Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Introduction
This office action is in response to Applicant’s communication filed on 11/29/2021 Claims 20-40 have been examined. Claims 1, 25, 30-31 and 36 have been amended.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/10/2021 has been considered by the examiner.

Response to Arguments
Applicant’s arguments on 35 U.S.C 102/103: Applicant’s arguments, see pages 9-14, filed on 11/29/2021, with respect to the rejection(s) of claims 20-40 have been fully considered.
(1)	Applicant relied  on his argument is that “…First, the cited references do not disclose or suggest a service engine, executing on a host computer separately from a machine that also executes on the host computer, that receives captured contextual data identifying a resource that the machine is attempting to access…” (pages 10-12).
The examiner respectfully disagrees. Beside Luna invention teaches application listing manager 501 operates on a host server that receives captured application listing manager 401 operates on the mobile device that receives captured contextual data identifying an application that the mobile device is attempting to access through a network.
As stated on Fig. 2A and Para. 0131-0134, Luna invention teach a mobile device 250 (which functions such as a host device) includes: 
(i) a local client side proxy 175 (which functions such as a machine) comprises a plurality of components for performing network access relating to one or more applications that run on the mobile device; and 
(ii) an application listing manager 401 (which functions such as a service engine) for categorizing and controlling applications to facilitate implementation of application network access policies. For example, the application listing manager 401 of the mobile device 250 may perform a process for determining whether an application requesting network access from the one or more applications should be allowed or denied.
As showing on Fig. 2A, the application listing manager 401 (service engine) is executed on the mobile device 250 (host computer) and separated from the local client side proxy 175 (machine) that is also executed on the mobile device 250.

 (2)	Applicant also relied  on his argument is that “…the cited references do not disclose or suggest, at a service engine, receiving captured contextual data that includes a uniform resource identifier identifying a resource that a machine is attempting to access and using the uniform resource identifier to identify a policy applicable to the attempted network access…” (pages 10-12).
The examiner respectfully disagrees. Luna invention teaches: at a service engine, receiving captured contextual data (Para 0359-0360 and step 2305 of Fig. 10A - the client-side application listing manager 401 of the mobile device receives information relating to a request to access network) that includes a uniform resource identifier (Para 0420 - For example,  request is being made to URI: http://text.com/products/?query=sub; and Para 0242, 0246 -  “http://test.com/products/?query=sub&sort=asc”) identifying a resource that a machine is attempting to access (the URI from the request identifying a resource: the application run on the mobile device requesting network access to web site “text.com” that local client side proxy 175 is attempting to access) and using the uniform resource identifier to identify a policy applicable to the attempted network access (Para 0360 and step 2310 of Fig. 10A – based on the request information from step 2305, the client-side application listing manager 401 of the mobile device identifies category of application and one or more access control policies applicable to the attempted network access at step 2310).
In response to the applicant relied on his argument is that “there is no categorization of the requested resource in Luna, because the uniform resource identifier is only used for a cache lookup” (page 13), the examiner respectfully disagrees. Luna invention teaches at steps 602 and 604 of Fig. 6A that the received request includes URL information. If the request is determined to be not cacheable in step 612, the request is sent to the source (application server/content provider) in step 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 20, 25-27, 30-31 and 36-38 are rejected under 35 U.S.C. 103 as being unpatentable over Luna et al. Publication No. US 2013/0205366 A1 (Luna hereinafter) in view of Zheng et al. Publication No. US 2009/0158432 A1 (Zheng hereinafter).

Regarding claim 20,
Luna teaches a method of controlling network access on a host computer (Fig. 2A - mobile device 250) on which a machine executes (Fig. 2A - a local client side proxy 175 on host mobile device comprises a plurality of components for performing network access relating to one or more applications that run on the mobile device), the method comprising: 
a service engine executing on the host computer separately from the machine (Fig. 2A - application listing manager 401 executing on the mobile device 250 separately from the local client side proxy 175),
receiving, through a guest introspection (GI) agent installed on the machine, captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network (Para 0359-0360 - At block 2305, the application listing manager 401 determines it has received a request from an application to access the network; Para 0134 - the application profile analyzing agent 402 of the application listing manager 401 communicates to the modules of the client-side proxy 275 such as the user activity module 215 and the polling interval detector 238 for receiving and determining information relating to the received request; Para 0242 – For example, request is being made to “URI http://test.com/products/?query=sub”; and For example, at Para 0339 and Fig. 6, after receiving a request at step 602, the URL information of the received request is determined and normalized at step 604). 
using the uniform resource identifier to identify a policy applicable to the attempted network access (Para 0139 – based on the information from the received request, the application access controller 403 determines the access control policies to be applied to a given application; Para 0360 and Fig. 10A - at block 2310, the application listing manager 401 of the mobile device identifies which access category the application falls under and a particular access control policy which relates to the categorized application). 
based on the identified policy, allow or reject the network access (Para 0139 – depending on the specified access control policies for the application, the application access controller 403 can allow, prevent, or delay application requests from going over the air; Para 0361 and Fig. 10A - If the application is a category black application, at block 2311 the application is denied access to the network. If the application is a category white application, at block 2312 the application is permitted access to the network). 
Luna does not explicitly disclose
based on the identified policy, directing the GI agent to allow or reject the network access. 
Zheng teaches:
based on the identified policy, directing the GI agent to allow or reject the network access (Para 0038 - If scanning portion 508 reports back that the file is infected, driver portion 506a-c may block the file access request. If scanning portion 508 reports back that the file is clean, then the driver portion 506a-c allows the file access request to proceed). 
Luna and Zheng are analogous art because they are from a similar field of endeavor in the access request monitoring techniques. Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed 

