DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/29/2021 has been entered.
 
Response to Arguments
Applicant’s argument filed 09/29/2021 have been fully considered.

In response to 35 USC 103, Applicant’s arguments with respect to Independent claim(s) 1, 8, and 18 along with their respective dependent claims, recites limitations “returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint” and “the authentication data for use in authenticating to a secure service through the access control system based on the state of compromise of the endpoint”. 
Applicant’s argument have been considered but are moot because the newly recited reference does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Applicant’s argument have been considered but are moot because the newly recited reference does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Applicant argues that Eval is different than a token "for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint" and “the authentication data for use in authenticating to a secure service through the access control system based on the state of compromise of the endpoint”.
Applicant’s argument have been considered but are moot because the newly recited reference does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Applicant argues that Ziskin is different than a token "for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint" and “the authentication data for use in authenticating to a secure service through the access control system based on the state of compromise of the endpoint”.
Ziskin teaches “for use by the user in authenticating to the secure service through the access control system”. Ziskin discloses “receive the authentication token and decrypt the authentication token as part of the heartbeat. The authentication token may be comprised of several pieces of hashed 
However, Applicant’s argument have been considered but are moot because the newly recited reference does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-8, 13-15, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736, hereinafter Nayshtut), Eyal (US 20170026840), Ziskin (US 20170063947), and in further view of Faltyn et al. (US 9467475, hereinafter Faltyn).

Re. claim 1, Nayshtut discloses a computer program product comprising a non-transitory computer-readable medium embodying computer-executable code that, when executing on an authentication service accessible through a data network, performs the steps of: receiving a heartbeat from an endpoint through a data network, wherein the heartbeat includes a security status indicating a state of compromise of the endpoint and wherein the heartbeat is cryptographically secured by the endpoint to permit verification of a source of the heartbeat with reference to a trusted third party (Nayshtut discloses the server 120 periodically validating the identity of the client 102 by requiring the client 102 to generate and provide a periodic signed client-heartbeat message that the server 120 can use to verify that the identity of the client 102 has not been compromised [0014]. Heartbeat is received and accepted [0023] Fig. 1 discloses network #130); 
receiving a request from the endpoint for a token suitable for authenticating a user of the endpoint to a secure service accessible by the endpoint through the data network (Validation can be accomplished using a client certificate that can be requested from the client 102, or through the use of a trusted directory or certificate authentication service to confirm the identity of the client 102 for the server 120 [0013]. client and create a session ID and token (e.g., a secure cookie for use with an encrypted session). Upon successful identification of the client by the server, at 204 the client may receive an indication that a session was successfully established [0017]). 
Although Nayshtut discloses heartbeat, Nayshtut does not explicitly teach but Eyal teaches evaluating a health status of the endpoint based on the heartbeat (Eyal teaches determines that the heartbeat token 40 is valid at block 111, it will then check the OS status message 42 at block 113. In some embodiments, the OS status message 42 may consist of a single bit. For example, a value of `0` may indicate that the operating system 28 is unmodified (i.e., the status is `OK`), while a value of `1` may indicate that the operating system 28 has been modified [0023]); 
generating the token if the health status of the endpoint is satisfactory (Eyal teaches the heartbeat token 40 includes the OS status message 42. The OS status message 42 indicates whether the operating system 28 has been modified [0018]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut to include transmitting information for verifying the token derived from the heartbeat including the health status of the endpoint to an access control system for accessing the secure service as disclosed by Eyal. One of ordinary skill in the art would have been motivated for the purpose of guard against a replay attack (Eyal [0022]).
Although Nayshtut-Eyal discloses token and heartbeat including the health status of the endpoint, Nayshtut-Eyal do not explicitly teach but Ziskin teaches transmitting information for verifying the token derived from the heartbeat including the health status of the endpoint to an access control system for accessing the secure service (Ziskin teaches receive the authentication token and decrypt the authentication token as part of the heartbeat. The authentication token may be comprised of several pieces of hashed information, for example, the client's account identification (ID). Accordingly, the client ID may be extracted from the decrypted authentication token and once the authentication token has been successfully decrypted and found to be valid, return a status update (Interpreted as transmitting information for verifying the token from the heartbeat that includes health status). The authentication token may also be compared against a black list, and in the event that an entry exists for the authentication token in the blacklist, a status, for example, "403 forbidden" may be returned to the client, denying the client access [0024]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal to include transmitting information for verifying the token derived from the heartbeat including the health status of the endpoint to an access control system for accessing the secure service as disclosed by Ziskin. One of ordinary skill in the art would have been motivated for the purpose of accepting or denying the heartbeat (Ziskin [0024]).
Although Nayshtut-Eyal-Ziskin discloses returning the token to the user after validation through access control system, Nayshtut-Eyal-Ziskin do not explicitly teach but Faltyn teaches returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint (Faltyn teaches a request can be received from an initiating device to establish a service connection between an enterprise managed application running on the initiating device and an enterprise service. The request includes authentication credentials associated with an end-user [Col 2 lines 26-41]. Determining if the OS on device has been compromised. Checking if the token is on a whitelist [Col 12 lines 1-19]. If the token is allowed to connect. A success code is returned from far content gateway to the device application. The device application is part of the device (interpreted as endpoint) [Col 12 lines 20-34]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin to include returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint as disclosed by Faltyn. One of ordinary skill in the art would have been motivated for the purpose of reduce potential security risks for mobile devices that are capable of connecting to services within the enterprise (Faltyn [Col 1 lines 37-51]).

