DETAILED ACTION
This Office Action is in response to the amendment filed 12/14/2021 for application 16/592,206.
Claims 1-22 have been examined and are pending.  Claims 4, 11, 21, and 22 have been amended. Claims 1, 11, 21, and 22 are independent claims.
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made FINAL.
Response to Arguments
The rejection of claims 4 and 11-20 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, is withdrawn in light of Applicant’s amendment to claims 4 and 11.
Applicants’ arguments in the instant Amendment, filed on 12/14/2021, with respect to claims 1-22, have been fully considered but they are not persuasive.
Applicant argues as follows: The Examiner rejected claims 1-22 under 35 U.S.C. § 103 as being unpatentable as obvious. More particularly, claims 1, 5, and 8-10 were rejected over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018.  Applicant respectfully submits that the disclosures of Suryanarayanan do not teach or suggest “authenticating a user, the user utilizing a user device, having affirmatively authenticated the user, establishing a first 
Examiner respectfully disagrees.  Regarding claim 1, Suryaranarayan discloses, in paragraph 0074, a method for connecting to a secure database through a cloud workspace comprising, authenticating a user, the user utilizing a user device; in paragraph 0084, having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace; in paragraph 0076, having established the first secure connection, accessing the cloud workspace having a secured application client by the user; in paragraph 0076, having accessed the cloud workspace.  Angara discloses, in col. 8, lines 47-67, the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; in col. 8, lines 47-67, having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database.
Applicant argues as follows: The Examiner rejected claims 11-16, 18, 19, and 22 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed 
Examiner respectfully disagrees.  Suryanarayanan discloses wireless communications in paragraphs 0040, 0116, and 0117.  Angara in col. 5, lines 45-58, col. 6, lines 6-21, and col. 11, lines 19-38, discloses wireless communications.   Suryanarayanan, Angara, and van der Linden read on claim 11. Regarding claim 11, Suryanarayanan discloses a system for connecting a cloud workspace containing a client’s private data and systems to a secured cloud database comprising: a user device, the user device, once authenticated; in paragraph 0084, configured to form a first secure connection to a server infrastructure; in paragraph 0022 and 0073, at least one cloud workspace, the cloud workspace being a virtualized operating system having a secured application client; in paragraph 0084, the server infrastructure further passing the first secure connection to the cloud workspace.  Angara discloses, in col. 8, lines 47-67, the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database; in col. 8, lines 47-67, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.  Van der Linden, in paragraph 0278 and 0305, discloses connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a 
Applicant argues as follows: Turning to claim 22, for the reasons set forth above, Suryanarayanan and Angara do not render obvious the method and system recited in independent claims 1 and 11, and for the same reasons, Suryanarayanan and Angara do not render obvious the secure device recited in claim 22. As acknowledged in the Office Action on page 41, Suryanarayanan and Angara do not explicitly disclose a wireless transceiver or a microprocessor coupled to the wireless transceiver. Nevertheless, on page 37 of the Office Action, the Examiner states Angara discloses receiving a response from the wireless transceiver from the one or more secured database servers for authentication. Without Angara teaching a microprocessor coupled to a wireless transceiver, it is impossible for the system described in Angara to disclose the limitations of amended claim 22, as suggested by the Examiner. In the absence of a microprocessor and/or a wireless transceiver, it becomes unclear which components of Angara the Examiner is suggesting teach which limitation of amended claim 22. On page 41 of the Office Action, the Examiner states that a wireless transceiver and a microprocessor coupled to the wireless transceiver is disclosed by van der Linden. Applicant respectfully submits that the microprocessor disclosed by van der Linden is not couple to a wireless transceiver. Rather, the microprocessor is associated with computer device 100, whereas the transmitter is included with the pool management package 164a, which is a subcomponent computing device 402.  Additionally, as previously stated, the computer-implemented method disclosed by Angara enables multi-factor authentication for a website by automating the process of providing the multi-factor authentication to the website. See Abstract. The 
