Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Detailed Action
This office action is in response to the listing of claims filed on April 14, 2020. Claims 1-20 are currently pending.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 12-15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ashtaputre et al (US PGPub No: US 20200162282 A1) in view of Yancey (US Patent No: 10,868,836), hereafter referred to as Ashtaputre and Yancey, respectively. 

With regards to claim 1, Ashtaputre teaches through Yancey, a method comprising: 

storing and updating published resource entitlements for a plurality of client devices at a computing device (Ashtaputre teaches publishing internet access policies in the network fabric; see paragraph 33, Ashtaputre); 

(Ashtaputre teaches using the published access policies to cascade/share the information amongst other network fabrics about subscription services; see paragraphs 34 and 40, Ashtaputre. Ashtaputre explains how endpoint devices, such as laptops and mobile phones (i.e. client devices), join (request connection) a network, and policy information can be carried amongst fabric nodes including VXLAN (virtual extensible lan) tunnel; see paragraph 61, Ashtaputre); 

and request validation of the connection leases from the computing device at the computing device, responsive to validation requests from the virtual delivery appliances, comparing the connection leases to the updated published resource entitlements and validating the virtual session requests based thereon; and at the virtual delivery appliances, providing the client devices with access to virtual sessions corresponding to the published resource entitlements responsive to validation of connection leases from the computing device (see Yancey below).  

While Ashtaputre supports policies in networks to manage device connections, Ashtaputre does not explicitly cite validating connection requests and comparing connection leases to the updated policies (resource entitlements). In the same field of endeavor, Yancey also teaches a network that uses polices to manage device connections; see abstract, Yancey. In particular, Yancey teaches publishing updated policies; see Figures 8 and 9 and column 2, lines 4-20, Yancey. Yancey goes on to further explain how a user can be validated against stored information to assess whether they have the appropriate permissions; see column 3, lines 44-62, Yancey. Once authenticated, the resource is allocated and the user can utilize the resource for a specified capacity/time; see column 3, lines 63-66, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey. 

With regards to claims 2, 13, and 18, Ashtaputre teaches through Yancey, the method further comprising, at the computing device, generating a pre-authorized validation for the virtual delivery appliances; and at the virtual delivery appliances, providing at least one client device with access to a requested virtual session without availability of the computing device based upon the pre-authorized validation (Yancey teaches pre-initialized and pre-configured virtual machines being assigned to customer requests; see column 15, lines 56-62, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey).  

With regards to claim 3, Ashtaputre teaches through Yancey, the method wherein the virtual delivery appliances are arranged in a pool, and further comprising at a given virtual delivery appliance in the pool ceasing providing other client devices access to virtual sessions without availability of the computing device after providing the at least one client device with access to the requested virtual session (Yancey teaches authorized customer/client can be the only one to access the resource; see column 4, line 64 – column 5, line 4, Yancey. The resource can be within pools; see column 15, lines 56-62, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey).  

With regards to claim 4, Ashtaputre teaches through Yancey, the method further comprising re-provisioning the given virtual delivery appliance to generate the pre-authorized validation after the requested virtual session is closed (Yancey explains using session tokens for users to be validated on subsequent session requests; see column 3, line 63 – column 4, line 11, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey).  

With regards to claims 5, 14, and 19, Ashtaputre teaches through Yancey, the method further comprising, at the virtual delivery appliances, denying and redirecting the connection requests to other virtual delivery appliances without availability of the computing device (Yancey supports load balancing requests to determine appropriate resource fleets; see column 12, lines 33-49, Yancey. Yancey goes on to further explain how a user is validated to assess whether they have the appropriate permissions; see column 3, lines 44-62, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey).  

With regards to claims 6 and 20, Ashtaputre teaches through Yancey, the method wherein the connection leases list a subset of the plurality of virtual delivery appliances; and further comprising, at the computing device, redirecting client devices with validated connection leases to virtual delivery appliances either inside or outside of the listed subset of virtual delivery appliances based upon virtual delivery appliance usage levels (Yancey teaches handling requests via load balancing and customer code usage determination; see column 15, lines 30-62, Yancey. Authorization is checked occurs to ensure the customer code can be accessed by the requesting customer; see column 14, lines 14-17, Yancey. By validating users are authorized, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey.).  

With regards to claims 7 and 15, Ashtaputre teaches through Yancey, the method wherein the connection leases are being associated with a public/private encryption key pair of the computing device and signed using the private encryption key; and further comprising, at the virtual delivery appliances, validating the connection leases using the public encryption key prior to requesting validation of the connection leases from the computing device (Validation can be implemented using public and private verification parameters and keys; see column 4, lines 9-25. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey.).  