Re. claim 2, Nayshtut-Eyal-Ziskin-Faltyn teach the computer program product of claim 1, further comprising transmitting information for verifying the token to an access control system used by the endpoint to access the secure service (Ziskin teaches receive the authentication token and decrypt the authentication token as part of the heartbeat. The authentication token may be comprised of several pieces of hashed information, for example, the client's account identification (ID). Accordingly, the client ID may be extracted from the decrypted authentication token and once the authentication token has been successfully decrypted and found to be valid, return a status update (Interpreted as transmitting information for verifying the token from the heartbeat that includes health status). The authentication token may also be compared against a black list, and in the event that an entry exists for the authentication token in the blacklist, a status, for example, "403 forbidden" may be returned to the client, denying the client access (Interpreted as if the entry doesn’t exist the token is returned allowing access)).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal to include transmitting information for verifying the token to an access control system used by the endpoint to access the secure service as disclosed by Ziskin. One of ordinary skill in the art would have been motivated for the purpose of accepting or denying the heartbeat (Ziskin [0024]).

Re. claim 3, Nayshtut-Eyal-Ziskin-Faltyn teach the computer program product of claim 1 further comprising generating a defective token if the health status of the endpoint is unsatisfactory (Eyal teaches determine that an unauthorized software modification exists based on the heartbeat token, and activate at least one countermeasure [0010]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut to include generating a defective token if the health status of the endpoint is unsatisfactory as disclosed by Eyal. One of ordinary skill in the art would have been motivated for the purpose of guard against a replay attack (Eyal [0022]).