Examiner respectfully disagrees.  Suryanarayanan, Angara, and van der Linden, in combination, read on claim 22.  Van der Linden, for example, discloses controller (e.g., paragraph 0165), wireless (e.g. paragraph 0165), receiver (e.g., paragraph 0166), and transmitter (e.g., paragraph 0496).  Regarding claim 22, Suryanarayanan discloses, in paragraph 0115, a secure device comprising: a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to; in paragraph 0021 and 0083, receive a first request to connect to a secured database from a secured application on a cloud server workspace.  Angara discloses, in col. 8, lines 47-67, receive a first response from the wireless transceiver from the one or more secured database servers for authentication; in col. 8, lines 47-67, generate second request to the secured application for authentication; in col. 8, lines 47-67, route the second request for authentication to the secured application; in col. 8, lines 47-67, receive a second response from the secured application; in col. 8, lines 47-67,  receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled.  Van der Linden discloses, in paragraph 0410, a wireless transceiver; in paragraph 0065 and 0410, a microprocessor coupled to the wireless transceiver; in paragraph 0410, route the first request to the wireless transceiver; in paragraph 0410, enable the wireless transceiver to transmit the first request to the one or more secured database servers; in paragraph 0410, route the second response to the wireless transceiver; in paragraph 0410, enable the wireless transceiver to transmit the second response to one or more secured database servers; in paragraph 0076, enable the secured application to connect to the secured database, in paragraph 0387, wherein the second response is an indication the first request originated from a pre-determined device.

Applicant argues as follows: The Examiner rejected claim 21 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Nakamoto (US20140304765), filed April 4, 2013.  Regarding claim 21, for the reasons set forth above, Suryanarayanan and Angara do not render obvious the systems and method recited in independent claims 1, 11 and 22, and for the same reasons, Suryanarayanan and Angara do not render obvious the system recited in amended claim 21. Based on a review of the citations set forth in the Office Action in comparison to the cited prior art references, Applicant respectfully submits that instead of directing the rejections to Nakamoto the Examiner intended to cite to Lu et al. (Lu), (US 20170180351), filed on December 21, 
Examiner respectfully disagrees and thanks Applicant for identifying a type.  Suryanarayanan , Angara, and Lu disclose claim 21.  Regarding claim 21, Suryanarayanan discloses, in paragraphs 0086 and 0114, a server infrastructure comprising: a plurality of servers, each server comprising; one or more processor; in paragraph 0084, one or more communication component, the communication component configured to accept a first secure connection from a user device to a cloud workspace, the first secure connection established by a cloud workspace client application on the user device.  Angara discloses, in col. 8, lines 47-67, further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component; in paragraph 0019, one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network.
The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270 5002 to schedule an interview.



Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: the communication component configured to accept in claim 21, lines 4-5, and communication component further configured to request in claim 21, lines 8-9.  Paragraph 0036 of Applicant’s originally filed specification discloses “Computer hardware may include one or more processor, non-volatile memory, and/or a communication component.”
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claims 1, 5, and 8-10 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018.
Regarding claim 1, Suryaranarayan discloses a method for connecting to a secure database through a cloud workspace comprising, 
authenticating a user, the user utilizing a user device (Suryanarayanan, paragraph 0074, “In some embodiments, these virtual workspaces may be intended to replace a desktop computer, e.g., they may be intended to run the same software programs that a member of the organization or enterprise on whose behalf they were instantiated and configured would access on a desktop computer in an office setting (e.g., applications that perform end-user productivity tasks).  Note that these applications may or may not be stand-alone applications.  For example, in some cases, each of the virtual workspaces (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual workspace have been authenticated.”);
having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”);
having established the first secure connection, accessing the cloud workspace having a secured application client by the user (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”);
having accessed the cloud workspace (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”).
