DETAILED ACTION
This office action is in response to the correspondence filed on 11/25/2019. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
The amendments and/or arguments submitted by Applicants for the objection(s)/rejection(s) listed below have been considered and are persuasive; thus, they have been withdrawn:
Claim Objection(s)
Applicant’s arguments with respect to claims 1, 13, and 15 have been considered. The following are applicant arguments recited in the Remarks followed by Examiner's response:
Applicant argues that amended independent claims are not taught or made obvious by the 
Vishnepolsky et al. reference. For example, the suffix proxy 140 as taught in the Vishnepolsky et al. reference are performed remotely from the client device 130-N, and the Vishnepolsky et al. reference does not teach or make obvious "converting a resource address" at the client device as defined in the amended claims. (Remarks, pg. 5)
Examiner respectfully disagrees. Even if the suffix proxy is remote to the client device in Vishnepolsky, it does not contradict the instant claim language of a proxy server coupled to a client device. The client device 130-N is “coupled” to the suffix proxy 140 by the virtue of that the client is able to communicate with the suffix proxy. As for reference does not teach or make obvious "converting a , accessible in an application at a client device (i.e. the application is at the client device). Furthermore, it is unclear if this has to be performed in the client device by interpreting the specification and even though the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.
Examiner encourages applicant to further amend the claim to distinguish the invention and clarify the difference with support by the specification. Additional features are likely needed to move the prosecution forward besides the precise location of the proxy and where the address converting takes place.
Applicant argues that the Vishnepolsky et al. reference does not teach or fairly suggest the amended features of whether to permit verified communication between the client and the resource or through the proxy, as defined in the claims. (Remarks, pg. 5)
Applicant’s arguments have been considered but are moot because the arguments do not apply to the new combination of the references being used in the current rejection. The new reference(s) was/were necessitated by the amendment filed by the applicant. The rejection is presented below. 
	The newly amended claims are rejected below in view of Chaubey et al. (US Pub No. 2020/0169535 A1, referred to as Chaubey).


	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1, 3-8, 11-13, 15-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Vishnepolsky et al. (WO 2016/040753 A1 per IDS, referred to as Vishnepolsky), in view of Chaubey et al. (US Pub No. 2020/0169535 A1, referred to as Chaubey).
Regarding claims 1, 13, and 15, taking claim 15 as exemplary, Vishnepolsky discloses,
15. A system, comprising:
a memory device to store a set of instructions; and (Vishnepolsky: [0081])
a processor to execute the set of instructions to: (Vishnepolsky: [0081];
convert a resource address accessible in an application at a client device (Vishnepolsky: [0022]; cloud applications 115 are typically accessed by users using a client device via a web browser.) into a proxy address with a suffix domain of a proxy server; and (Vishnepolsky: [0028]; "... the suffix proxy 140 can be configured to inspect the network traffic and detect cloud-based application's 115 addresses. Examples for such addresses include, for example, uniform resource locators (URLS), uniform resource identifiers (URIs), and so on.” [0029]; "... the suffix proxy 1406 can be configured to modify webpages and codes (e.g., JavaScript) executed therein and on the cloud-computing platform 170, so that no network addresses are provided to the client device 130 that would direct the client device 130 to access the cloud application 115 directly. If such a network address is detected, the suffix proxy 140 is configured to rewrite that address, for example, appending a redefined domain name to the original network address. The added domain name may refer or redirect the browser to the managed network proxy 120. For example, the URL (network address) http://www.somesite com would be accessed through http://www.somesite com.network-proxy-service.com.")
verify a network resource of the resource address at the proxy server coupled to the client device, (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to notify of suspicious network traffic and behavior; block threats; perform application control, URL filtering, and malware protection on the network traffic; establish visibility to application layer parameters (e.g., list of users, devices, locations, etc.); generate profiles of users using the cloud applications 115; provide alerts on specific or predefined events; generate audit logs; and so on.")
Vishnepolsky does not explicitly disclose, however Chaubey teaches,
wherein verify includes a determination as to whether to permit communication between the client device and the resource or between the client device the proxy server. (Chaubey: [0014]; the PAC file may configure the client device to transmit traffic associated with a particular web application such that the traffic is transmitted using a proxy server device, and may configure the client device to transmit traffic associated with another web application such that the traffic associated with the other application is transmitted without using a proxy server device or using a different proxy server device, which enables application-specific traffic handling (the PAC file maybe used to verify if the client should communicate with a resource directly or through a proxy).)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Chaubey of into the teachings of Vishnepolsky with a motivation to decreases latency between a client device and the destination which in turn improves user experience associated with the client device and the web application associated with the traffic; moreover, it decreases the quantity of packets that is to be processed by the proxy server device, which decreases processing, memory, and networking resource usage of the proxy server device, reduces the 


Regarding claim 3, the combination of Vishnepolsky and Chaubey discloses,
3. The method of claim 1 
Vishnepolsky further discloses,
wherein the proxy server directs traffic between the client device and the network resource. (Vishnepolsky: Fig. 1; [0020]; proxy directs traffic between clients and resources.)