Re. claim 4, Nayshtut discloses a method comprising: receiving a heartbeat from an endpoint that is cryptographically secured, wherein the heartbeat includes a security status indicating a state of compromise of the endpoint (Nayshtut discloses the server 120 periodically validating the identity of the client 102 by requiring the client 102 to generate and provide a periodic signed client-heartbeat message that the server 120 can use to verify that the identity of the client 102 has not been compromised [0014]. Heartbeat is received and accepted [0023] Fig. 1 discloses network #130); 
receiving a request for authentication data for the endpoint (Validation can be accomplished using a client certificate that can be requested from the client 102, or through the use of a trusted directory or certificate authentication service to confirm the identity of the client 102 for the server 120 [0013]. client and create a session ID and token (e.g., a secure cookie for use with an encrypted session). Upon successful identification of the client by the server, at 204 the client may receive an indication that a session was successfully established [0017]).
Although Nayshtut discloses heartbeat, Nayshtut does not explicitly teach but Eyal teaches evaluating a health status of the endpoint based on the heartbeat (Eyal teaches determines that the heartbeat token 40 is valid at block 111, it will then check the OS status message 42 at block 113. In some embodiments, the OS status message 42 may consist of a single bit. For example, a value of `0` may indicate that the operating system 28 is unmodified (i.e., the status is `OK`), while a value of `1` may indicate that the operating system 28 has been modified [0023]); generating authentication data if the health status of the endpoint is satisfactory (Eyal teaches the heartbeat token 40 includes the OS status message 42. The OS status message 42 indicates whether the operating system 28 has been modified [0018]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut to include transmitting information for verifying the token derived from the heartbeat including the health status of the endpoint to an access control system for accessing the secure service; generating authentication data if the health status of the endpoint is satisfactory as disclosed by Eyal. One of ordinary skill in the art would have been motivated for the purpose of guard against a replay attack (Eyal [0022]).
Although Nayshtut-Eyal discloses token and heartbeat including the health status of the endpoint, Nayshtut-Eyal do not explicitly teach but Ziskin teaches transmitting information for verifying the authentication data to an access control system (Ziskin teaches receive the authentication token and decrypt the authentication token as part of the heartbeat. The authentication token may be comprised of several pieces of hashed information, for example, the client's account identification (ID). Accordingly, the client ID may be extracted from the decrypted authentication token and once the authentication token has been successfully decrypted and found to be valid, return a status update (Interpreted as transmitting information for verifying the token from the heartbeat that includes health status). The authentication token may also be compared against a black list, and in the event that an entry exists for the authentication token in the blacklist, a status, for example, "403 forbidden" may be returned to the client, denying the client access [0024]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal to include transmitting information for verifying the authentication data to an access control system as disclosed by Ziskin. One of ordinary skill in the art would have been motivated for the purpose of accepting or denying the heartbeat (Ziskin [0024]).
Although Nayshtut-Eyal-Ziskin discloses returning the token to the user after validation through access control system, Nayshtut-Eyal-Ziskin do not explicitly teach but Faltyn teaches transmitting the authentication data to a recipient in response to the request, the authentication data for use in authenticating to a secure service through the access control system based on the state of compromise of the endpoint (Faltyn teaches a request can be received from an initiating device to establish a service connection between an enterprise managed application running on the initiating device and an enterprise service. The request includes authentication credentials associated with an end-user [Col 2 lines 26-41]. Determining if the OS on device has been compromised. Checking if the token is on a whitelist [Col 12 lines 1-19]. If the token is allowed to connect. A success code is returned from far content gateway to the device application. The device application is part of the device (interpreted as endpoint) [Col 12 lines 20-34]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin to include returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint as disclosed by Faltyn. One of ordinary skill in the art would have been motivated for the purpose of reduce potential security risks for mobile devices that are capable of connecting to services within the enterprise (Faltyn [Col 1 lines 37-51]).

Re. claim 6, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 wherein the heartbeat is cryptographically signed (Nayshtut discloses the server 120 periodically validating the identity of the client 102 by requiring the client 102 to generate and provide a periodic signed client-heartbeat message that the server 120 can use to verify that the identity of the client 102 has not been compromised. A signed client-heartbeat message may include information related to a physical attribute of the client 102 that cannot be identified for reproduction and impersonation by a third-party (Interpreted as heartbeat) [0014]. Heartbeat is received and accepted [0023]).

Re. claim 7, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 wherein the request is received from the endpoint (Nayshtut discloses validation can be accomplished using a client certificate that can be requested from the client 102, or through the use of a trusted directory or certificate authentication service to confirm the identity of the client 102 for the server 120 [0013]).

Re. claim 8, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 wherein the request is received from a hardware token (Nayshtut discloses validation can be accomplished using a client certificate that can be requested from the client 102, or through the use of a trusted directory or certificate authentication service to confirm the identity of the client 102 for the server 120 [0013]. client and create a session ID and token (e.g., a secure cookie for use with an encrypted session). Upon successful identification of the client by the server, at 204 the client may receive an indication that a session was successfully established [0017]).
Re. claim 13, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 wherein the recipient include the endpoint (Nayshtut discloses a client and server can be any combination of two or more machines, devices, processors, controllers, or other apparatus that may be configured to communicate securely over a network [0013]).