Suryanarayanan discloses having accessed the cloud workspace, but does not explicitly disclose the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a 
However, in an analogous art, Angara discloses the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the 
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Regarding claim 5, Suryanarayanan and Angara discloses the method of claim 1.  Angara discloses wherein authenticating a user includes utilizing two-factor authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 8, Suryanarayanan and Angara discloses the method of claim 1.  Angara discloses wherein the user device is a mobile device (Angara, col. 1, lines 7-18, “Sophisticated network attacks often render simple password authentication insufficient to protect unauthorized access to enterprise and consumer networks and applications.  Traditional solutions to combat these threats include multi-factor (e.g., second factor) authentication that may include obtaining out-of-band user approval for user login events using a mobile device.  For example, a traditional second factor authentication solution may include requesting a user to enter an additional one-time password (i.e., a mobile credential) that a website's authentication server sends to the user's mobile device, in addition to providing a username/password combination.”).
Regarding claim 9, Suryanarayanan and Angara discloses the method of claim 1.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 10, Suryanarayanan and Angara discloses the method of claim 1.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a dedicated connection (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Claims 2 and 3 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Niche, North Wales Police, January 14, 2016, one page.
Regarding claim 2, Suryanarayanan and Angara disclose the method of claim 1.
Suryanarayanan and Angara do not explicitly disclose wherein the secured application client is a NicheRMS application.
However, in an analogous art, Niche discloses wherein the secured application client is a NicheRMS application (NicheRMS, North Wales Police, next to last paragraph, “They also provide access to the national police computer system (PNC) and useful web-based applications like the voters’ register — the local electoral roll featuring current addresses — the national police/legal database (PNLD), and operational briefing sheets. With query-only capability for RMS at the outset of the project, NWP have now taken the next step to add reporting.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Niche with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include wherein the secured application client is a NicheRMS application.
One would have been motivated to provide users with the benefits of providing their suppliers with a web-based service that allows access to RMS data, and developing a mobile- compatible reporting functionality (Angara: col. 1, lines 38-40).
Regarding claim 3, Suryanarayanan and Angara disclose the method of claim 1.
Suryanarayanan and Angara do not explicitly disclose wherein the secured database is a NicheRMS database.
However, in an analogous art, Niche discloses wherein the secured database is a NicheRMS database(NicheRMS, North Wales Police, next to last paragraph, “They also provide access to the national police computer system (PNC) and useful web-based applications like the voters’ register — the local electoral roll featuring current addresses — the national police/legal database (PNLD), and operational briefing sheets. With query-only capability for RMS at the outset of the project, NWP have now taken the next step to add reporting.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Niche with the 
One would have been motivated to provide users with the benefits of providing their suppliers with a web-based service that allows access to RMS data, and developing a mobile- compatible reporting functionality (Angara: col. 1, lines 38-40).
Claims 4 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Hu (US20190361697), filed October 30, 2018.
Regarding claim 4, Suryanarayanan and Angara discloses the method of claim 1.
Suryanarayanan and Angara do not explicitly disclose wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
However, in an analogous art, Hu discloses wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application (Hu, paragraph 0134, “records management activities, such as identity management, transaction processing, and others”; paragraph 0186, “The various metrics to be used in such a determination (608) may be used to enable a monitoring module (e.g., a module of computer program instructions executing on computer hardware such as a CPU) to make such a determination (608).  In fact, such a determination (608) may be generated through the use of a formula that takes many metrics into consideration in a weighted or unweighted fashion.”).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
One would have been motivated to provide users with the benefits of supporting the storage or use of blockchains (Hu: paragraph 0134).
Claims 6 and 7 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Caputo 071 (US5778071), filed August 12, 1996.
Regarding claim 6, Suryanarayanan and Angara disclose the method of claim 1.
Suryanarayanan and Angara do not explicitly disclose wherein the user device is a user device having smartcard derived credentials and authenticating the user further includes a smartcard authenticator application affirmatively authenticating the user, provided the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials.
