Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Examiner’s Amendment and Examiner’s Reasons for Allowance action is in response to the filing of 4/30/2021. Claims 1-25 have been cancelled.  Claims 26-29, 32-35, and 40-43 have been amended.  Therefore claims 26-45 are presently pending in the application and have been considered as follows.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/13/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendments
In light of applicant’s amendments, all previously raised objections and rejections are hereby withdrawn.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Attorney Alisha Feustel (Reg. No. 58122) on May 12, 2021.
The application has been amended as follows:
1-25. (Cancelled)
26. (Currently Amended) A non‐transitory machine readable medium comprising one or more instructions that when executed by a processor, cause the processor to:
receive, by a network security platform from an electronic device, a request to access a
network service;
send, by the network security platform to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed through a pre‐defined network element in the network security platform;
receive, by the network security platform from the electronic device, the new request; determine, by the network security platform, whether the new request was routed
through the pre‐defined network element in the network security platform, wherein the network security platform enforces a security policy; and
allow access to the network service based on a determination that the new request was routed through the pre‐defined network element in the network security platform, wherein access to the network service is routed through the pre-defined network element; or
block access to the network service based on a determination that the new request was not routed through the pre‐defined network element in the network security platform.


27. (Currently Amended) The non‐transitory machine readable medium of Claim 26, wherein the request to access the network service is received by a reverse proxy module in the network security platform.



classify the electronic device as trusted based on the determination that the new request was routed through the pre‐defined network element in the network security platform.


29. (Currently Amended) The non‐transitory machine readable medium of Claim 26, further comprising one or more instructions that when executed by the processor, further cause the processor to:
classify the electronic device as untrusted based on the determination that the new request was not routed through the pre‐defined network element in the network security platform.

30.   (Previously Presented) The non‐transitory machine readable medium of Claim 26, further comprising one or more instructions that when executed by the processor, further cause the processor to:
communicate instructions to the electronic device as to how the electronic device could
be allowed access to the network service.


31.   (Previously Presented) The non‐transitory machine readable medium of Claim 26,
wherein the electronic device is an unmanaged device.


32.   (Currently Amended) An apparatus comprising:
a network services platform including one or more hardware processors configured to: receive, by a network security platform from an electronic device, a request to
access a network service;
by the network security platform to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed through a pre‐defined network element in the network security platform;
receive, by the network security platform from the electronic device, the new
request;
determine, by the network security platform, whether the new request was routed through the pre‐defined network element in the network security platform, wherein the network security platform enforces a security
policy; and
allow access to the network service based on a determination that the new request was routed through the pre‐defined network element in the network security platform, wherein access to the network service is routed though the pre‐defined network element; or
block access to the network service based on a determination that the new request was not routed through the pre‐defined network element in the network security
platform.

33. (Currently Amended) The apparatus of Claim 32, wherein the request to access the network service is received by a reverse proxy module in the network security platform.

34. (Currently Amended) The apparatus of Claim 32, wherein the one or more hardware processors of the network services platform is further configured to:
classify the electronic device as trusted based on the determination that the new request
was routed through the pre‐defined network element in the network security platform.



35. (Currently Amended) The apparatus of Claim 32, wherein the one or more hardware processors of the network services platform is further configured to:
classify the electronic device as untrusted based on the determination that the new
request was not routed through the pre‐defined network element in the network security
platform.

36. (Previously Presented) The apparatus of Claim 32, wherein the one or more
hardware processors of the network services platform is further configured to:
communicate instructions to the electronic device as to how the electronic device could
be allowed access to the network service.

37. (Previously Presented) The apparatus of Claim 32, wherein credentials to access
the requested network service are obtained from an identity provider.

38. (Previously Presented) The apparatus of Claim 32, wherein the embedded code is
not readily identifiable by a user of the electronic device.

39. (Previously Presented) The apparatus of Claim 32, wherein the electronic device
is an unmanaged device.

