Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 


Response to Arguments
Applicant's arguments have been fully considered but they are not persuasive.   Applicant has largely amended to state that the authentication challenge iss processed according to the classification of the application.   However if the application is a web browser, then arguably it inherently is capable of handling all standard HTTP and HTTPS protocol authentications.
Examiner has added supplemental references in an effort to more clearly meet the claims as amended.


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 21-44  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Stanko US 7,246,230



Chen teaches the hardware processor configured to determine an inherent capability specific to the classification of application.  Chen teaches the processor to generate an authentication challenge based on the classification such that the authentication challenge is configured to cause the application to extract, parse, and, using the inherent capability, recognize the authentication challenge, the hardware processor configured to receive an automatic non-user-interactive response being generated by the application using the inherent capability, and identify an identity characteristic of the application and whether the application is malware based at least in part on the automatic non-user-interactive response  [0006] [0007] [0064] [0065] [0066] [0076] [0080]  
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.

Stanko teaches classification of an application and an inherent capability specific to the classification of the application, to generate an authentication challenge, which is configured to cause the application to extract parse and using the capability recognize the authentication challenge, and to send an automatic non user interactive response to the challenge. (Column 8 lines 20-65)  (teaches a redirect authentication challenge received by a browser, and explicitly teaches that a redirect is a standard/inherent browser operation, also teaches that the process is done without user interaction, also uses includes a random number/primitive, and URL of trusted second server/primitive)
It would have been obvious to one of ordinary skill in the art to use the security of Stanko with the previous combination because it increases security. 


As per claim 33, 38,  Stanko teaches the classification of the application is associated with at least HTTP and HTTPS or VOIP   (Column 2 lines 4-19) (Column 8 lines 20-65)  (teaches a redirect authentication challenge received by a browser, and explicitly teaches that a redirect is a standard/inherent browser operation, also teaches that the process is done without user 


As per claims 31, 34 Nice teaches A method, comprising: receiving data from an application of a compute device initiating a communication with a server; defining, based on the communication protocol type, the network behavior and the communication characteristics, a request for the compute device; sending the request to the compute device;  [0025] [0026] [0033][0036] [0038][0041]-[0044][0046] [0052] (Teaches a proxy that intercepts communication from client to Enterprise and proceeds to follow security procedures including authentication/challenge response based on a protocol and determining whether to allow access, deny access, determine maliciousness, teaches that security procedures may be based and or requests based on determined communication protocol for example on Secure Socket Layer in HTTP, teaches IP including identifying variations of fields including IP source and destination address which Examiner asserts is well known in the art to provide the foundation of IP protocol)

 Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the authentication challenge, the hardware processor configured to detect an identity characteristic of the application based on the automatic non-user interactive response and identify whether the application is malware based at least in part on the identity characteristic  [0006] [0007] [0064] [0065] [0066] [0076] [0080]  (sends challenge including primitive (seed) and evaluates non-user interactive response, teaches that the 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.
Stanko teaches classification of an application and an inherent capability specific to the classification of the application, to generate an authentication challenge, which is configured to cause the application to extract parse and using the capability recognize the authentication challenge, and to send an automatic non user interactive response to the challenge. (Column 8 lines 20-65)  (teaches a redirect authentication challenge received by a browser, and explicitly teaches that a redirect is a standard/inherent browser operation, also teaches that the process is done without user interaction, also uses includes a random number/primitive, and URL of trusted second server/primitive)
It would have been obvious to one of ordinary skill in the art to use the security of Stanko with the previous combination because it increases security. 
As per claims 22,  Nice teaches the hardware processor is configured to identify the application as malware based on an identity characteristic [0036]

As per claim 35, Chen teaches detective the identity characteristic of the application is based on the automatic non-user-interactive response not being valid. [0006] [0007] [0065] [0066]
As per claims 26, 39 Chen teaches the authentication challenge is an active content challenge for the application.  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)
Nice teaches the hardware processor is configured to block the communication from being sent to the server in response to identifying the application as malware. [0033] (deny)






As per claim 28.  Nice teaches A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to: 3 228372082 v1Application No.: 16/295,498Docket No.: INVI-006/04US 314067-2064 intercept a communication between an application running at a compute device and a server different from the compute device; determine a communication protocol type of the communication  a request based on the protocol type and based on the network behavior and communication characteristics; send the request to the compute device via a network; , [0025] [0026] [0033][0036] [0038][0041]-[0044][0046] [0052] (Teaches a proxy that intercepts communication from client to Enterprise and proceeds to follow security procedures including authentication/challenge response based on a protocol and determining whether to allow access, deny access, determine maliciousness, teaches that security procedures may be based and or requests based on determined communication protocol for example on Secure Socket Layer in HTTP)


It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.
Stanko teaches classification of an application and an inherent capability specific to the classification of the application, to generate an authentication challenge, which is configured to cause the application to extract parse and using the capability recognize the authentication challenge, and to send an automatic non user interactive response to the challenge. (Column 8 lines 20-65)  (teaches a redirect authentication challenge received by a browser, and explicitly teaches that a redirect is a standard browser operation, also teaches that the process is done without user interaction, also uses includes a random number/primitive, and URL of trusted second server/primitive)