Re. claim 14, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 wherein the recipient includes a mobile device (Nayshtut discloses a mobile telephone [0035]).

Re. claim 15, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4 further comprising locally comparing the authentication data to an expected response at the recipient (Nayshtut discloses the server may validate the identity provided by the client with information local to the server [0021]).

Re. claim 18, Nayshtut discloses a security appliance for providing a multi-factor authentication verification method based on a secure heartbeat from an endpoint, the security appliance comprising: a network interface configured to couple the security appliance in a communicating relationship with a data network (Nayshtut discloses the instructions 524 may further be transmitted or received over a communications network 526 using a transmission medium via the network interface device 520 [0041]); a memory (Nayshtut teaches processor [0038]); and a processor (Nayshtut teaches memory [0038]) configured by computer code stored in the memory to perform the steps of receiving the secure heartbeat that includes a security status indicating a state of compromise of the endpoint from the endpoint that and wherein the secure heartbeat is cryptographically secured through the network interface (Nayshtut teaches the server 120 periodically validating the identity of the client 102 by requiring the client 102 to generate and provide a periodic signed client-heartbeat message that the server 120 can use to verify that the identity of the client 102 has not been compromised [0014]. Heartbeat is received and accepted [0023] Fig. 1 discloses network #130), receiving a request for authentication data for the endpoint through the network interface (Nayshtut teaches validation can be accomplished using a client certificate that can be requested from the client 102, or through the use of a trusted directory or certificate authentication service to confirm the identity of the client 102 for the server 120 [0013]. client and create a session ID and token (e.g., a secure cookie for use with an encrypted session). Upon successful identification of the client by the server, at 204 the client may receive an indication that a session was successfully established [0017]). 
Although Nayshtut discloses heartbeat, Nayshtut does not explicitly teach but teaches evaluating a health status of the endpoint based on the secure heartbeat (Eyal teaches determines that the heartbeat token 40 is valid at block 111, it will then check the OS status message 42 at block 113. In some embodiments, the OS status message 42 may consist of a single bit. For example, a value of `0` may indicate that the operating system 28 is unmodified (i.e., the status is `OK`), while a value of `1` may indicate that the operating system 28 has been modified [0023]), 
generating authentication data if the health status of the endpoint is satisfactory (Eyal teaches the heartbeat token 40 includes the OS status message 42. The OS status message 42 indicates whether the operating system 28 has been modified [0018]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut to include evaluating a health status of the endpoint based on the secure heartbeat; generating authentication data if the health status of the endpoint is satisfactory as disclosed by Eyal. One of ordinary skill in the art would have been motivated for the purpose of guard against a replay attack (Eyal [0022]).
Although Nayshtut-Eyal discloses token and heartbeat including the health status of the endpoint, Nayshtut-Eyal do not explicitly teach but Ziskin teaches transmitting information for verifying the authentication data to an access control system for accessing a secure service (Ziskin teaches receive the authentication token and decrypt the authentication token as part of the heartbeat. The authentication token may be comprised of several pieces of hashed information, for example, the client's account identification (ID). Accordingly, the client ID may be extracted from the decrypted authentication token and once the authentication token has been successfully decrypted and found to be valid, return a status update (Interpreted as transmitting information for verifying the token from the heartbeat that includes health status). The authentication token may also be compared against a black list, and in the event that an entry exists for the authentication token in the blacklist, a status, for example, "403 forbidden" may be returned to the client, denying the client access [0024]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal to include transmitting information for verifying the authentication data to an access control system for accessing a secure service as disclosed by Ziskin. One of ordinary skill in the art would have been motivated for the purpose of accepting or denying the heartbeat (Ziskin [0024]).
Although Nayshtut-Eyal-Ziskin discloses returning the token to the user after validation through access control system, Nayshtut-Eyal-Ziskin do not explicitly teach but Faltyn teaches transmitting the authentication data to a recipient in response to the request, the authentication data for use in authenticating to a secure service through the access control system based on the state of compromise of the endpoint (Faltyn teaches a request can be received from an initiating device to establish a service connection between an enterprise managed application running on the initiating device and an enterprise service. The request includes authentication credentials associated with an end-user [Col 2 lines 26-41]. Determining if the OS on device has been compromised. Checking if the token is on a whitelist [Col 12 lines 1-19]. If the token is allowed to connect. A success code is returned from far content gateway to the device application. The device application is part of the device (interpreted as endpoint) [Col 12 lines 20-34]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin to include returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint as disclosed by Faltyn. One of ordinary skill in the art would have been motivated for the purpose of reduce potential security risks for mobile devices that are capable of connecting to services within the enterprise (Faltyn [Col 1 lines 37-51]).

