Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114

1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.    Applicant's submission filed on 12-22-2021 has been entered.

2.        Claims 1 - 20 are pending.  Claims 1, 11, 15 have been amended.   Claims 1, 11, 15 are independent.    File date is 6-18-2019.  

Claim Rejections - 35 USC § 103  
3.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 7, 8, 10 - 13, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Myllymaki et al. (US PGPUB No. 20040088713) in view of Reshadi et al. (US Patent No. 9,953,014) and further in view of Mischook et al. (US PGPUB No. 20140157369).     	

Regarding Claim 1, 11, 15, Myllymaki discloses a method of a proxy server receiving a request from a client to a Webserver and a response corresponding with the request from the Webserver to the client and a computer readable storage device to store computer executable instructions to control a processor to perform operations and a system, the method and the storage device and the system comprising:
a)  receiving a wrapped request at the proxy server. (Myllymaki ¶ 081, ll 1-10: client makes a request of website; application code calls wrapper function; translate host language structure to SOAP (i.e. wrapper structure))    

Furthermore, Myllymaki discloses for b): reading the wrapped request at the proxy server; (Myllymaki ¶ 082, ll 1-5: submit form to website; website performs action), and for c): adding metadata to a response corresponding with the wrapped request at the proxy server. (Myllymaki ¶ 083, ll 1-6: website returns response via network link; response translated to extract data; ¶ 070, ll 1-10: service extractor packages information extracted into a SD file and passes it to code generator; ¶ 071, ll 1-9: translate SD file into executable code that implements an interface wrapper; (SD information added to wrapper)).  
Myllymaki does not explicitly disclose for b): determine whether request includes file download, and for c): metadata including whether request includes file download. 
However, Reshadi discloses: 

c)  the metadata including whether the request includes a file download. (Reshadi col 10, ll 39-50: sends request to server requesting a first segment of a file to be downloaded; request message includes URL of image resource (i.e. file to download))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki for b): determine whether request includes file download, and for c): metadata including whether request includes file download as taught by Reshadi. One of ordinary skill in the art would have been motivated to employ the teachings of Reshadi for the benefits achieved from a system that enables a more effective method for the management of dynamic elements such as file downloads within a network environment. (Reshadi col 1, ll 26-27)     

Myllymaki-Reshadi does not explicitly disclose for c): a cross-origin resource sharing header. 
However, Mischook discloses for c): wherein a cross-origin resource sharing header.  (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to view web page by typing a URL in a URL field of web browser; script element embedded in requested web page such that, as the web page 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi for c): a cross-origin resource sharing header as taught by Mischook.  One of ordinary skill in the art would have been motivated to employ the teachings of Mischook for the benefits achieved from a system that enables the secure access of data between network-connected devices utilizing cross-origin sharing of resources. (Mischook ¶ 057; ¶ 055)

Furthermore for Claim 15, Myllymaki disclose wherein a memory device to store a set of instructions; and a processor to execute the set of instructions to perform operations.  (Myllymaki ¶ 050, ll 1-12: system includes software programming code or computer program product installed on host; (computer indicates a processor coupled to a memory for instruction execution))

Regarding Claim 7, Myllymaki-Reshadi-Mischook discloses the method of claim 1 wherein the metadata includes metadata based on reading the response. (Myllymaki ¶ 083, ll 1-6: website returns response via network link; response translated to extract data; ¶ 070, ll 1-10: service extractor packages information extracted into a SD file and passes it on to code generator; ¶ 071, ll 1-9: translate SD file into executable code that implements an interface wrapper; (SD information added to wrapper))     

Regarding Claim 8, Myllymaki-Reshadi-Mischook discloses the method of claim 1 

However, Mischook disclose wherein adding metadata to the response includes adding a header to the response. (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to view web page by typing a URL in a URL field of web browser; script element embedded in requested web page such that, as the web page is loaded, the script element is executed to direct the web browser to retrieve application resources from specified application server via a wrapper)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi for adding metadata to response includes adding a header to response as taught by Mischook.  One of ordinary skill in the art would have been motivated to employ the teachings of Mischook for the benefits achieved from a system that enables the secure access of data between network-connected devices utilizing cross-origin sharing of resources. (Mischook ¶ 057; ¶ 055)

