DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 and 22-25 have been canceled.
Claim 21 has been amended.
Claims 26-44 have been newly added.
Claims 21 and 26-44 are pending in the application.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/07/2019, 10/17/2019, 01/22/2020, 04/21/2020, 08/12/2020, and 01/08/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 21 and 26-34 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claim 21 is directed to “A network authorization system for managing network requests of a network,” in lines 1-2 which is not statutory because as defined in the specification, the system comprising “security engine” and “security agents” are 
Claims 26-34 are also rejected because despite the additional limitations recited therein, they are still directed towards software per se.

Claim Objections
Claims 26, 36, and 41 are objected to because of the following informalities:  the acronym term “TCP/IP” in line 2 must be written out.  Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 21, 30-35, 39-40, and 44 are rejected under 35 U.S.C. 102(a)(1) and/or 102(a)(2) as being anticipated by Feroz et al. (US Patent Application Publication No. 2014/023008 A1) hereinafter Feroz.


a security engine (Fig. 2, security server/security virtual machine 80) for enforcing set of policy rules (para 0020 and 0031-0035, enforcing network policies); and 
 a plurality of security agents (Fig. 2, agents) operating on plurality of end machines (Fig. 2, virtual machines 20 and 90) in the network (Fig. 1 and 2, network 2), each security agent (Fig. 2, agent 29) for:
capturing a network request (Fig. 1, Network Socket Event Request 23a) initiated by the end machine (Fig. 1, Virtual Machine 20) (para 0004, a network socket event request from an application executing in first context is intercepted by an agent); 
identifying contextual information (Fig. 1, application 22a) associated with the network request (para 0004, the request for a decision includes an indication of the identification of the application and para 0019, The request may include information about the application 22a such as application file name, application executable hash, application identifier and user/domain of application 22a); 
sending the contextual information to the security engine (para 0019 and 0025, agent 29 sends a request for a decision on whether to allow or deny a network socket event 81, to security virtual machine 80);
receiving an authorization decision for the network request from the security engine (para 0004, the agent receives from the security server either an allowance or denial of the network socket event request and para 0019, agent 29 receives a decision from security virtual machine 80);


Regarding Claims 30, 39, and 44, Feroz discloses the network authorization system of claim 21, wherein the contextual information comprises at least a primary and a secondary caller for the network request, wherein the security engine enforces the set of policy rules by applying a set of firewall rules for the plurality of end machines, wherein the set of firewall rules specify whether to allow or disallow the network request based on the identified contextual information (para 0023, 0029, and 0039).

Regarding Claim 31, Feroz discloses the network authorization system of claim 30, wherein the primary and secondary callers are applications operating on the end machine, wherein the identified contextual information comprises process identifiers for the applications (para 0037).

Regarding Claim 32, Feroz discloses the network authorization system of claim 30, wherein the primary and secondary callers are users of the end machine, wherein 

Regarding Claim 33, Feroz discloses the network authorization system of claim 21, wherein the contextual information further comprises at least one of a network request type, network request protocol, and application type (para 0004 and 0019).

Regarding Claim 34, Feroz discloses the network authorization system of claim 21, wherein the security engine is one of plurality security engines (Fig. 1, server 10a-z and para 0012), wherein the system further comprises a network policy manager (Fig. 2, network policy management module 98) for managing a network policy for the network; and sending network policy data to the plurality of security engines (para 0023 and 0030). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 26-29, 36-38, and 41-43 are rejected under 35 U.S.C. 103 as being unpatentable over by Feroz as applied to Claims 21, 35, and 40, and further in view of Litty et al. (US Patent Application No. 2014/0215226 A1) hereinafter Litty.


Regarding Claims 27, 37, and 42, Feroz discloses the network authorization system of claim 21, wherein identifying contextual information comprises identifying, by the security agent, system functions that the network request attempts to access (para 0015 and 0022), but does not explicitly disclose a system introspection module of the security agent. However, Litty discloses a system introspection module of the security agent (Fig. 1, agent 123 includes introspection API 143 and para 0014-0015). Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of claimed invention to modify the teachings of Feroz to include a network introspection module as taught by Litty in order to prevent tampering with software component in a guest virtual machine (Litty, para 0005).



Regarding Claims 29, the combination of Feroz and Litty discloses the network authorization system of claim 28, wherein the file introspection module identifies the files using a set of filters on a file system of the end machine (Litty para 0014 and 0022).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTOL-892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BAOTRAN N TO whose telephone number is (571)272-8156.  The examiner can normally be reached on M-F: 7-3.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


BAOTRAN N. TO
Primary Examiner
Art Unit 2435



/BAOTRAN N TO/           Primary Examiner, Art Unit 2435