DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 2021-01-08 has been entered.


Response to Amendment
The amendment filed 2020-12-23 has been entered and fully considered.

In light of applicant’s amendment, filed 2020-12-23, the 35 U.S.C. § 112(a) rejection has been withdrawn.

Applicant’s arguments, see p. 9, filed 2020-12-23, with respect to the claim amendments overcoming the prior art of the rejection of claims 1-20 under 35 U.S.C. § 103 have been fully considered and are persuasive. 


Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2021-01-08 (2x) and 2021-03-24 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.


Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Stephen Terrile (Reg. 32,946) on 2021-05-18.

Please replace the Claims as follows:


receiving a request from a user module via an edge device, the user module executing on a protected endpoint, the protect endpoint comprising an endpoint device and an endpoint agent, the endpoint agent executing on a hardware processor of the endpoint device;
determining whether the user module should be assessed to detect security vulnerabilities, the security vulnerabilities comprising a weakness which can be exploited to perform unauthorized actions within the endpoint device;
setting user module information when the user module should be assessed to detect security vulnerabilities;
redirecting the user module for assessment; 
performing, via a user module assessment system, an assessment of the user module to detect possible security vulnerabilities, the user module assessment system executing on the edge device; and,
storing the user module information within a persistent session cookie, the persistent session cookie being stored on the protected endpoint, the persistent session cookie comprising a persistent cookie aspect and a session cookie aspect to persistently store information associated with a user and the user module assessment system, the persistent cookie aspect of the persistent session cookie not expiring and the session cookie aspect of the persistent session cookie containing information related to a session between the user module and the user module assessment system.
2.	(Previously Presented)	The method of claim 1, further comprising:  
determining whether the request has a related persistent session cookie; and,
generating the persistent session cookie when the request does not have a related persistent session cookie.

processing the persistent session cookie to determine when a session last occurred prior to determining whether the user module should be assessed for security vulnerabilities.
4.	(Original)	The method of claim 1, wherein:  
redirecting the user module comprises a transparent traffic routing approach, the transparent traffic routing approach comprising at least one of a Generic Routing Encapsulation (GRE) traffic routing approach, an Internet Protocol Security (IPSec) traffic routing approach, a Layer 3 (L3) traffic interception traffic routing approach, and a proxy auto-config (PAC) file traffic routing approach. 
5.	(Original)	The method of claim 1, further comprising:
updating the persistent session cookie to reflect that no security vulnerabilities were detected when the assessment of the user module to detect possible security vulnerabilities does not detect any possible security vulnerabilities.
6.	(Previously Presented)	The method of claim 1, wherein:  
the persistent session cookie is implemented to contain certain session information, the session information including at least one of information related to the user module, an associated user module endpoint device, a user associated with the user module, temporal information related to the user module, user behavior information associated with a session, and contextual information associated with the session.
7.	(Currently Amended)	A system comprising:  
a processor;  
a data bus coupled to the processor; and 
a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to 
receiving a request from a user module via an edge device, the user module executing on a protected endpoint, the protect endpoint comprising an endpoint device and an endpoint agent, the endpoint agent executing on a hardware processor of the endpoint device;
determining whether the user module should be assessed to detect security vulnerabilities, the security vulnerabilities comprising a weakness which can be exploited to perform unauthorized actions within the endpoint device;
setting user module information when the user module should be assessed to detect security vulnerabilities;
redirecting the user module for assessment; 
performing, via a user module assessment system, an assessment of the user module to detect possible security vulnerabilities, the user module assessment system executing on the edge device; and,
storing the user module information within a persistent session cookie, the persistent session cookie being stored on the protected endpoint, the persistent session cookie comprising a persistent cookie aspect and a session cookie aspect to persistently store information associated with a user and the user module assessment system, the persistent cookie aspect of the persistent session cookie not expiring and the session cookie aspect of the persistent session cookie containing information related to a session between the user module and the user module assessment system.
8.	(Previously Presented)	The system of claim 7, wherein the instructions executable by the processor are further configured for:  
determining whether the request has a related persistent session cookie; and,