Regarding Claim 10, Myllymaki-Reshadi-Mischook discloses the method of claim 1 comprising reading the response corresponding with the wrapped request. (Myllymaki ¶ 083, ll 1-6: website returns response via network link; response translated to extract data; ¶ 070, ll 1-10: service extractor packages information extracted into a SD file and passes it on to code 

Regarding Claim 12, Myllymaki-Reshadi-Mischook discloses the computer readable storage device of claim 11. 
Myllymaki-Reshadi does not explicitly disclose instructions to add metadata include instructions to add a header. 
However, Mischook discloses wherein metadata include instructions to add a header to the response. (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to view web page by typing a URL in a URL field of web browser; script element embedded in requested web page such that, as the web page is loaded, the script element is executed to direct the web browser to retrieve application resources from specified application server via a wrapper)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi for instructions to add metadata include instructions to add a header as taught by Mischook.  One of ordinary skill in the art would have been motivated to employ the teachings of Mischook for the benefits achieved from a system that enables the secure access of data between network-connected devices utilizing cross-origin sharing of resources. (Mischook ¶ 057; ¶ 055)

Regarding Claim 13, Myllymaki-Reshadi-Mischook discloses the computer readable storage device of claim 11 wherein the instructions to read the wrapped request include instructions to determine contents of the wrapped request. (Myllymaki ¶ 083, ll 1-6: website returns response via network link; response translated to extract data; ¶ 070, ll 1-10: service extractor packages information extracted into a SD file and passes it on to code generator; ¶ 071, ll 1-9: translate SD file into executable code that implements an interface wrapper; (SD information added to wrapper) 

5.        Claims 2 - 6, 14, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Myllymaki in view of Reshadi and further in view of Mischook and Cammarata et al. (US PGPUB No. 20090287836).

Regarding Claim 2, Myllymaki-Reshadi-Mischook discloses the method of claim 1.
Myllymaki-Reshadi-Mischook does not explicitly disclose proxy server is a reverse proxy server. 
However, Cammarata discloses wherein the proxy server is a reverse proxy server. (Cammarata ¶ 005, ll 1-17: proxy server inquires for credentials to be used in external AJAX request; proxy server uses credentials to make external AJAX request to external AJAX server; proxy server performs necessary authentication and mapping before sending response; (reverse proxy request is external request to a particular domain (i.e. such as a firewall protected domain)))   
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for proxy server is a reverse proxy server as taught by Cammarata.  One of ordinary skill in the art would have been 

Regarding Claim 3, Myllymaki-Reshadi-Mischook discloses the method of claim 1.  
Myllymaki-Reshadi-Mischook does not explicitly disclose proxy server directs traffic between client and Webserver.
However, Cammarata discloses wherein the proxy server directs traffic between the client and the Webserver. (Myllymaki ¶ 005, ll 1-17: proxy server inquires for credentials to be used in external AJAX request; proxy server uses credentials to make external AJAX request to external AJAX server; proxy server performs necessary authentication and mapping before sending response; (reverse proxy request is external request to a particular domain (i.e. such as a firewall protected domain)))     
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for proxy server directs traffic between client and Webserver as taught by Cammarata.  One of ordinary skill in the art would have been motivated to employ the teachings of Cammarata for the benefits achieved from a system that enables multiple modes of secure communications such as utilizing a reverse proxy within a network environment.   (Cammarata ¶ 005, ll 1-17)

Regarding Claim 4, Myllymaki-Reshadi-Mischook discloses the method of claim 1 
Myllymaki-Reshadi-Mischook does not explicitly disclose request is an AJAX request. 

        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for request is an AJAX request as taught by Cammarata.  One of ordinary skill in the art would have been motivated to employ the teachings of Cammarata for the benefits achieved from a system that enables multiple modes of secure communications such as utilizing a reverse proxy within a network environment.  (Cammarata ¶ 005, ll 1-17)

Regarding Claim 5, Myllymaki-Reshadi-Mischook discloses the method of claim 4. 
Myllymaki-Reshadi-Cammarata does not explicitly disclose request includes an XMLHttpRequest object. 
However, Mischook discloses wherein the AJAX request includes an XMLHttpRequest object or a fetch method. (Mischook ¶ 053, ll 6-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages, browser communicates with an XMLHTTP Object such as a JavaScript application operating in a web page loaded by a web browser; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi for request includes an XMLHttpRequest object as taught by Mischook.  One of ordinary skill in the art would have been motivated to employ the teachings of Mischook for the benefits achieved from a system that enables the secure access of data between network-connected devices utilizing cross-origin sharing of resources. (Mischook ¶ 057; ¶ 055) 

