Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action in response to amendment submitted on 5/6/2021. Claims 1, 8 and 15 are amended. Claims 1-20 are pending.
Response to Arguments
Examiner’s Remarks  - 35 USC § 103
The examiner notes that applicant has amended each independent claim to recite the following: “sending a response to the user … device notifying the user device the application does not exist”. The examiner notes that the applicant now alleges a deficiency on the part of the prior art. The examiner first notes that applicant’s paragraph 0029 states the following: “If a user is not authorized to get the application, the user should not be able to even see that it exists”. The examiner notes that paragraph 0030 of applicant’s original disclosure states, “With the virtual private access, users can only see the specific applications allowed by policy. Everything else is "invisible" or "dark" to them”. As such consistent with applicant’s specification disclosure, the examiner notes that Gharabally teaches in paragraph 0024 the following: “warnings imposed can allow users of client computing devices lacking the required hardware and/or software capabilities to be warned prior to downloading of application programs to those client computing devices. In still another embodiment, restrictions imposed can filter availability of information about application programs available from the remote application repository 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 1, 8 and 15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The examiner notes that applicant’s newly amended claim limitation element of, “sending a response to the user … device notifying the user device the application does not exist”. The examiner notes that the applicant’s paragraph 0029 states the following: “If a user is not authorized to get the application, the user should not be able to even see that it exists”. The examiner notes that paragraph 0030 of applicant’s original disclosure states, “With the virtual private access, users can only see the specific applications allowed by 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kus et al. (US Patent Publication No. 2015/0341367) in view of Gharabally et al. (US Patent Publication No. 2010/0205274).

As to claims 1, 8 and 15, Kus teaches a non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to perform the steps of:
receiving a request, in a cloud system from a user device, to access an application (i.e., …teaches in his abstract the following: “receives a request to open a resource”.), 
wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet (i.e., …teaches in paragraph 0059 the following: “and various resources 140 (e.g., applications, files, directories, services, websites, uniform resource locators (URLs), computers, etc.) within the enterprise network 130 and/or enterprise cloud services 150 outside the enterprise network 130.”.);
determining if the user device is permitted to access the application (i.e., …teaches in his abstract the following: “A first application, which is configured to store data in an encrypted repository on the client device, receives a request to open a resource. The first application determines that one of the policies prohibits access by the resource to the encrypted repository”.); 

in response to determining that the user device is permitted to access the application (figure 4,figure element 406 illustrates determining access is permitted or not), 
stitching together  a connection between the cloud system    and the user device and a connector to provide access to the application (i.e., …teaches in paragraph 0059 the following: “extender 120 can be a lightweight application (e.g., a virtual appliance), for example, that operates similarly to an HTTP proxy server, acting as an intermediary between the secure browser application 115 and various resources 140 (e.g., applications, files, directories, services, websites, uniform resource locators (URLs), computers, etc.) within the enterprise network 130 and/or enterprise cloud services 150 outside the enterprise network 130.”.).

Kus does not expressly teach:
sending a response to the user device notifying the user device the application does not exist, wherein the user device is prevented from ascertaining an existence of applications that the user device is not permitted to access.
In this instance the examiner notes the teachings of prior art reference Gharabally. 
The examiner first notes that applicant’s paragraph 0029 states the following: “If a user is not authorized to get the application, the user should not be able to even see that it exists”. The examiner notes that paragraph 0030 of applicant’s original disclosure states, “With the virtual private access, users can only see the specific applications allowed by policy. Everything else is "invisible" or "dark" to them”.

With regards to applicant’s claim limitation element of,” wherein the user device is prevented from ascertaining an existence of applications that the user device is not permitted to access”, again the examiner notes paragraph 0024 of Gharabally where the following is disclosed: “restrictions imposed can filter availability of information about application programs available from the remote application repository such that users can only view information regarding those applications they are able to download onto such client computing devices”. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kus with the teachings of Gharabally by including the feature of access notification handling. Utilizing access notification handling as taught by Gharabally above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Kus's system will obtain the capability to provide enhanced system security. 

As to claims 2, 9 and 16, Kus teaches a non-transitory computer-readable medium of claim 1, wherein the determining includes determining if a user associated with the user device is permitted to 

As to claims 3, 10 and 17, Kus teaches a non-transitory computer-readable medium of claim 1, wherein the stitching together the connections includes the cloud system creating both a connection to the user device and to the application to enable the user device and the application to communicate (i.e., …teaches in paragraph 0059 the following: “extender 120 can be a lightweight application (e.g., a virtual appliance), for example, that operates similarly to an HTTP proxy server, acting as an intermediary between the secure browser application 115 and various resources 140 (e.g., applications, files, directories, services, websites, uniform resource locators (URLs), computers, etc.) within the enterprise network 130 and/or enterprise cloud services 150 outside the enterprise network 130.”.).

As to claims 4 and 11, Kus teaches a non-transitory computer-readable medium of claim 3, wherein the stitching together the connections includes at least two tunnels between the user device and the application (i.e., …illustrates in figure 2 figure elements 182 and 188 … two connections for the user device).

As to claims 5, 12 and 18, Kus teaches a non-transitory computer-readable medium of claim 1, wherein the application is connected to a connector operating on a computer and communicatively coupled to the cloud system (i.e., …teaches in paragraph 0063 the following: “a secure communication channel is created between the first application and the enterprise network 130 to allow for communication over the channel by the first application (STEP 306)”.).

As to claims 6, 13 and 19, Kus teaches a non-transitory computer-readable medium of claim 1, wherein the user device executes one of a browser and an application to provide the request and to access the application (i.e., ….teaches in paragraph 0063 the following: “a first application on a user device (e.g., secure browser application 115) receives user credentials and, in STEP 304, authenticates the user. Once the user is authenticated, a secure communication channel is created between the first application and the enterprise network 130 to allow for communication over the channel by the first application (STEP 306). The channel can be created as described herein; for example, the central server 160 can broker a connection between the secure browser application 115 and a network extender 120 in the enterprise network 130”.).

As to claims 7, 14 and 20, Kus teaches a non-transitory computer-readable medium of claim 1, wherein the determining includes communicating with a central authority to check if the user device is permitted and for a determination of connection information for the stitching together the connections (i.e., …teaches in paragraph 0064 the following: “and the user's identifying information is transmitted to the central server 160, which determines which enterprise network the user should be connected to. This determination can be based on, for example, a portion of the user's identifying information that is unique (e.g., corporate email address). The central server 160 can then direct the secure browser application 115 to connect, directly or indirectly, to a lightweight network extender 120 within the enterprise network 130. Authentication can be performed by or through the central server 160, the network extender 120, or at both points in one or more stages”.).
Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Friedman et al. (US Patent Publication No. 2002/0072916).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/BRYAN F WRIGHT/Examiner, Art Unit 2497