However, in an analogous art, Caputo discloses wherein the user device is a user device having smartcard derived credentials and authenticating the user further includes a smartcard authenticator application affirmatively authenticating the user, provided the smartcard authenticator application receives a correct personal identification number input (Caputo 071, col. 6, line 62, through col. 7, line 36, “Accordingly, since most industry-standard smartcards may be utilized with the present invention to provide the functionality to be described herein, the particular design of the smartcard utilized in accordance with the present invention is not critical.  Therefore, a smartcard 19 may interface with device 10C when inserted into receptacle 18.  As will be fully described below in the context of the operation of the present invention, the smartcard 19 cooperatively functions with device 10C to provide the novel encrypting/authenticating features of the present invention.  For example, the smartcard may be used to: enter the personal identification number (PIN) of the user; authenticate a user; change encryption algorithms used by the device and/or generally to configure the device.” “Keypad 212 interfaces with the other components of the present invention, as will be described in detail later, in such a manner as to permit the user to enter a PIN or some other numerical data during authentication and/or encryption operations.  If a smartcard interface is also provided, then a user may enter a PIN either by use of the keypad 212 or by inserting the smartcard.  Furthermore, while keypad 212 is illustrated in FIG. 1D as including numerically labeled keys, the present invention also contemplates the use of alphanumerically labeled keys.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include wherein the user device is a user device having smartcard derived credentials and authenticating the user further includes a smartcard authenticator application affirmatively authenticating the user, provided the smartcard authenticator application receives a correct 
One would have been motivated to provide users with the benefits of transportably encrypting and authenticating communications device (Caputo: column 2, lines 23-28).
Regarding claim 7, Suryanarayanan and Angara disclose the method of claim 1.
Suryanarayanan and Angara do not explicitly disclose wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace.
However, in an analogous art, Caputo discloses wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace  (Caputo 071, col. 6, line 62, through col. 7, line 36, “Accordingly, since most industry-standard smartcards may be utilized with the present invention to provide the functionality to be described herein, the particular design of the smartcard utilized in accordance with the present invention is not critical.  Therefore, a smartcard 19 may interface with device 10C when inserted into receptacle 18.  As will be fully described below in the context of the operation of the present invention, the smartcard 19 cooperatively functions with device 10C to provide the novel encrypting/authenticating features of the present invention.  For example, the smartcard may be used to: enter the personal identification number (PIN) of the user; authenticate a user; change encryption algorithms used by the device and/or generally to configure the device.” “Keypad 212 interfaces with the other components of the present invention, as will be described in detail later, in such a manner as to permit the user to enter a PIN or some other numerical data during authentication and/or encryption operations.  If a smartcard interface is also provided, then a user may enter a PIN either by use of the keypad 212 or by inserting the smartcard.  Furthermore, while keypad 212 is illustrated in FIG. 1D as including numerically labeled keys, the present invention also contemplates the use of alphanumerically labeled keys.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace.
One would have been motivated to provide users with the benefits of transportably encrypting and authenticating communications device (Caputo: column 2, lines 23-28)
Claims 11-16, 18, 19, and 22 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and van der Linden (US20110022812), filed May 3, 2010.
Regarding claim 11, Suryanarayanan discloses a system for connecting a cloud workspace containing a client’s private data and systems to a secured cloud database comprising: a user device, the user device, once authenticated (Suryanarayanan, paragraph 0074, “In some embodiments, these virtual workspaces may be intended to replace a desktop computer, e.g., they may be intended to run the same software programs that a member of the organization or enterprise on whose behalf they were instantiated and configured would access on a desktop computer in an office setting (e.g., applications that perform end-user productivity tasks).  Note that these applications may or may not be stand-alone applications.  For example, in some cases, each of the virtual workspaces (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual workspace have been authenticated.”);
configured to form a first secure connection to a server infrastructure (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”);
at least one cloud workspace, the cloud workspace being a virtualized operating system having a secured application client (Suryanarayanan, paragraph 0022, “In some embodiments, the resource instances may, for example, be implemented according to hardware virtualization technology that enables multiple operating systems to run concurrently on a host computer, i.e. as virtual machines (VMs) on the hosts.  A hypervisor, or virtual machine monitor (VMM), on a host may present the VMs on the host with a virtual platform and monitors the execution of the VMs.  Each VM may be provided with one or more private IP addresses; the VMM on a host may be aware of the private IP addresses of the VMs on the host.  An example of a system that employs such a hardware virtualization technology is illustrated in FIG. 4 and described in detail below.”; paragraph 0073, “In this example, once the virtual desktop instances have been set up and credentials have been provided, one or more end users may launch a client application on their a client device (e.g., a computer, tablet device, or other mobile device) and enter the credentials for the virtual desktop instance, after which they may be logged into a virtual workspace environment.  Although the virtual workspace environment is implemented by virtualized resource instances in the cloud computing environment, it may appear to the end user as if it were a local desktop and it may operate as if it were an independent computer to which the user is connected.  In some embodiments, the virtual workspace environment may provide access to productivity software and other software programs to which the user would typically have access if the user were logged onto a physical computer owned by the organization or enterprise.”);
the server infrastructure further passing the first secure connection to the cloud workspace (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Suryanarayanan does not explicitly disclose the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
However, in an analogous art, Angara discloses the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN.