With regards to claim 8, Ashtaputre teaches through Yancey, the method wherein the connection leases are also time-based, and further comprising, at the virtual delivery appliances, performing time-based validation of the connection leases prior to requesting validation of the connection leases from the computing device (Once authenticated, the resource is allocated and the user can utilize the resource for a specified capacity/time; see column 3, lines 63-66, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey.).  


With regards to claim 12, Ashtaputre teaches through Yancey, a virtual delivery appliance comprising: a memory and a processor configured to cooperate with the memory to receive connection requests from a plurality of client devices, 

the connection requests including a connection lease issued based upon published resource entitlements for the client devices stored and updated at a computing device (Ashtaputre teaches publishing internet access policies in the network fabric; see paragraph 33, Ashtaputre.  Ashtaputre teaches using the published access policies to cascade/share the information amongst other network fabrics about subscription services; see paragraphs 34 and 40, Ashtaputre. Ashtaputre explains how endpoint devices, such as laptops and mobile phones (i.e. client devices), join (request connection) a network, policy information can be carried amongst fabric nodes including VXLAN (virtual extensible lan) tunnel; see paragraph 61, Ashtaputre), 

request validation of the connection leases to cause the computing device to compare the connection leases to the updated published resource entitlements and validate the virtual session requests based thereon, and provide the client devices with access to virtual sessions corresponding to the published resource entitlements responsive to validation of connection ]eases from the computing device (see Yancey below).  

While Ashtaputre supports policies in networks to manage device connections, Ashtaputre does not explicitly cite validating connection requests and comparing connection leases to the updated policies (resource entitlements). In the same field of endeavor, Yancey also teaches a network that uses polices to manage device connections; see abstract, Yancey. In particular, Yancey teaches publishing updated policies; see Figures 8 and 9 and column 2, lines 4-20, Yancey. Yancey goes on to further explain how a user can be validated against stored information to assess whether they have the appropriate permissions; see column 3, lines 44-62, Yancey. Once authenticated, the resource is allocated and the user can utilize the resource for a specified capacity/time; see column 3, lines 63-66, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey. 


With regards to claim 17, Ashtaputre teaches through Yancey, a computing system comprising: 

a computing device configured to store and update published resource entitlements for a plurality of client devices (Ashtaputre teaches publishing internet access policies in the network fabric; see paragraph 33, Ashtaputre); 

and a plurality of virtual delivery appliances configured to receive connection requests from the client devices, the connection requests including a connection lease issued based upon the published resource entitlements for the client devices (Ashtaputre teaches using the published access policies to cascade/share the information amongst other network fabrics about subscription services; see paragraphs 34 and 40, Ashtaputre. Ashtaputre explains how endpoint devices, such as laptops and mobile phones (i.e. client devices), join (request connection) a network, policy information can be carried amongst fabric nodes including VXLAN (virtual extensible lan) tunnel; see paragraph 61, Ashtaputre), 

request validation of the connection leases from the computing device, and provide the client devices with access to virtual sessions corresponding to the published resource entitlements responsive to validation of connection leases from the computing device; wherein the computing device, responsive to validation requests from the virtual delivery appliances, compares the connection leases to the updated published resource entitlements and validates virtual session requests based thereon (see Yancey below).  

While Ashtaputre supports policies in networks to manage device connections, Ashtaputre does not explicitly cite validating connection requests and comparing connection leases to the updated policies (resource entitlements). In the same field of endeavor, Yancey also teaches a network that uses polices to manage device connections; see abstract, Yancey. In particular, Yancey teaches publishing updated policies; see Figures 8 and 9 and column 2, lines 4-20, Yancey. Yancey goes on to further explain how a user can be validated against stored information to assess whether they have the appropriate permissions; see column 3, lines 44-62, Yancey. Once authenticated, the resource is allocated and the user can utilize the resource for a specified capacity/time; see column 3, lines 63-66, Yancey. By validating users, another layer of access control can be provided to protect resources; see column 5, lines 17-20, Yancey.  Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of Yancey with those of Ashtaputre to protect resources; see column 5, lines 17-20, Yancey. 


Allowable Subject Matter
Claims 9-11 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AZIZUL Q CHOUDHURY whose telephone number is (571)272-3909. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To 



/AZIZUL CHOUDHURY/Primary Examiner, Art Unit 2456