40. (Currently Amended) A method comprising:
by a network security platform from an electronic device, a request to
access a network service;
sending, by the network security platform to the electronic device in response to
the request, data related to the network service that includes embedded code that causes
the electronic device to execute a new request routed through a pre‐defined network
element in the network security platform;
receiving, by the network security platform from the electronic device, the new
request;
determining, by the network security platform, whether the new request was
routed through the pre‐defined network element in the network security platform,
wherein thenetwork security platform enforces a security
policy; and
allowing access to the network service based on a determination that the new
request was routed through the pre‐defined network element in the network security
platform, wherein access to the network service is routed though the pre‐defined
network element; or
blocking access to the network service based on a determination that the new
request was not routed through the pre‐defined network element in the network security
platform.

41. (Currently Amended) The method of Claim 40, wherein the request to access the network service is received by a reverse proxy module in the network security platform.


classifying the electronic device as trusted based on the determination that the new request was routed through the pre‐defined network element in the network security platform.

43.   (Currently Amended) The method of Claim 40, further comprising:
classifying the electronic device as untrusted based on the determination that the new request was not routed through the pre‐defined network element in the network security platform. 

44.  	(Previously Presented) The method of Claim 43, further comprising: communicating instructions to the electronic device as to how the electronic device could be allowed access to the network service.

45.        (Previously Presented) The method of Claim 42, wherein the embedded code is
not readily identifiable by a user of the electronic device.

Allowable Subject Matter
Terminal Disclaimer filed on 5/13/2021 was approved by the Office.
Claims 26-45 are allowed over the prior art of record.  The following is an examiner's statement of reasons for allowance:

Prior art of record teaches the following:
Bhogavilli et al. (US 2014/0096194 A1) teaches methods and systems for mitigating denial-of-service attacks include a proxy server that monitors a set of application servers configured to receive and service requests from clients. The proxy server intercepts the requests, and in response, provides the clients with customized 
Dabbiere (US 2014/0282869 A1) teaches various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
Wheeldon (US 2013/0346472 A1) teaches techniques are provided for receiving a request from a client proxy device to access a file on a server. The file is associated with a uniform resource locator (URL). In response to receiving the request, the server proxy device evaluates the request for presence of information that indicates that the 
Horita et al. (US 2008/0307221 A1) teaches an event-ordering certification system 100 includes a certification apparatus 1, a plurality of user apparatuses 2i (i=a, b, . . . , n), an audit apparatus 3 for performing an audit of an event-ordering receipt published by the certification apparatus 1 and a network 4 for connecting these elements with each other. In response to an event-ordering request from one user apparatus 2i, the certification apparatus 1 publishes the event-ordering receipt and sends it to the user apparatus 2i. If a mistrust is produced in the event-ordering receipt, the user apparatus 2i verifies the event-ordering receipt with the use of data published by the certification apparatus 1 and an audit result by the audit apparatus 3.
However, prior art is silent on " receiving, by a network security platform from an electronic device, a request to access a network service; sending, by the network security platform to the electronic device in response to the request, data related to the network service that includes embedded code that causes the electronic device to execute a new request routed through a pre‐defined network element in the network security platform; receiving, by the network security platform from the electronic device, the new
request; determining, by the network security platform, whether the new request was
routed through the pre‐defined network element in the network security platform,
wherein the network security platform enforces a security
policy; and allowing access to the network service based on a determination that the new
request was routed through the pre‐defined network element in the network security
platform, wherein access to the network service is routed though the pre‐defined
network element; or blocking access to the network service based on a determination that the new request was not routed through the pre‐defined network element in the network security
platform. ", in combination with all other claim limitations, as it has been recited in independent claims 26, 32, and 40.  
All other dependent claims are allowable as they depend on an allowable independent claim.
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Lizbeth  Torres Diaz/
Examiner, Art Unit 2495
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495                                                                                                                                                                                                        


/May 24, 2021/
/ltd/