(van der Linden, paragraph 0278, “In another embodiment, the system includes at least one server providing virtualization and hypervisor functionality and residing in the cloud services and hosting infrastructure 406; a virtualization and hypervisor provider may provide such a server.  In still another embodiment, the system includes at least one server providing functionality for executing virtual machines, the server residing in the cloud services and hosting infrastructure 406; a backbone hosting service provider may provide such a server.  In yet another embodiment, additional servers may reside in the cloud services and hosting infrastructure 406 and be provided by other service providers including, without limitation, infrastructure service providers, application service providers, platform service providers, tools service providers, and desktop service providers.”; paragraph 0305, “Referring now to FIG. 5A, a block diagram depicts one embodiment of a system in which a cloud services and hosting infrastructure hosts at least one service on behalf of an enterprise information technology network.  In one embodiment, a virtual local area network (VLAN) is defined that is accessible via a device such as an SSL VPN.”; paragraph 0310, “In other embodiments, implementation of the methods and systems described herein addresses needs that may arise in consolidating application services in a data center or hosting them in the cloud.  In one of these embodiments, a "virtual office appliance" is provided that runs virtual machine appliances locally to provide a subset of services for users in a branch or remote office.  In another of these embodiments, a "virtual office" includes a plurality of servers (one of which may provide failover functionality), executing a virtualization system (such as a hypervisor and control operating system 165).  In still another of these embodiments, the "virtual office" servers execute services and workflows that integrate/leverage functionality--such as that described above in connection with FIGS. 1F-3--to cache and run virtual machine appliances locally.  In some embodiments, virtual machine images are images from which a hypervisor may execute a virtual machine”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of van der Lindon with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN.
One would have been motivated to provide users with the benefits of integrating/ leveraging functionality (van der Linden: paragraph 0310).
Regarding claim 12, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.  Angara discloses wherein the site-to-site secure connection server can only establish the second secure connection with the site-to-site secure connection client (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 13, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.  Angara discloses wherein the user device is a mobile device (Angara, col. 1, lines 7-18, “Sophisticated network attacks often render simple password authentication insufficient to protect unauthorized access to enterprise and consumer networks and applications.  Traditional solutions to combat these threats include multi-factor (e.g., second factor) authentication that may include obtaining out-of-band user approval for user login events using a mobile device.  For example, a traditional second factor authentication solution may include requesting a user to enter an additional one-time password (i.e., a mobile credential) that a website's authentication server sends to the user's mobile device, in addition to providing a username/password combination.”).
 Regarding claim 14, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.    Suryanarayanan discloses wherein at least one of the first secure (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 15, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a dedicated connection (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 16, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.  Angara discloses wherein the cloud workspace maintains the second secure connection if the first secure connection is closed (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 18, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.   Van der Linden discloses wherein the server infrastructure comprises one or more servers, each of the servers having one or more processor, one or more non-transitory memory, and one or more communication components (Van der Linden, paragraph 0316, “a separate domain is established in the cloud services and hosting infrastructure 406 for servers 106b that communicate with servers 106c in the enterprise IT network 408.  In other embodiments, no separate domain is implemented.  In still other embodiments, at least one server 106b residing in the cloud services and hosting infrastructure 406 establishes trust relationships and/or VPN sessions with a server 106c in the enterprise IT network 408; such a server may be referred to as a cloud domain controller”; paragraph 0318, “In one of these embodiments, for example, operations may include multiple sequenced steps for a single server 106b--such as, for example, instantiating a machine image, executing a machine based upon the machine image, provisioning at least one storage resource and associating the provisioned at least one storage resource with the server, and provisioning and associating an IP address with the server.  In another of these embodiments, and as another example, operations may include coordinated steps taken between multiple servers 106b--such as, for example, executing a domain controller server, associating a user profile store with the domain controller server, and instantiating at least one resource server associated with the domain controller server.”).
