DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments, see pages 8-9, filed on 04/13/2021, with respect to claims 1-12 and 21-26 have been fully considered and are persuasive.  The 35 U.S.C §101 rejection of Claim 24 and 35 U.S.C §112 rejection of claims 1, 9-12, 16-17 and 20 has been withdrawn. 

3.	Claim 13-20 and 27 are currently pending and have been considered below.

Allowable Subject Matter
4.	Claims 1-12 and 21-26 are allowed.

Claim Rejections - 35 USC § 112
5.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


6.	Claim 27 is  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 27 does not end in a period nor does claim 27 finish a sentence, the last limitation of claim 27 “the first tag associated with the app level traffic from the trusted app running on the mobile device is determined to match the second tag associated with the app level traffic from the unmanaged app running on the mobile device when the” is unclear.

Claim Rejections - 35 USC § 103
7. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.




8. Claims 13-14, 16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Desai (US 2017/0279803 A1) in view of Wei (US 2012/0002813 A1) and further in view of Barton (US 2017/0293767 A1)

11. Regarding Claim 13, Desai discloses, a device, comprising: a communication interface (Desai, ¶[0035], Each of the processing nodes 110 may be implemented by one or more of computer and communications devices , e . g . , server computers , gateways , switches , etc . , such as the server 300 described in FIG . 3); and a processor coupled to the communication interface and configured to: receive via the communication interface a notification associated with a request sent using an unmanaged app to access a resource (Desai, ¶[0007], a mobile device configured to provide unified service discovery and secure availability through a unified agent application includes a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to authenticate a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service); 
Desai does not explicitly disclose the following limitations that Wei teaches: 
communication with an access server via the communication interface to establish a device level VPN to  server in response to the push notification (Wei, ¶[0028], Network switch 38 may communicate with network access device 36 over a physical interface supporting various protocols. ¶[0023], he users may access enterprise network 16 by authentication to secure VPN gateway 12 and establishing a communication channel through service provider network 20); .); and cause app level traffic from the unmanaged app to the access server to be sent via the device level VPN (Wei, [0032], server may execute on secure VPN gateway 12 or on a separate network device and may be, for example, a Remote Authentication Dial-In User Service (RADIUS) server. Secure VPN gateway 12 and the remote device may also negotiate other aspects of data connection 14 that ensure security).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Desai with the teachings in Wei to include the VPN access to receive push notification on to the device and to cause app level traffic from the application to the server that would be sent to the device. 
Desai in view of Wei do not explicitly disclose the following limitations that Barton teaches:
use the communication interface to communicate with the access server via the device level VPN, and app level traffic from a trusted app to the access server to be sent via the device level VPN. (Barton, ¶[0047],  the virtualization application may record user interactions associated with a graphical user interface (GUI) and communicate them to a server ¶[0034], a single client machine 240 communicates with more than one server 206, while in another embodiment a single server 206 communicates with more than one client machine 240. ¶[0051], The virtual private network connections may be established and managed by an access gateway 360. The access gateway 360 may include performance enhancement features that manage, accelerate, and improve the delivery of enterprise resources 304 to the mobile device 302. The access gateway may also re-route traffic)
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Desai in view of Wei to incorporate the teachings of Barton to modify the communication access with the device level VPN using the access server within the mobile device. 

12. Regarding Claim 14, Desai in view of Wei and further in view of Barton disclose, the device of claim 13, wherein the notification comprises a push notification to a trusted app (Desai, ¶[0101], The unified agent application 600 can provide service related notifications to the user. For example, the unified agent application 600 can provide notifications such as push alerts or the like as well as contain a notification area for a single place to show all notifications that are generated by the proxy service and the VPN service).

13. Regarding Claim 16, Desai in view of Wei and further in view of Barton disclose, the device of claim 13, wherein the processor is further configured to determine a local security posture of the mobile device and to prevent access to the resource based at least in part on a determination that the mobile device is not secure (Desai, ¶[0076],  the unified agent application 600 has an identity 622 which can include the user, certificates, device posture, etc. and which is shared with the security cloud 608. ¶[0099], the proxy service can always be enforced, and the user is not able to remove it by switching off tunnel or removing the unified agent application 600. Without the proxy solution enforced, the user is not able to access the Internet and would be prompted to restart the web security service, via the unified agent application 600.).

14. Regarding Claim 17, Desai in view of Wei and further in view of Barton disclose, the device of claim 13, wherein the processor is further configured to interact with a user 5of the mobile device to obtain from the user confirmation that access to the resource is authorized (Desai, ¶[0126], When stored in the non-transitory computer readable medium, software can include instructions executable by a processor or device (e.g., any type of programmable circuitry or logic) that, in response to such execution, cause a processor or the device to perform a set of operations, steps, methods, processes, algorithms, functions, techniques, etc. as described herein for the various exemplary embodiments. ¶[0087], The mobile admin function 650 is configured to authorize the services with the MDM function 654 (step 666), enroll in the services through the VPN node 652 (step 668) and the processing nodes 110/cloud nodes 502 (step 670).).

15. Regading Claim 18, Desai in view of Wei and further in view of Barton disclose, the device of claim 17, wherein the user confirmation includes entry of a device access code (Desai ¶[0126], some exemplary embodiments may include a non-transitory computer-readable storage medium having computer readable code stored thereon for programming a computer, server, appliance, device, processor, circuit, etc. each of which may include a processor to perform functions). 

16. Regarding Claim 19, Desai in view of Wei and further in view of Barton disclose,
Desai in view of Wei do not explicitly disclose the following limitations that Barton teaches:
the device of claim 17, wherein the user confirmation includes a biometric input (Barton, ¶[0068], a local copy of the keys may be protected by a user password or biometric validation. When data is stored locally on the device 402).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Desai in view of Wei to incorporate the teachings of Barton to modify the configuration of a user’s identity by obtaining a biometrics input on the mobile device. 

17. Regarding Claim 20, Desai in view of Wei and further in view of Barton disclose, the device of claim 13, 
Desai in view of Wei do not explicitly disclose the following limitations that Barton teaches:
wherein the processor is further configured to stop the device level VPN based at least in part on a determination that authentication of the request access the resource has been completed (Barton, [0095], when the user selects a banner notification informing him of a new email while listening to the shared audio file, the mobile device's processor may pause playback of the audio file and store the last playback position of the audio file, store the security information needed to maintain a login to the file sharing application including active session certificates and tokens. [0067], managed native applications 410 that are allowed to have access to highly classified data requiring strong authentication, and ensure that access to these applications is only permitted after performing appropriate authentication, even if this means a re-authentication is required by the user after a prior weaker level of login. ). 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Desai in view of Wei to incorporate the teachings of Barton to include the processor when the configured device stops based on the VPN level that authenticates the request access to be completed. 

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Desai (US 2017/0279803 A1) and Wei (US 2012/0002813 A1) and Barton (US 2017/0293767 A1) in view of Cattone(US 2015/0286737 A1).

9. Regarding Claim 15, Desai, Wei, Barton and Cattone disclose,
Desai, Wei, and Barton does not explicitly disclose the following limitations that Cattone teaches:
the device of claim 13, wherein the notification comprises an invocation of an iOS Universal Link (Cattone, Claim 17, wherein the communication module is to obtain the universal link interpreter from the resource host computer in response to the detecting of the request).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Desai, Wei and Barton to incorporate the teachings of Cattone to include a notification using an iOS Universal Link to enhance security features. 



Conclusion
19.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433