As per claim 29. Nice teaches The non-transitory processor-readable medium of claim 28, wherein the code to cause the processor to identify the application as malware includes code to cause the processor to identify the application as malware based on at least one of the communication or the automatic non-user-interactive response not being valid [0036]


As per claim 30. Nice teaches The non-transitory processor-readable medium of claim 28, the code further comprising code to cause the processor to: block the communication from being sent to the server in response to identifying the application as malware.  [0033] (deny)


As per claim 32. Chen teaches The non-transitory processor-readable medium of claim 28, wherein the request is an active content challenge for the application. [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)

As per claim 41,  Nice teaches the method of claim 34, wherein the communication protocol type is at least one of: HTTP, HTTPS, Voice Over IP (VoIP), Session Description Protocol, Session Initiation Protocol, Real Time Transport Protocol, or Real Time Transport Control Protocol.  [0043][0052]

As per claim 42, Nice teaches the method of claim 34, wherein the defining the request is further based on a set of protocol capabilities of the communication protocol type.  [0033][0036][0038][0043]

As per claim 43,  Stanko teaches determining values of fields associated with the communication the field used to denote a source or destination of the related communication, and identifying a sequential order of the fields denoting source or destination related to communication . (Column 8 lines 20-65)  (teaches a redirect authentication challenge received by a browser,  including IP address of client and identity of server; and explicitly teaches that a redirect is a standard/inherent browser operation, also teaches that the process is done without user 

As per claim 44,  Nice teaches the method of claim 34, wherein the determining the communication protocol type is via protocol fingerprinting.  [0033][0036][0038][0043]
Burns teaches protocol type and fingerprinting.  (Column 9 lines 45-59; Column 10 lines 43-60 Column 11 lines 1-20)  (Burns teaches using application identification based on communication properties, including header properties and behavior)

Claims 47  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Burns US8,291,495 in view of Blumenthal US 2008/0132279 in view of Mahle Jr. US 2007/0248077.

As per claim 47,  Mahle Jr teaches The method of claim 46, wherein the communication protocol type is VoIP and includes a set of VoIp clients with communication features including "User- Agent", "Audio Codec" or "Status Code.  [0033][0034][0039][0040] [0041] [0046] (VoiP protocol, SIP registration with User agent)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the agent of Mahle Jr with the previous combination because it helps automate actions.


Claims 45, 46, 48  is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Nice US 2009/0300739 in view of Chen US 2004/0093372 in view of Blumenthal US 2008/0132279

As per claim 45, Blumenthal teaches the method of claim 34, wherein the communication protocol type is VoIP, the method further comprising: identifying an implementation of the communication protocol type to be at least one of Asterix, sipX, PBX, or Skype, the defining the request being further based on the implementation of the communication protocol type.  [0039] (VoIP calls, SIP) [0009] [0025][0028][0073]-[0076] (teaches that the authentication is SIP protocol which is well known to be associated with VOIP,)
It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Blumenthal with the previous art because it is increases the security of media communications.


As per claim 46, Blumenthal teaches the method of claim 34, where the request is an active content challenge for the application and is VoIP.  [0041]  [0039] (VoIP calls, SIP) [0009] [0025][0028][0073]-[0076] (teaches that the authentication is SIP protocol which is well known to be associated with VOIP,)
Chen teaches the authentication challenge is an active content challenge for the application.  [0006] [0007] [0065] [0066]  (sends challenge and evaluates non-user interactive response)




As per claim 48. Nice teaches An apparatus, comprising: a memory; and 7 228372082 v1Application No.: 16/295,498Docket No.: INVI-006/04US 314067-2064 a hardware processor communicatively coupled to the memory, the hardware processor configured to intercept a communication from an application executing at a compute device, the communication addressed to a server different from the compute device, the hardware processor configured to determine a communication protocol type the hardware processor configured to select a request such that if the communication protocol type is determined to be a VoIP protocol type the hardware processor configured to send the request to the compute device via a network;, [0025] [0026] [0033][0036] [0038][0041]-[0044][0046] [0052] (Teaches a proxy that intercepts communication from client to Enterprise and proceeds to follow security procedures including authentication/challenge response based on a protocol and determining whether to allow access, deny access, determine maliciousness, teaches that security procedures may be based and or requests based on determined communication protocol for example on Secure Socket Layer in HTTP)  Nice teaches the hardware processor is configured to block the communication from being sent to the server in response to identifying the application as malware. [0033] (deny)
Chen teaches the hardware processor configured to receive from the compute device an automatic non-user-interactive response to the request, the hardware processor configured to identify whether the application is malware based at least in part on the automatic non-user-
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the non-user interactive response of Chen with the previous reference because it increases security and shows if a client has been corrupted.
Blumenthal teaches the communication protocol type is Voip and the request being an active content challenge recognized by applications associated with VOIP and not be applications associated with HTTP and HTTPS.   [0009] [0025][0028][0073]-[0076] (teaches that the authentication is SIP protocol which is well known to be associated with VOIP, and that a specific phone application is used and associated with said protocols, Examiner asserts that this protocol/application would not use HTTP)
It would have been obvious to one of ordinary skill in the art to use the Voip protocol of Blumenthal with the previous art because it is increases the security of media communications.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439