Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received December 21, 2021.  No Claims have been amended or canceled.  Claim 21 has been added.  Therefore, claims 1-21 are pending and addressed below. 

Information Disclosure Statement
The information disclosure statement filed 07/19/2010 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  The filing of IDS with copy of the Non-patent Literature 1 - “OAuth 2.0 and OpenID Connect (in plain English) youtube video; https://youtube.com/watch ?v=996O00iexHze0” are sufficient to respond to IDS deemed improper in previous office action.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-8, 11-16, and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mukkara et al. (US2011/0213956 A1, publish date 09/01/2011). (on Applicants IDS filed 08/02/2021)
Claims 1, 11, 18:
With respect to claims 1, 11, 18, Mukkara et al. discloses a computer system/a method of/a non-transitory computer readable medium storing processor executable instructions to authorizing an application hosted within a virtual computing session to access at least one resource using a computer system (a secure communication session management system, Figures 1, 3, and 4) comprising/the method comprising/the instructions comprising instructions to: 
a memory ("client communication service") is implemented in a machine-accessible and computer-readable storage medium as instructions that execute on one or more processors of a network, 0028); 
a network interface (The non-browser application includes a web interface to interact with and communicate with a browser, 0011); and 
(processor or processor-enabled devices, 0013, 0028) coupled to the memory and the network interface and configured to ("server communication service", the server communication service represents processing for a Secure Socket Layer (SSL) Virtual Private Network (VPN) (referred to as an SSL VPN) performed by a server, 0016-0017) intercept a request transmitted by an application hosted within a virtual computing session (the server communication service detects a request for a secure communication session between a non-browser application and a server, 0018) (non-web based applications (such as a Secure Socket Layer (SSL) Virtual Private Network (VPN)), 0003) (the secure communication session is a SSL VPN session with a secure communication tunnel established between the non-browser application 301 and the server 302, 0047), the request being a request to be authorized to access a resource (identifies the request as a request for the secure communication session to a SSL VPN between the non-browser application and the server, 0019) (resource, 0009); 
pass the request to a virtualization agent hosted outside the virtual computing session (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, a browser is used as an intermediary to initially establish the secure communication session, 0020) (Browser 303, Figure 3);
receive a response to the request, the response including a credential granting authorization to access the resource (the server communication service maps a session cookie that the browser uses with the secure communication session to a secure token, 0022); and 
pass the response to the application to authorize the application to access the resource through use of the credential (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022).

Claims 2, 12:
With respect to claims 2, 12, Mukkara et al. discloses the request comprising a scope parameter specifying a scope of access requested for the resource (the server communication service maps a session cookie that the browser uses, 0022).

Claim 3:
With respect to claim 3, Mukkara et al. discloses the response comprising a token granting the scope of access to the resource (the server communication service maps a session cookie that the browser uses with the secure communication session to a secure token, 0022).

Claims 4, 13, 19:
With respect to claims 4, 13, 19, Mukkara et al. discloses further comprising the virtualization agent, the virtualization agent being configured to pass the request to a browser hosted locally to the virtualization agent (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, browser is used as an intermediary to initially establish the secure communication session, 0020) (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022).

Claims 5, 14:
With respect to claims 5, 14, Mukkara et al. discloses the virtualization agent being further configured to: receive the response; and pass the response to another virtualization agent hosted within the virtual computing session (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, browser is used as an intermediary to initially establish the secure communication session, 0020) (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022) (Generate secret token, pass the secret token, Figure 4).

Claim 6:
With respect to claim 6, Mukkara et al. discloses the virtualization agent being further configured to intercept the response (The request for the SSL VPN connection is made to a browser or intercepted and initially handled by the browser on behalf of the client communication service, 0031).



Claims 7, 15:
With respect to claims 7, 15, Mukkara et al. discloses further comprising the browser, the browser being configured to pass the response to one or more of the virtualization agent and another virtualization agent hosted within the virtual computing session (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022) (browser, Figure 4).

Claims 8, 16, 20:
With respect to claims 8, 16, 20, Mukkara et al. discloses the request comprising an authorization request, the response comprising an authorization response (The user attempts to establish a secure tunnel between the workstation and the corporate server.  The user is prompted to input his/her credentials and the user is authenticated, 0055), and the browser being further configured to:
transmit the authorization request to an authorization server (the web browser opens up the URL and connects to the SSL VPN Server, SSL VPN Server, forwards the request to the SSL VPN authentication service provider (SSLVPN Embedded Authentication Service Provider (ESP), 0059);
receive, from the authorization server, a request to authenticate a user as an owner of the resource (performs a Single Sign On (SSO) operation and redirects the user back to the SSL VPN server., 0060) (login me 3, Figure 4);
authenticate the user as the owner of the resource using one or more of biometrics and multifactor authentication (a user identifier, name, etc. Some examples of identifiers include social security number (SSN), user identifier and password pair, account number, retina scan, fingerprint, face scan, etc., 0010) (user for credentials, 0060);
transmit, to the authorization server, a response to the request to authenticate the user (performs a Single Sign On (SSO) operation and redirects the user back to the SSL VPN server., 0060) (login me 3, Figure 4); and
receive the authorization response from the authorization server (At this point the SSL VPN server generates a secret token (ST) and associates this secret token with cookie CK1, pass the secret cookie information, 0065-0066) (Pass the secret token, Figure 4).