Regarding Claim 6, Myllymaki-Reshadi-Mischook discloses the method of claim 4 
Myllymaki-Reshadi does not explicitly disclose request includes a cross-origin resource sharing restriction. 
However, Mischook discloses wherein the AJAX request includes a cross-origin resource sharing restriction. (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions (restrictions) for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to view web page by typing a URL in a URL field of web browser; script element embedded in requested web page such that, as the web page is 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi for request includes a cross-origin resource sharing restriction as taught by Mischook.  One of ordinary skill in the art would have been motivated to employ the teachings of Mischook for the benefits achieved from a system that enables the secure access of data between network-connected devices utilizing cross-origin sharing of resources. (Mischook ¶ 057; ¶ 055)    

Regarding Claim 14, Myllymaki-Reshadi-Mischook discloses the computer readable storage device of claim 11.  
Myllymaki-Reshadi-Mischook does not explicitly disclose instructions to route traffic between client and Webserver.
However, Cammarata discloses wherein comprising instructions to route traffic between the client and the Webserver. (Cammarata ¶ 005, ll 1-17: proxy server inquires for credentials to be used in external AJAX request; proxy server uses credentials to make external AJAX request to external AJAX server; proxy server performs necessary authentication and mapping before sending response; (reverse proxy request is external request to a particular domain (i.e. such as a firewall protected domain)))     
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for instructions to route traffic between the client and Webserver as taught by Cammarata.  One of ordinary skill in the 

Regarding Claim 20, Myllymaki-Reshadi-Mischook discloses the system of claim 15. 
Myllymaki-Reshadi-Mischook does not explicitly disclose proxy server is a reverse proxy server to direct web traffic between client and Webserver.
However, Cammarata discloses wherein the proxy server is a reverse proxy server to direct web traffic between the client and the Webserver. (Cammarata ¶ 005, ll 1-17: proxy server inquires for credentials to be used in external AJAX request; proxy server uses credentials to make external AJAX request to external AJAX server; proxy server performs necessary authentication and mapping before sending response; (reverse proxy request is external request to a particular domain (i.e. such as a firewall protected domain))) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for proxy server is a reverse proxy server to direct web traffic between client and Webserver as taught by Cammarata.  One of ordinary skill in the art would have been motivated to employ the teachings of Cammarata for the benefits achieved from a system that enables multiple modes of secure communications such as utilizing a reverse proxy within a network environment.  (Cammarata ¶ 005, ll 1-17)  
 
s 9, 16 - 19 are rejected under 35 U.S.C. 103 as being unpatentable over Myllymaki in view of Reshadi and further in view of Mischook and Straub (US PGPUB No. 20170048319).

Regarding Claim 9, Myllymaki-Reshadi-Mischook discloses the method of claim 1 
Myllymaki-Reshadi-Mischook does not explicitly disclose adding metadata as to whether response includes a file download.  
However, Straub discloses wherein adding metadata to the response includes adding metadata as to whether the response includes a file download. (Straub ¶ 180, ll 1-12: security container installed on device and is configured to hold containerized applications (i.e. file download); securely linked to their specific container; (specific metadata for specific application))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for adding metadata as to whether response includes a file download as taught by Straub.  One of ordinary skill in the art would have been motivated to employ the teachings of Straub for the benefits achieved from a system that enables implementation and management of secure access within a network environment. (Straub ¶ 188, ll 1-10)

Regarding Claim 16, Myllymaki-Reshadi-Mischook-Straub discloses the system of claim 15. 
Myllymaki-Reshadi-Mischook does not explicitly disclose instructions are implemented with a security service. 
However, Straub discloses wherein the instructions are implemented with a security service. (Straub ¶ 180, ll 1-12: security container installed on device and is configured to hold containerized applications; securely linked to their specific container; (specific metadata for 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for instructions are implemented with a security service as taught by Straub.  One of ordinary skill in the art would have been motivated to employ the teachings of Straub for the benefits achieved from a system that enables implementation and management of secure access within a network environment. (Straub ¶ 188, ll 1-10)  