Regarding claim 19, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.  Van der Linden discloses wherein at least one of the first secure connection and the second secure connection is an encrypted connection (Van der Linden, paragraph 0112, “In some embodiment, the appliance 205 has an encryption engine providing logic, business rules, functions or operations for handling the processing of any security related protocol, such as SSL or TLS, or any function related thereto.  For example, the encryption engine encrypts and decrypts network packets, or any portion thereof, communicated via the appliance 205.  The encryption engine may also setup or establish SSL or TLS connections on behalf of the client 102a-102n, server 106a-106n, or appliance 200, 205.  As such, the encryption engine provides offloading and acceleration of SSL processing.  In one embodiment, the encryption engine uses a tunneling protocol to provide a virtual private network between a client 102a-102n and a server 106a-106n.  In some embodiments, the encryption engine uses an encryption processor.  In other embodiments, the encryption engine includes executable instructions running on an encryption processor.”).
Regarding claim 22, Suryanarayanan discloses a secure device comprising: a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to (Suryanarayanan, paragraph 0115, “System memory 1120 may be configured to store instructions and data accessible by processor(s) 1110.  In various embodiments, system memory 1120 may be implemented using any suitable memory technology, such as static random-access memory (SRAM), synchronous dynamic RAM (SDRAM), nonvolatile/Flash-type memory, or any other type of memory.  In the illustrated embodiment, program instructions and data implementing one or more desired functions, such as those methods, techniques, and data described above for providing low latency connections to workspaces in a cloud computing environment, are shown stored within system memory 1120 as code 1125 and data 1126.”);
receive a first request to connect to a secured database from a secured application on a cloud server workspace (Suryanarayanan, paragraph 0021, “An example computer system on which embodiments of the techniques for securing workspaces in a cloud computing environment described herein may be implemented is illustrated in FIG. 11.  Embodiments of various systems and methods for implementing these techniques are generally described herein in the context of a service provider that provides to clients, via an intermediate network such as the Internet, virtualized resources (e.g., virtualized computing and storage resources) implemented on a provider network of the service provider.  For example, clients of the service provider may access one or more services of the provider network via APIs to the services to obtain and configure resource instances and to establish and manage virtual network configurations that include the resource instances, for example virtualized private networks.”; paragraph 0083, “Such creation can be based on a specific request, such as from a client computing device, or the workspace service (or a workspace service management component thereof) may initiate dynamic creation of an instance of a virtual machine on its own.  Note that each virtual computing resource instance may include one or more storage devices for storing any type of data used in the delivery and processing of network or computing resources, including but not limited to user data, state information, processing requirements, historical usage data, and resources from content providers that will be processed by one or more of the virtual computing resource instances and transmitted to various client computers, in some embodiments.”).
Suryanarayanan does not explicitly disclose receive a first response from the wireless transceiver from the one or more secured database servers for authentication; generate a second request to the secured application for authentication; route the second request for authentication to the secured application; receive a first response from the secured application that its monitoring function is disabled; receive a second response from the secured application; receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled.