Regarding claim 4, the combination of Vishnepolsky and Chaubey discloses,
4. The method of claim 1 
Vishnepolsky further discloses,
wherein the proxy address is an address of a security service. (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110.” (Proxy can provide security services).)

Regarding claim 5, the combination of Vishnepolsky and Chaubey discloses,
5. The method of claim 4 
Vishnepolsky further discloses,
wherein the security service determines whether the network resource is safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As 

Regarding claim 6, the combination of Vishnepolsky and Chaubey discloses,
6. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service passes communication to the network resource if the security service determines the network resource is safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic (let safe traffic thru).)

Regarding claim 7, the combination of Vishnepolsky and Chaubey discloses,
7. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service blocks communication to the network resource if the security service determines the network resource is not safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic.)

Regarding claim 8, the combination of Vishnepolsky and Chaubey discloses,
8. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service issues a warning to the client device if the security service determines the network resource is not safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to notify of suspicious network traffic and behavior.)

Regarding claim 11, the combination of Vishnepolsky and Chaubey discloses,
11. The method of claim 1 
Vishnepolsky further discloses,
wherein the resource address corresponds with a web server. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic.)

Regarding claim 12, the combination of Vishnepolsky and Chaubey discloses,
12. The method of claim 1 
Vishnepolsky further discloses,
wherein the resource address is converted into the proxy address when the resource address is accessed in the application. and (Vishnepolsky: [0029]; "... the suffix proxy 1406 can be configured to modify webpages and codes (e.g., JavaScript) executed therein and on the cloud-computing platform 170, so that no network addresses are provided to the client device 130 that would direct the client 

Regarding claim 16, the combination of Vishnepolsky and Chaubey discloses,
16. The system of claim 15 
Vishnepolsky further discloses,
wherein the instructions to convert and verify are implemented with a security service. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. (Proxy can provide security services).)

Regarding claim 17, the combination of Vishnepolsky and Chaubey discloses,
17. The system of claim 16 
Vishnepolsky further discloses,
wherein the security service is a cloud access security broker. (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110.” (Cloud applications security).)

Regarding claim 19, the combination of Vishnepolsky and Chaubey discloses,
19. The system of claim 16 
Vishnepolsky further discloses,
wherein the security service logs access of the resource address. (Vishnepolsky: [0026]; the managed network proxy 120 can generate audit logs.)


Claims 2, 9-10, 14, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Vishnepolsky, in view of Chaubey, further in view of Adallom et al. (WO 2015/070260 A1 per IDS, referred to as Adallom).
Regarding claims 2 and 20, taking claim 20 as exemplary, the combination of Vishnepolsky and Chaubey discloses,
20. The system of claim 15 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the proxy server is a reverse proxy server to direct web traffic between the client device and a webserver. (Adallom: abstract and [38]; proxy can be a reverse proxy between the service provider and a client.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Adallom of into the combination of Vishnepolsky and Chaubey with a motivation to securing communications networks and systems by monitoring and securing communications using various types of proxies and take action on the network traffic based on predefined policies (Adallom abstract and [4]).

Regarding claims 9 and 14, taking claim 14 as exemplary, the combination of Vishnepolsky and Chaubey discloses,
14. The computer readable storage device of claim 13 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the instructions to control the processer include instructions to control the processor to determine whether the network resource is safe based on a defined policy. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules.)
The same motivation that was utilized for combining Vishnepolsky, Chaubey, and Adallom as set forth in claim 2 is equally applicable to claim 14.


Regarding claim 10, the combination of Vishnepolsky, Chaubey and Adallom discloses,
10. The method of claim 9 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the defined policies include global policies and user policies. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules (various policies can be used).)
The same motivation that was utilized for combining Vishnepolsky, Chaubey and Adallom as set forth in claim 2 is equally applicable to claim 10.


Regarding claim 18, the combination of Vishnepolsky and Chaubey discloses,
18. The system of claim 17 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the cloud access security broker enforces security policies. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules.)
The same motivation that was utilized for combining Vishnepolsky, Chaubey and Adallom as set forth in claim 2 is equally applicable to claim 18.

	Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The listed references disclose relevant inventions of proxy passthrough.
Xia, Sharon Hong  et al.			US-PGPUB	US 20050005133 A1
Ebrahimi; Hashem Mohammad et al.	USPAT		US 7954144 B1

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435