9.	(Original)	The system of claim 7, wherein the instructions executable by the processor are further configured for:  
processing the persistent session cookie to determine when a session last occurred prior to determining whether the user module should be assessed for security vulnerabilities.
10.	(Original)	The system of claim 7, wherein:  
redirecting the user module comprises a transparent traffic routing approach, the transparent traffic routing approach comprising at least one of a Generic Routing Encapsulation (GRE) traffic routing approach, an Internet Protocol Security (IPSec) traffic routing approach, a Layer 3 (L3) traffic interception traffic routing approach, and a proxy auto-config (PAC) file traffic routing approach. 
11.	(Currently Amended)	The system of claim [[17]] 7, wherein the instructions executable by the processor are further configured for:  
updating the persistent session cookie to reflect that no security vulnerabilities were detected when the assessment of the user module to detect possible security vulnerabilities does not detect any possible security vulnerabilities.
12.	(Previously Presented)	The system of claim 7, wherein:  
the persistent session cookie is implemented to contain certain session information, the session information including at least one of information related to the user module, an associated user module endpoint device, a user associated with the user module, temporal information related to the user module, user behavior information associated with a session, and contextual information associated with the session.

receiving a request from a user module via an edge device, the user module executing on a protected endpoint, the protect endpoint comprising an endpoint device and an endpoint agent, the endpoint agent executing on a hardware processor of the endpoint device;
determining whether the user module should be assessed to detect security vulnerabilities, the security vulnerabilities comprising a weakness which can be exploited to perform unauthorized actions within the endpoint device;
setting user module information when the user module should be accessed to detect security vulnerabilities;
redirecting the user module for assessment; 
performing, via a user module assessment system, an assessment of the user module to detect possible security vulnerabilities, the user module assessment system executing on the edge device; and,
storing the user module information within a persistent session cookie, the persistent session cookie being stored on the protected endpoint, the persistent session cookie comprising a persistent cookie aspect and a session cookie aspect to persistently store information associated with a user and the user module assessment system, the persistent cookie aspect of the persistent session cookie not expiring and the session cookie aspect of the persistent session cookie containing information related to a session between the user module and the user module assessment system.
14.	(Previously Presented)	The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are further configured for:  
determining whether the request has a related persistent session cookie;
generating the persistent session cookie when the request does not have a related persistent session cookie.

processing the persistent session cookie to determine when a session last occurred prior to determining whether the user module should be assessed for security vulnerabilities.
16.	(Original)	The non-transitory, computer-readable storage medium of claim 13, wherein:  
redirecting the user module comprises a transparent traffic routing approach, the transparent traffic routing approach comprising at least one of a Generic Routing Encapsulation (GRE) traffic routing approach, an Internet Protocol Security (IPSec) traffic routing approach, a Layer 3 (L3) traffic interception traffic routing approach, and a proxy auto-config (PAC) file traffic routing approach. 
17.	(Original)	The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are further configured for:  
updating the persistent session cookie to reflect that no security vulnerabilities were detected when the assessment of the user module to detect possible security vulnerabilities does not detect any possible security vulnerabilities.
18.	 (Previously Presented)	The non-transitory, computer-readable storage medium of claim 13, wherein:  
the persistent session cookie is implemented to contain certain session information, the session information including at least one of information related to the user module, an associated user module endpoint device, a user associated with the user module, temporal information related to the user module, user behavior information associated with a session, and contextual information associated with the session.

20.	(Original)	The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are provided by a service provider to a user on an on-demand basis.


Allowable Subject Matter
Claims 1-20 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.  First, Applicant’s arguments with respect to the claim amendments traversing the prior art of record are persuasive.  In addition, based on an updated search and further consideration, the Examiner has been unable to locate prior art that would anticipate or render obvious the claimed invention as a whole.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491