However, in an analogous art, Angara discloses receive a first response from the wireless transceiver from the one or more secured database servers for authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
generate a second request to the secured application for authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.” --- second request encompasses multi-factor authentication that a user has previously accessed);
route the second request for authentication to the secured application (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”; second request encompasses multi-factor authentication that a user has previously accessed);
receive a second response from the secured application (Angara, col. 8, lines 47-67, “second response encompasses multi-factor authentication that a user has previously accessed);
third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”; third response encompasses multi-factor authentication that a user has previously accessed;  dashboard 500 may indicate that multi-factor authentication is disabled on websites 504 and 510, for a user”;).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include receive a first response from the wireless transceiver from the one or more secured database servers second request to the secured application for authentication; route the second request for authentication to the secured application; receive a first response from the secured application that its monitoring function is disabled; receive a second response from the secured application; receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose a wireless transceiver; a microprocessor coupled to the wireless transceiver; route the request to the wireless transceiver; enable the wireless transceiver to transmit the first request to the one or more secured database servers; route the second response to the wireless transceiver; enable the wireless transceiver to transmit the response to one or more secured database servers; wherein the second response is an indication the first request originated from a pre-determined device; enable the secured application to connect to the secured database.
However, in an analogous art, van der Linden discloses a wireless transceiver (van der Linden, paragraph 0410, “a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
a microprocessor coupled to the wireless transceiver (van der Linden, paragraph 0065, “In still even another of these embodiments, the computing device 100, such as a multicore microprocessor, combines two or more independent processors into a single package, often a single integrated circuit (IC)”; paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
route the first request to the wireless transceiver (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
enable the wireless transceiver to transmit the first request to the one or more secured database servers (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
route the second response to the wireless transceiver (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
enable the wireless transceiver to transmit the second response to one or more secured database servers (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
enable the secured application to connect to the secured database (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”),
wherein the second response is an indication the first request originated from a pre-determined device (van der Linden, paragraph 0387, response to request, identifiers, device correlation).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of van der Lindon with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include a wireless transceiver; a microprocessor coupled to the wireless transceiver; route the second response to the wireless transceiver; enable the wireless transceiver to transmit the first request to the one or more secured database servers; enable the wireless transceiver to transmit the response to one or more secured database servers; enable the secured application to connect to the secured database, wherein the second response is an indication the first request originated from a pre-determined device.
One would have been motivated to provide users with the benefits of integrating/ leveraging functionality (van der Linden: paragraph 0310)
Claim 17 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and van der Linden (US20110022812), filed May 3, 2010, and further in view of Johnson (US20160004741), filed July 1, 2014.
Regarding claim 17, Suryanarayanan, Angara, and van der Linden disclose the system of claim 11.
Suryanarayanan discloses wherein the at least one cloud workspace is formed by the server infrastructure upon formation of the first secure connection (Suryanarayanan, paragraph 0102, “In some embodiments, configuring the virtual desktop instance for use as a virtual desktop (workspace) instance and beginning a workspace session may include establishing a communication channel between the virtual desktop (workspace) instance and the client on whose behalf the virtual desktop (workspace) instance was configured through a gateway component at a workspace POP location.  Once the virtual desktop instance is configured for use as a virtual desktop (workspace) instance and the communication channel has been established, the method may include managing the two-way interactive video traffic between the virtual desktop (workspace) instance and the client on parallel paths, both of which may include the gateway component.  For example, one path may be used to communicate a stream of pixels (and/or commands for generating and rendering pixels) from the client's virtual desktop (workspace) instance to the client, and another path may be used to communicate inputs from the client to the virtual desktop (workspace) instance.”).
Suryanarayanan, Angara, and van der Linden do not explicitly disclose wherein each of the at least one cloud workspace is deleted daily 
(Johnson, paragraph 0303, “It will also be appreciated that additional processes could be performed in a similar manner, such as deleting or renaming workspaces, modifying access permissions of users, removing users, or the like, and these will not therefore be described in detail.  In the above example, the first user could be an administrator, manager or the like, with the second user being any user authorised to access the workspace by the first user.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Johnson with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and van der Linden and Angara to include wherein each of the at least one cloud workspace is deleted daily.
One would have been motivated to provide users with the benefits of managing corporate data (Johnson: paragraph 0006).
Claim 20 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and van der Linden (US20110022812), filed May 3, 2010, and further in view of Combet (US8862880), filed September 23, 2011.
