Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
In communications filed on 7/19/2021, claims 2-3, 5-22 are presented for examination. Claims 2, 9, and 16 are independent.
Amended claim(s): 2, 9, 16
Applicants’ arguments, see Applicant Arguments/Remarks filed 7/29/21, with respect to claim(s) rejected under prior art have been considered and are persuasive. Rejection is withdrawn.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 2, 3, 5-22 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20080244705 A1 (hereinafter ‘Cromer’).

As regards claim 2, Cromer (US 20080244705 A1) discloses: A privileged access management (PAM) apparatus comprising at least one computing device, the at least one computing device configured to: (Cromer: Fig. 1A, system 100)
push an access application to an endpoint device in response to receiving a first request from an accessor device, wherein the access application is automatically executed by the endpoint device, wherein the endpoint device and the accessor device are separate devices; (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the push server sending application to be installed on the customer system 105 (i.e., the endpoint) at the request of the representative system 103 (i.e., the accessor device), wherein the application is automatically executed by the customer 
receive a second request to connect from the access application; (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the application is automatically executed on the customer system and the application then established a session with the representative system) and establish a session between the accessor device and the access application executed by the endpoint device. (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the application is automatically executed on the customer system and the application then established a session with the representative system)

As regards claim 16, Cromer discloses: A system comprising: a data store comprising an access application; (Cromer: Fig. 1A, system 100, i.e., the push server that contains the applications) an endpoint device; and (Cromer: Fig. 1A, i.e., the customer system 105) a privileged access management (PAM) appliance in communication with the endpoint device and the data store, the PAM appliance being configured to: (Cromer: Fig. 1A, i.e., system 100) in response to receiving a first request from an accessor device, retrieve the access application from the data store; (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the push server sending application to be installed on the customer 
push the access application to the endpoint device; (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the push server sending application to be installed on the customer system 105 (i.e., the endpoint) at the request of the representative system 103 (i.e., the accessor device), wherein the application is automatically executed by the customer system, and wherein the customer system and the representative system are separate system/devices)
receive a second request for connection from the access application; and (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the application is automatically executed on the customer system and the application then established a session with the representative system) establish a session between the accessor device and the access application executed by the endpoint device. (Cromer: Fig. 1A, ¶23-¶25, ¶63, i.e., the application is automatically executed on the customer system and the application then established a session with the representative system)

Claim 9 recites substantially the same features recited in claims 2 and 16 above, and is rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 3, Cromer discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to push the access application to the endpoint device based on at least one of: a system management bus, a remote procedure call, inter process communications, a file transfer protocol, a secure shell, or a hypertext transfer protocol. (Cromer: ¶71) 

As regards claim 5, Cromer discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to: receive a third request from a second accessor device to access a second endpoint device; (Cromer: Fig. 1A, ¶19, ¶23-¶25, ¶63) receive a fourth request to connect from the other access application; (Cromer: Fig. 1A, ¶19, ¶23-¶25, ¶63) and establish a second session between the second accessor device and the second endpoint device. (Cromer: Fig. 1A, ¶19, ¶23-¶25, ¶63)

As regards claim 6, Cromer discloses the PAM apparatus of claim 2, wherein the endpoint device excludes a pre-installed 

As regards claim 7, Cromer discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to execute a push service to handle operations for pushing the access application to the endpoint device. (Cromer: Fig. 1A, ¶23-¶25, ¶63)

As regards claim 8, Cromer discloses the PAM apparatus of claim 2, wherein the at least one computing device is further configured to manage access rights to the endpoint device. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶63)

As regards claim 10, Cromer discloses the method of claim 9, wherein sending the access application to the endpoint device is performed by a protocol agent on behalf of a privileged access management (PAM) appliance. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶63)

claim 11, Cromer discloses the method of claim 10, wherein the protocol agent communicates with the endpoint device on a local network and communicates with the PAM appliance on a wide-area network. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶63, ¶82-¶83)

As regards claim 12, Cromer discloses the method of claim 9, wherein the session is based on an access policy assigned to the endpoint device. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶82-¶83)

As regards claim 13, Cromer discloses the method of claim 12, wherein a PAM appliance establishes the session and the method further comprises managing, via the PAM appliance, access rights to a plurality of endpoint devices including the endpoint device and respective access session traffic. (Cromer: Fig. 1A. 1B, 2B, Table-1, ¶19-¶25, ¶43, ¶52-¶52, ¶63)

As regards claim 14, Cromer discloses the method of claim 9, further comprising determining an in-session policy for the session, wherein the in-session policy grants or denies access to at least one of: a tool, a command, a credentials, or a resource for the endpoint. (Cromer: Fig. 1A. 1B, Table-1, ¶19-¶25, ¶43, ¶52-¶52, ¶63)

As regards claim 15, Cromer discloses the method of claim 9, wherein sending the access application to the endpoint device is performed by the accessor device. (Cromer: Fig. 1A. 1B, Table-1, ¶19-¶25, ¶43, ¶52-¶52, ¶63)

As regards claim 17, Cromer discloses the system of claim 16, wherein the endpoint device is configured to: receive the access application from the PAM appliance; and (Cromer: Fig. 1A. 1B, Table-1, ¶19-¶25, ¶43, ¶52-¶52, ¶63) in response to receiving the access application, automatically execute the access application. (Cromer: Fig. 1A. 1B, Table-1, ¶19-¶25, ¶43, ¶52-¶52, ¶63)

As regards claim 18, Cromer discloses the system of claim 16, further comprising a protocol agent in communication via a local area network with the endpoint device, wherein the access application is pushed to the endpoint device via the protocol agent. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶82-¶83)

As regards claim 19, Cromer discloses the system of claim 16, further comprising a protocol agent configured to: connect to the endpoint device using a first protocol via the first network; and (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶82-¶83) 

As regards claim 20, Cromer discloses the system of claim 16, further comprising a protocol agent configured to convert an access protocol used by the PAM appliance to another protocol used by the endpoint device. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶82-¶83)

As regards claim 21, Cromer discloses the system of claim 16, wherein the PAM appliance is further configured to establish a persistent connection to a protocol agent based on a certificate based authentication. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶66-¶67, ¶82-¶83)

As regards claim 22, Cromer discloses the PAM apparatus of claim 2, wherein establishing the session comprises providing the accessor device with real time access control to resources of the endpoint device. (Cromer: Fig. 1A. 1B, ¶19-¶25, ¶43, ¶63, ¶66-¶67, ¶82-¶83)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/Primary Examiner, Art Unit 2432