Claims 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736 hereinafter Nayshtut), Eyal (US 20170026840), Ziskin (US 20170063947), Faltyn et al. (US 9467475, hereinafter Faltyn), and in further view of Kariv et al. (US 20110307947 hereinafter Kariv).

Re. claim 17, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4. Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Kariv teaches wherein receiving the request for authentication data includes receiving the request at one or more of a cloud service, a firewall or a gateway (Kariv teaches If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer [abstract] [0037]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include returning the token to the endpoint for use by the user in authenticating to the secure service through the access control system based on the state of compromise of the endpoint as disclosed by Kariv. One of ordinary skill in the art would have been motivated for the purpose of to authenticate and/or authorize a user (Kariv [0008]).
Re. claim 20, Nayshtut-Eyal-Ziskin-Faltyn teach the security appliance of claim 18, Yet, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Kariv teaches wherein the security appliance is a gateway for an enterprise network (Kariv teaches Prior to granting access, the access control component in the cloud may verify that the security token is generated by a trusted entity, which may be the access gateway itself, or some other entity from which the access gateway obtained the security token [0023]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include teaches wherein the security appliance is a gateway for an enterprise network as disclosed by Kariv. One of ordinary skill in the art would have been motivated for the purpose of to granting access indicating that the use is authenticated (Kariv [0023]).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736 hereinafter Nayshtut), Eyal (US 20170026840), Ziskin (US 20170063947), Faltyn et al. (US 9467475, hereinafter Faltyn), and in further view of Gomes de Oliveira et al. (US 20190065747 hereinafter Gomes).

Re. claim 5, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4, Although Nayshtut-Eyal-Ziskin-Faltyn disclose heartbeat, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Gomes teaches wherein content of the heartbeat is encrypted (Gomes teaches the first heartbeat signal may be generated by encrypting the session identifier using SHA-2 [0037]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include teaches wherein the security appliance is a gateway for an enterprise network as disclosed by Gomes. One of ordinary skill in the art would have been motivated for the purpose of increase the complexity of spoofing the heartbeat signals and/or responses to the heartbeat signals (Gomes [0017]).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736 hereinafter Nayshtut), Eyal (US 20170026840), Ziskin (US 20170063947), Faltyn et al. (US 9467475, hereinafter Faltyn), and in further view of Lakhani et al. (US 20180332033, hereinafter Lakhani).

Re. claim 9, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4. Yet, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Lakhani teaches wherein the request is received from a computing device other than the endpoint (Lakhani teaches first device 1002 (and/or second device 1004) may request user input of a personal user ID (previously generated by system 1000 during the registration process), and may receive the personal user ID via a user interface [0160]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to wherein the request is received from a computing device other than the endpoint as disclosed by Lakhani. One of ordinary skill in the art would have been motivated for the purpose of permitting access to another device that is validate and verifying a user’s identity (Lakhani [0004] [0127]).

Claims 10, 12, 16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736 hereinafter Nayshtut) in view of Eyal (US 20170026840), Ziskin (US 20170063947), Faltyn et al. (US 9467475, hereinafter Faltyn), and in further view of Tse et al. (US 20160188801 hereinafter Tse). 