Regarding claim 20, Suryanarayanan, Angara, and van der Linden discloses the system of claim 11.
Suryanarayanan, Angara, and van der Linden do not explicitly disclose wherein each of the one or more non-volatile memory is encrypted.
(Combet, col. 6, lines 5-16, “An ASI/RSI lookup table "save" functionality may be optionally enabled in order to prevent the loss of ASI-RSI association when the NIS 135, or particular processes/applications running on it, are started or restarted.  In this case, the ASI/RSI lookup table 625 is periodically written to an encrypted file 655 in encrypted non-volatile memory 660 (such as a hard-disk drive or other stable storage) and then loaded into volatile memory upon startup/restart, as indicated by the arrow 665 in FIG. 6.  A conventional encryption algorithm such as AES-128 (Advanced Encryption Standard using a 128 bit cryptographic key) may be used to perform the encrypted write”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Combet with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and van der Linden and Angara to include wherein each of the one or more non-volatile memory is encrypted.
One would have been motivated to provide users with the benefits of providing a two stage anonymization process to monitored network traffic (Combet: col. 1, lines 33-37).



Claim 21 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable
Regarding claim 21, Suryanarayanan discloses a server infrastructure comprising:
a plurality of servers, each server comprising (Suryanarayanan, paragraph 0086, server);
one or more processor (Suryanarayanan, paragraph 0114, processor);
one or more communication component, the communication component configured to accept a first secure connection from a user device to a cloud workspace, the first secure connection established by a cloud workspace client application on the user device (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Suryanarayanan does not explicitly disclose further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, configured to enable data communication between each of the plurality of servers and the one or more modem.
However, in an analogous art, Angara discloses further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
(Angara, col. 11, lines 19-38, “For example, in certain embodiments communication interface 622 may facilitate communication between computing system 610 and a private or public network including additional computing systems.  Examples of communication interface 622 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface.  In at least one embodiment, communication interface 622 may provide a direct connection to a remote server via a direct link to a network, such as the Internet.  Communication interface 622 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network, a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.”);
configured to enable data communication between each of the plurality of servers and the one or more modem (Angara, col. 11, lines 19-38, “For example, in certain embodiments communication interface 622 may facilitate communication between computing system 610 and a private or public network including additional computing systems.  Examples of communication interface 622 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface.  In at least one embodiment, communication interface 622 may provide a direct connection to a remote server via a direct link to a network, such as the Internet.  Communication interface 622 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network, a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, configured to enable data communication between each of the plurality of servers and the one or more modem.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component; one or more network switch, each of the one or more network 
However, in an analogous art, Lu discloses upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component (Lu, paragraph 0021, “The identity provider (IdP) 18 may be responsible for issuing identification information for network devices wanting to interact with the service provider 19 and for the actual authentication of users.  For example, the identity provider 18 may support various authentication mechanisms, including user/password based authentication for LDAP (Lightweight Directory Access Protocol), Kerberos authentication, SmartCard based authentication, and others.  The identity provider 18 may support a variety of protocols, including for example, SAML (Security Assertion Markup Language), which is an WL-based open standard data format that may be used to exchange authentication and authorization data between the identity provider and the service provider 19.  The identity provider 18 and service provider 19 may operate at one or more servers in communication with network 12.  The functions of one or more of the identity provider 18 and service provider 19 may also be embodied by processes running in a data center in a cloud computing environment, for example.”);
one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network (Lu, paragraph 0019, “The network may include any number of network devices in communication via any number of nodes (e.g., routers, switches, gateways, firewalls, controllers, access devices, aggregation devices, core nodes, intermediate nodes, or other network devices), which facilitate passage of data within the network.  The nodes may communicate over one or more networks (e.g., local area network (LAN), metropolitan area network (MAN), wide area network (WAN), virtual private network (VPN), virtual local area network (VLAN), wireless network, enterprise network, Internet, intranet, radio access network, public switched network, or any other network).”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lu with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component; one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network.
One would have been motivated to provide users with the benefits of facilitating passage of data (Lu: paragraph 0019).





Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439                   



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439