DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 15 is objected to because of the following informalities: the claim does not conclude with a period. Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Luna (US 2012/0278886), in view of Swafford (US 2019/0124118), and further in view of Yefimov et al. (US 2015/0058965), hereafter “Yefimov.”
Regarding claim 1, Luna teaches a method of monitoring a network application, the method comprising: 	monitoring, by a client application (Luna: 175 of FIG. 1C; par 0122 [As used herein, a "module," …includes a general purpose, dedicated or shared processor and, typically, firmware or software modules that are executed by the processor.], 0165 [The local proxy 275 generally represents any one or a portion of the functions described for the individual managers, modules, and/or engines.]) on a client device (Luna: 150 of FIG. 1C), traffic of a first network application hosted on a server (Luna: 310 of FIG. 3A) and at least one computing resource on the client device (Luna: 405, 415 of FIG. 4B; par 0082), the client application providing the client device with access to a plurality of network applications including the first network application via a browser (Luna: par 0125, 0126); and	restricting, by the client application, in response to identifying the anomalous activity, access to the first network application (Luna: par 0372 [Upon detecting malicious traffic or potentially malicious traffic, the malware traffic handling engine 435 can block the traffic entirely or handle the traffic according to certain criteria.]; 0374).	Luna does not explicitly teach: 	an embedded browser;	generating, by the client application, analytics data according to the monitored traffic of the first network application and the monitored at least one computing resource on the client device; 	using, according to the generated analytics data, by the client application, a user behavior model to identify anomalous activity associated with the first network application. 	Swafford teaches: 

Regarding claim 2, the method of claim 1, further comprising determining, by the client application using the user behavior model, whether to restrict first data in the monitored traffic (Luna: par 0372; Swafford: 812 of FIG. 8; par 0113, 0114, 0163).

Regarding claim 3, the method of claim 2, further comprising monitoring, by the client application, the first data including one or more operations on the embedded browser (Yefimov: par 0028; Luna: par 0126).

Regarding claim 4, the method of claim 2, further comprising determining, by the client application, a deviation measure between the first data and expected data generated by the user behavior model to determine whether to restrict the first data, the …the occurrence of an unlikely feature associated with a particular entity may result in the generation of a corresponding risk score.]; 0112).

Regarding claim 5, the method of claim 1, wherein monitoring the traffic further comprises monitoring the traffic exchanged via a secure communications channel between the first network application hosted on the server and the client device (Luna: par 0082, 0103 […communications can be achieved by a secure communications protocol, such as secure sockets layer (SSL)…]).

Regarding claim 6, the method of claim 1, wherein monitoring the traffic further comprising monitoring the traffic originating from the client device providing access to the first network application (Luna: 405, 415 of FIG. 4B; par 0082).

Regarding claim 7, the method of claim 1, wherein generating the analytics data further comprises acquiring second analytics data from a telemetry tracker to combine with the analytics data, the telemetry tracker having visibility to the traffic originating from the server hosting the first network application (Swafford: 848 of FIG. 8b; par 0133).

Regarding claim 8, the method of claim 1, wherein the analytics data includes at least one of a computing resource performance metric, a network traffic performance metric, or metadata (Swafford: par 0073).

Regarding claim 9, the method of claim 1, further comprising training, by the client application, the user behavior model using the analytics data (Swafford: par 0159).

Regarding claim 10, the method of claim 1, further comprising determining, by the client application via application of at least one policy, whether to restrict first data in the monitored traffic (Luna: par 0372; Swafford: 1106 of FIG. 11a; par 0192).

Regarding claim 11, a system for monitoring a network application, the system comprising:	an embedded browser (Yefimov:116 of FIG. 1A; par 0020) of a client application (Luna: 175 of FIG. 1C; par 0122 [As used herein, a "module," …includes a general purpose, dedicated or shared processor and, typically, firmware or software modules that are executed by the processor.], 0165 [The local proxy 275 generally represents any one or a portion of the functions described for the individual managers, modules, and/or engines.]) executable on one or more processors of a client device (Luna: 150 of FIG. 1C), the embedded browser configured to monitor traffic of a first network application hosted on a server (Luna: 310 of FIG. 3A) and at least one computing resource on the client device (Luna: 405, 415 of FIG. 4B; par 0082), the client application providing the client device with access to a plurality of network applications including the first network application (Luna: par 0125, 0126);	an analytics tracking engine (Swafford: 306 of FIG. 5; par 0044) of the client Upon detecting malicious traffic or potentially malicious traffic, the malware traffic handling engine 435 can block the traffic entirely or handle the traffic according to certain criteria.]; 0374).

Regarding claim 12, the system of claim 11, wherein the client application is further configured to determine, using the user behavior model, whether to restrict first data in the monitored data (Luna: par 0372; Swafford: 812 of FIG. 8; par 0113, 0114, 0163).

Regarding claim 13, the system of claim 12, wherein the client application is further configured to monitor the first data including one or more operations on the embedded browser (Yefimov: par 0028; Luna: par 0126).

…the occurrence of an unlikely feature associated with a particular entity may result in the generation of a corresponding risk score.]; 0112).

Regarding claim 15, the system of claim 11, wherein the analytics tracking engine is further configured to monitor the traffic exchanged via a secure communications channel between the first network application hosted on the server and the client device (Luna: par 0082, 0103 […communications can be achieved by a secure communications protocol, such as secure sockets layer (SSL)…]).

Regarding claim 16, the system of claim 11, wherein the analytics tracking engine is further configured to monitor the traffic originating from the client device providing access to the first network application (Luna: 405, 415 of FIG. 4B; par 0082).

Regarding claim 17, the system of claim 11, wherein the analytics tracking engine is further configured to acquire second analytics data from a telemetry tracker to combine with the analytics data, the telemetry tracker having visibility to the traffic originating from the server hosting the first network application (Swafford: 848 of FIG. 8b; par 0133).

Regarding claim 18, the system of claim 11, wherein the analytics data includes at least one of a computing resource performance metric, a network traffic performance metric, or metadata (Swafford: par 0073).

Regarding claim 19, the system of claim 11, wherein the behavior modeler engine is further configured to train the user behavior model using the analytics data (Swafford: par 0159).

Regarding claim 20, the system of claim 11, wherein the client application is further configured to determine, via application of at least one policy, whether to restrict first data in the monitored traffic (Luna: par 0372; Swafford: 1106 of FIG. 11a; par 0192).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES E SPRINGER whose telephone number is (571)270-5640.  The examiner can normally be reached on 9am - 5:30pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


JAMES E. SPRINGER
Primary Examiner
Art Unit 2454



/JAMES E SPRINGER/           Primary Examiner, Art Unit 2454