Re. claim 10, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4, Nayshtut-Eyal-Ziskin-Faltyn discloses health status, Nayshtut-Eyal-Ziskin-Fatlyn do not explicitly teach but Tse teaches wherein the health status includes a health status of at least one of a file on the endpoint, a process executing on the endpoint, and a user of the endpoint (Tse teaches User data 245 includes data associated with one or more users of the client devices 106 and/or the peripheral devices 103. The user data 245 may include health information 109a stored in association with a particular user of a particular client device 106 [0034]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include wherein the health status includes a health status of at least one of a file on the endpoint, a process executing on the endpoint, and a user of the endpoint as disclosed by Tse. One of ordinary skill in the art would have been motivated for the purpose of satisfying health-related regulations and increasing difficulty of unauthorized decryption and/or access to the health information (Tse [0012] [0081]).

Re. claim 12, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Tse teaches further comprising encrypting the authentication data (Tse teaches the data encryption service 218 is executed to encrypt data, such as health information 109, at the direction of the management service 215 [0026]. consent and authentication of the user may also be accomplished using a X.509 Certificate or a similar certificate. Further, in various embodiments, the key 233 may be protected by a public/private key pair issued by the management service 215 [0067]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include comprising encrypting the authentication data as disclosed by Tse. One of ordinary skill in the art would have been motivated for the purpose of further protecting information (Tse [0067]).

Re. claim 16, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Tse teaches wherein transmitting the authentication data includes transmitting at least one of a text message to a mobile device of a user of the endpoint or an electronic mail message to an electronic mail account of the user of the endpoint (Tse teaches or in addition to transmission over the network 112 to provide additional security. For example, the key 233 may be communicated to a requesting service via email or simple messaging service ( SMS). Using the user-specific key 233 and the service-specific key 233, the requesting service 206 is able to decrypt the health information 109 for authorized access [0051]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include wherein transmitting the authentication data includes transmitting at least one of a text message to a mobile device of a user of the endpoint or an electronic mail message to an electronic mail account of the user of the endpoint as disclosed by Tse. One of ordinary skill in the art would have been motivated for the purpose of exchanging messages, Able to decrypt the encrypted information for authorized access (Tse [0051]).

Re. claim 19, Nayshtut-Eyal-Ziskin-Faltyn teach the security appliance of claim 18, Nayshtut-Eyal-Ziskin-Faltyn do not explicitly teach but Tse teaches wherein the security appliance is a cloud service for supporting multi-factor authentication based on a secure heartbeat (Tse teaches the health information 109 as encrypted is further encrypted with a password (also referred to as "wrapped" or "key wrapped") by the management service 215 through the data encryption service 218 or a similar service. However, in various embodiments, encrypting the health information 109 includes decrypting the health information 109 prior to encryption by the computing environment 203. In some embodiments, the key 233 includes a double-encrypted key 233 with a provider-specific key [0050]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include wherein the security appliance is a cloud service for supporting multi-factor authentication based on a secure heartbeat as disclosed by Tse. One of ordinary skill in the art would have been motivated for the purpose of satisfying health-related regulations and increasing difficulty of unauthorized decryption and/or access to the health information (Tse [0012] [0081]).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Nayshtut et al. (US 20130339736 hereinafter Nayshtut), Eyal (US 20170026840), Ziskin (US 20170063947), Faltyn et al. (US 9467475, hereinafter Faltyn), and in further view of Johansson et al. (US 20160164855 hereinafter Johansson).

Re. claim 11, Nayshtut-Eyal-Ziskin-Faltyn teach the method of claim 4, Yet, Nayshtut-Eyal-Ziskin-Faltyn teaches signature but do not explicitly teach but Johansson teaches further comprising digitally signing the authentication data (Johansson teaches the authentication object may be digitally signed (thereby producing a digital signature of the authentication object) such that the digital signature is verifiable by the system that will cryptographically verify the authentication object [0019]).
Therefore, it would have been obvious to one or the ordinary skill in the art before the effective filing date of the claimed invention to modify the system and method disclosed by Nayshtut-Eyal-Ziskin-Faltyn to include wherein the security appliance is a cloud service for supporting multi-factor authentication based on a secure heartbeat as disclosed by Johansson. One of ordinary skill in the art would have been motivated for the purpose of verifying the authentication object (Johansson [0067]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hammad (US 20100327054) discloses secure communication using verification tokens.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496         
   
/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496