Claim 21:
With respect to claim 21, Mukkara et al. discloses the virtualization agent being a local virtualization agent (Browser 303, Figure 3) and the system further comprising a host virtualization agent configured to:
intercept the request transmitted by the application hosted within the virtual computing session, the request being the request to be authorized to access the resource (the server communication service detects a request for a secure communication session between a non-browser application and a server, 0018) (non-web based applications (such as a Secure Socket Layer (SSL) Virtual Private Network (VPN)), 0003) (the secure communication session is a SSL VPN session with a secure communication tunnel established between the non-browser application 301 and the server 302, 0047),
pass the request to the local virtualization agent hosted outside the virtual computing session, (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, a browser is used as an intermediary to initially establish the secure communication session, 0020) (Browser 303, Figure 3);
receive the response to the request, the response including the credential granting authorization to access the resource (the server communication service maps a session cookie that the browser uses with the secure communication session to a secure token, 0022);  and
pass the response to the application to authorize the application to access the resource through use of the credential (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022).





Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 9, 10, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mukkara et al. (US2011/0213956 A1, publish date 09/01/2011) in view of SUBRAMANIAN et al. (US2018/0075231 A1, publish date 03/15/2018).  (on Applicants IDS filed 08/02/2021)


Claims 9, 17:
With respect to claims 9, 17, Mukkara et al. discloses the limitations of claims 1 and 11, as addressed. 

Mukkara et al. does not disclose the request comprising a callback parameter specifying a uniform resource identifier (URI) of the application as claimed. 

However, SUBRAMANIAN et al. teaches Cloud Gate is implemented by a web server plugin,  Cloud Gate is implemented by a web/proxy server plugin that provides a web Policy Enforcement Point ("PEP") for protecting HTTP resources based on OAuth (0120, Figure 7), the request (the first request is received by a security gate such as Cloud Gate, 0399) comprising a callback parameter specifying a uniform resource identifier (URI) of the application (OAuth microservice 1004 then redirects browser 1002 to a callback URL with an authorization ("AZ") code, browser 1002 sends the AZ code to OAuth microservice 1004 to request the required tokens 10320186).

Mukkara et al. and SUBRAMANIAN et al. are analogous art because they are from the same field of endeavor of virtual authorization.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use SUBRAMANIAN et al. in Mukkara et al. for the request comprising a callback parameter specifying a uniform resource identifier (URI) of the application as claimed for purposes of providing the system of Mukkara et al. secure access to cloud-based applications, or applications located anywhere, regardless of from what device type or by what user type the applications are accessed (see SUBRAMANIAN et al. 0003)

Claim 10:
With respect to claim 10, the combination of Mukkara et al. and SUBRAMANIAN et al. discloses the limitations of claim 9, as addressed. 

SUBRAMANIAN et al. teaches further comprising the virtualization agent, the virtualization agent being configured to rewrite the callback parameter to specify a URI of the virtualization agent prior to passage of the request to a browser hosted locally with the virtualization agent (OAuth microservice 1004 then redirects browser 1002 to a callback URL with an authorization ("AZ") code, browser 1002 sends the AZ code to OAuth microservice 1004 to request the required tokens 10320186).

Mukkara et al. and SUBRAMANIAN et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and SUBRAMANIAN et al. is recited in claim 9.



Response to Remarks/Arguments
Applicant's arguments filed on December 21, 2021 have been fully considered but they are not persuasive.  In the remarks, Applicant argues that:

Claims 1, 11, and 18:
(1) Mukkara’s fails to disclose that the request is “transmitted by an application hosted within a virtual computing session” as required by claim 1.  Mukkara simply does not disclose that “the non-browser application” is hosted within a virtual computing session. Mukkara is utterly devoid of any reference to a virtual computing session.

(2) The reasoning presented by the Office appears to map “the browser” disclosed in Mukkara to the “virtualization agent hosted outside the virtual computing session” of claim 1. This mapping is not reasonable. Mukkara fails to disclose that the browser is “hosted outside the virtual computing session,” as required by claim 1. In fact, as stated above, Mukkara is utterly devoid of any reference to a virtual computing session. As such, the Applicant respectfully submits that Mukkara cannot anticipate at least one processor configured to “pass the request to a virtualization agent hosted outside the virtual computing session,” as required by claim 1.


In response to remark/arguments (1), Examiner respectfully disagrees.  Mukkara et al. discloses “the secure communication session is a SSL VPN session with a secure communication tunnel established between the non-browser application 301 and the server 302” (0047), “the server communication service detects a request for a secure communication session between a non-browser application and a server” (0018), “non-web based applications (such as a Secure Socket Layer (SSL) Virtual Private Network (VPN)”, 0003.   Examiner holds that Mukkara’s discloses that the request is “transmitted by an application hosted within a virtual computing session” as required by claim 1.  Therefore, Examiner maintains that Mukkara et al. does teach and suggest this limitation. 

In response to remark/arguments (2), Examiner respectfully disagrees.  Mukkara et al. discloses “the server communication service establishes the secure communication session between the non-browser application and the server via a browser, a browser is used as an intermediary to initially establish the secure communication session” (0020), Figure 3 discloses Browser 303.  Examiner holds Mukkara et al. discloses the “virtualization agent hosted outside the virtual computing session” of claim 1. Therefore, Examiner maintains that Mukkara et al. does teach and suggest this limitation.





Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433