said micro-segmentation policies with said reconfigured micro-segmentation policies, in an event said user device is identified as connected to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server” in claim 25 and

“… wherein said controller module is further configured to replace said reconfigured micro-segmentation policies with said micro-segmentation policies, in an event said user device is identified as connected to said enterprise application server via said enterprise local DNS server, instead of said remote access gateway” in claim 26.



Examiners Note: Sufficient structure for compliance with 35 U.S.C. 112(b) requirements where applicable and support for amendments as explained by Applicant in Remarks: pages 18-23 is herein acknowledged and approved.


EXAMINER’S AMENDMENT
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Attempts to reach Mr. Barry Choobin (Registration No. 70,307) to inquire authorization were unsuccessful.

Amendment to Claims:
Claim 34 is amended to correct 35 U.S.C. 112 (b), lack of antecedent basis issues.


configure a user device accessible to [[said]] a user, to connect to [[said]] an enterprise application server via an enterprise local DNS server, and further configure said user device to be connected to said enterprise application server alternatively via a remote access gateway; 
communicably couple a controller module to said enterprise application server, and store on said controller module, micro-segmentation policies applicable to communication between said user device and said enterprise application server; 
trigger said controller module to reconfigure said micro-segmentation policies and generate reconfigured micro-segmentation policies in response to said user device connecting to said enterprise application server via said remote access gateway; 
trigger said controller module to push said reconfigured micro-segmentation policies onto said user device via a new communication path established by said remote access gateway, and facilitate communication between said user device and said enterprise application server, in line with said reconfigured micro-segmentation policies, until said user device is connected to said enterprise application server via said remote access gateway; and 
trigger said controller module to enforce said micro-segmentation policies on said user device and said enterprise application server, until said user device is connected to said enterprise application server via said enterprise local DNS server; 
trigger said controller module to enforce said reconfigured micro- segmentation policies on said user device, said enterprise application server, and said remote access gateway, in 
trigger said controller module to selectively switch between enforcing said micro-segmentation policies on said user device and said enterprise application server, and enforcing said reconfigured micro-segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device switching between said enterprise local DNS server and said remote access gateway respectively for connecting to said enterprise application server.

Amendments to Drawings:
The following changes to the drawings have been approved by the examiner but attempts to reach the applicant has been unsuccessful: “Fig. 6” is labeled “Fig. 7” in error.  In order to avoid abandonment of the application, applicant must make these above agreed upon drawing changes.
The United States Patent and Trademark Office does not make drawing changes. It is applicant’s responsibility to ensure that the drawings are corrected. Corrections must be made in accordance with the instructions below.

INFORMATION ON HOW TO EFFECT DRAWING CHANGES


Replacement Drawing Sheets

Drawing changes must be made by presenting replacement sheets which incorporate the desired changes and which comply with 37 CFR 1.84.  An explanation of the changes made must be presented either in the drawing amendments section, or remarks, section of the amendment paper.  Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d).  A 

Identifying indicia, if provided, should include the title of the invention, inventor’s name, and application number, or docket number (if any) if an application number has not been assigned to the application. If this information is provided, it must be placed on the front of each sheet and within the top margin. 

Annotated Drawing Sheets

A marked-up copy of any amended drawing figure, including annotations indicating the changes made, may be submitted or required by the examiner.  The annotated drawing sheet(s) must be clearly labeled as “Annotated Sheet” and must be presented in the amendment or remarks section that explains the change(s) to the drawings.

Timing of Corrections

Applicant is required to submit acceptable corrected drawings within the time period set in the Office action. See 37 CFR 1.85(a). Failure to take corrective action within the set period will result in ABANDONMENT of the application. 

If corrected drawings are required in a Notice of Allowability (PTOL-37), the new drawings MUST be filed within the THREE MONTH shortened statutory period set for reply in the “Notice of Allowability.” Extensions of time may NOT be obtained under the provisions of 37 CFR 1.136 for filing the corrected drawings after the mailing of a Notice of Allowability. 



Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance: 

Claim 21 recites:
“A computer-implemented system for providing a user with secured and seamless access to enterprise applications executed on an enterprise application server, said system comprising: 

a controller module communicably coupled to said enterprise application server, said controller module configured to store micro-segmentation policies applicable to communication between said user device and said enterprise application server; and 
wherein said controller module: 
reconfigures said micro-segmentation policies and generates reconfigured micro-segmentation policies, in response to said user device connecting to said enterprise application server via said remote access gateway; 
pushes said reconfigured micro-segmentation policies onto said user device via a new communication path established by said remote access gateway, and facilitates communication between said user device and said enterprise application server, in line with said reconfigured micro- segmentation policies, until said user device is connected to said enterprise application server via said remote access gateway; 
enforces said micro-segmentation policies on said user device and said enterprise application server, until said user device is connected to said enterprise application server via said enterprise local DNS server, and enforces said reconfigured micro-segmentation policies on said user device, said enterprise application server, and said remote access gateway, in response to said user device connecting to said enterprise application server via said remote access gateway, instead of said enterprise local DNS server; and 


Applicant’s arguments, Remarks: pages 11-17, regarding newly filed claims 21-35 are found persuasive as follows. 
In light of an invocation of 112(f) interpretation per limitations per respective claims 21 and 28 as discussed above in “Claim Interpretation” section, the claimed scope is limited to the instant description set forth in the specification, wherein the claimed “controller module” functions to distinctively configure and/or reconfigure a user device based on and initiated by the user device which in turn would allow selection of a communication path for the user device to access an enterprise resource as disclosed by applicant’s description. Therefore, claims 21-33 recite distinctive scopes that are allowable over Barton and/or Haung, alone or in combination. Also, Barton and/or Haung, alone or in combination, fail to anticipated and/or render obvious the switching between the claimed communication paths through an enterprise local DNS server and a remote access gateway, when said feature is claimed in addition to other limitations recited in claim 34 , i.e., claim 34 as a whole. Therefore, claims 34-35 are allowable over Barton and/or Haung, alone or in combination.



Newel discloses a gateway receives network traffic from a client device through a virtual private network (VPN) tunnel.  The gateway determines one or more device management attributes associated with the client device in response to receiving the network traffic.  The gateway then determines a particular network virtual segment based at least in part on the device management attribute(s).  The gateway forwards the network traffic to the particular virtual network segment. 
Mahaffey discloses a method for managing the use of gateways on a network, wherein the method includes authenticating a user, determining and managing a path between a user computing device and a destination computing device, the path including at least one of the gateways, and managing user traffic on the path according to a policy associated with the user.

However, closest prior arts reviewed and of record, alone or in combination, fail to anticipate and/or render obvious the claimed invention as a whole recited in claim 21 (as shown above) and similarly stated in claims 28 and 34. 

Claims 21-35 are allowed.

Conclusion
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 





/AREZOO SHERKAT/            Examiner, Art Unit 2434                                                                                                                                                                                            /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434