Regarding Claim 17, Myllymaki-Reshadi-Mischook-Straub discloses the system of claim 16. 
Myllymaki-Reshadi-Mischook does not explicitly disclose security service is a cloud access security broker.
However, Straub discloses wherein the security service is a cloud access security broker. (Straub ¶ 074, ll 16-25: cloud infrastructure system determines authentication to utilize in order to determine identity of user associated with request)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for security service is a cloud access security broker as taught by Straub.  One of ordinary skill in the art would have been motivated to employ the teachings of Straub for the benefits achieved from a system that enables implementation and management of secure access within a network environment. (Straub ¶ 188, ll 1-10)      

Regarding Claim 18, Myllymaki-Reshadi-Mischook-Straub discloses the system of claim 17. 
Myllymaki-Reshadi-Mischook does not explicitly disclose cloud access security broker enforces security policies. 
However, Straub discloses wherein the cloud access security broker enforces security policies. (Straub ¶ 074, ll 16-25: cloud infrastructure system determines authentication to utilize in order to determine identity of user associated with request)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Myllymaki-Reshadi-Mischook for cloud access security broker enforces security policies as taught by Straub.   One of ordinary skill in the art would have been motivated to employ the teachings of Straub for the benefits achieved from a system that enables implementation and management of secure access within a network environment. (Straub ¶ 188, ll 1-10)      

Regarding Claim 19, Myllymaki-Reshadi-Mischook-Straub discloses the system of claim 16. 
Myllymaki-Reshadi-Mischook does not explicitly disclose security service logs access of Webserver. 
However, Straub discloses wherein the security service logs access of the Webserver. (Straub ¶ 188, ll 1-10: security manager provide access to services; provision users, assign, and manage policies for device management and for accessing security containers (access logs); ¶ 137, ll 1-11: MAF supports authentication and access control for refined security at feature level; at runtime users are presented with login screens and appropriate tokens indicating accessibility for further service calls)    


Response to Arguments
7.    Applicant’s arguments, see Arguments/Remarks Made in an Amendment, filed 12-22-2021, with respect to the rejection(s) under Myllymaki and Reshadi have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Myllymaki in view of Reshadi and further in view of Mischook.

A.  Applicant argues on pages 5-6 of Remarks:    ...   prior art does not suggest or make obvious the application of CORS headers or metadata via a proxy server or security service to a wrapped response.

    The Examiner respectfully disagrees.  Mischook discloses the capability to generate headers for accessing resources in a cross-origin resource sharing environment.  (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the 

B.  Applicant argues on page 6 of Remarks:    ...   the CORS headers of the prior art are provided at the web server to the response, not a wrapper.

    The Examiner respectfully disagrees.  Mischook discloses the utilization of wrapper techniques in the implementation of headers to enable resource access within a cross-origin resource sharing environment.  (Mischook ¶ 053, ll 9-11: AJAX Service Enabler (SE) module associated with wrapper and is used to determine access permissions for cross-origin messages; ¶ 057, ll 6-11: in response to a determination that a request is for data from a cross-origin server, wrapper invokes the AJAX SE which inserts CORS headers into a HTTP response message received from data server; ¶ 055, ll 1-7: user makes request to view web page by typing a URL in a URL field of web browser; script element embedded in requested web page such that, as the web page is loaded, the script element is executed to direct the web browser to retrieve application resources from specified application server via a wrapper)

C.  Applicant argues on page 6 of Remarks:    ...   amended independent claim 1, as well as further defining dependent claims 7 and 10; amended independent claim 11, as well as further defining dependent claims 13, and amended independent claim 15 are patentably distinguishable    ...   .

    Responses to arguments against independent claim 1 also answer arguments against independent claims 11 and 15, which have similar limitations as independent claim 1.  In addition, responses to arguments against the independent claims also answer arguments against the associated dependent claims.     

D.  Applicant argues on page 7 of Remarks: Dependent claims 2-6, 8 and 9 further define amended independent claim 1; dependent claims 12 and 14 further define amended independent claim 11, and dependent claims 16-19 further define amended independent claim 15.

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.    

E.  Applicant argues on page 7 of Remarks:    ...   Applicant submits that dependent claims 2-6, 8, 9, 12, 14 and 16-20 are patentably distinguishable from the proposed combination of references.

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.  



Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/KYUNG H SHIN/                                                                                         January 20, 2021Primary Examiner, Art Unit 2443