Regarding claim 25, the method of claim 20,
Luna does not explicitly disclose wherein
the data computer node is a guest virtual machine; and
the service engine is a service virtual machine executing on the host computer. 
Zheng teaches wherein
the data computer node is a guest virtual machine; and the service engine is a service virtual machine executing on the host computer ((Para 0045 and Fig. 6 – a scanner VM 602 is separated from VMs 502a-c, wherein all the scanner VM 602 and the VMs 502a-c are executing on the host computer 504). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Zheng. The motivation for doing so is to allow a security system monitoring user applications and operating systems while the security system remain free from possible attack originating from a user environment.

Regarding claim 26, the method of claim 20,
Luna teaches
wherein the uniform resource identifier identifies a website that is intended for access (Para 0209 - a web site accessed via a web browser), the method further comprising evaluating the identified policy to determine whether the machine is allowed to access the website (Para 0139 – depending on the specified access control policies for the application, the application access controller 403 can allow, prevent, or delay application requests from going over the air).

Regarding claim 27, the method of claim 20,
Luna teaches
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by an application that executes on the machine and that is attempting the network access (Para 0361 and Fig. 10A - If the application is a category black application, at block 2311 the application is denied access to the network. If the application is a category white application, at block 2312 the application is permitted access to the network).


Regarding claim30, the method of claim 20,
Luna teaches
identifying a category associated with the uniform resource identifier (Para 0360 - the application listing manager 401 identifies which access category the application falls under).
evaluating the identified policy to determine whether the identified category is one category of resources that the machine has a right to access (Fig. 10A, step 2310 - Identify category of application and access control policies for determine whether the network access should be allowed or denied).


Regarding claim 31,
Luna teaches a non-transitory machine readable medium for storing a service engine to control network access on a host computer (Fig. 2A - application listing manager 401 executing on the mobile device 250 separately from the local client side proxy 175) on which a machine executes, the service engine to execute on the host computer, the service engine comprising sets of instructions for: 
receiving, through a guest introspection (GI) agent installed on the machine, captured contextual data that includes a uniform resource identifier identifying a resource that the machine is attempting to access through a network (Para 0359-0360 - At block 2305, the application listing manager 401 determines it has received a request from an application to access the network; Para 0134 - the application profile analyzing agent 402 of the application listing manager 401 communicates to the modules of the client-side proxy 275 such as the user activity module 215 and the polling interval detector 238 for receiving and determining information relating to the received request; Para 0242 – For example, request is being made to “URI http://test.com/products/?query=sub”; and For 
based on a categorization of the resource identified by the uniform resource identifier identifying a policy applicable to the attempted network access (Para 0139 – based on the information from the received request, the application access controller 403 determines the access control policies to be applied to a given application; Para 0360 and Fig. 10A - at block 2310, the application listing manager 401 of the mobile device identifies which access category the application falls under and a particular access control policy which relates to the categorized application). 
when the identified policy allows the network access, allow the network access; when the identified policy does not allow the network access, reject the network access (Para 0139 – depending on the specified access control policies for the application, the application access controller 403 can allow, prevent, or delay application requests from going over the air; Para 0361 and Fig. 10A - If the application is a category black application, at block 2311 the application is denied access to the network. If the application is a category white application, at block 2312 the application is permitted access to the network). 
Luna does not explicitly disclose
when the identified policy allows the network access, directing the GI agent to allow the network access. 
when the identified policy does not allow the network access, directing the GI agent to reject the network access. 
Zheng teaches:
when the identified policy allows the network access, directing the GI agent to allow the network access (Para 0038 - If scanning portion 508 reports back that the file is clean, then the driver portion 506a-c allows the file access request to proceed)
when the identified policy does not allow the network access, directing the GI agent to reject the network access (Para 0038 - If scanning portion 508 reports back that the file is infected, driver portion 506a-c may block the file access request). 
Luna and Zheng are analogous art because they are from a similar field of endeavor in the access request monitoring techniques. Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Zheng. The 

Regarding claim 36, 
Claim 36 is analyzed and interpreted as a non-transitory machine readable medium of claim 25.


Regarding claim 37, 
Claim 37 is analyzed and interpreted as a non-transitory machine readable medium of claim 26.


Regarding claim 38, 
Claim 38 is analyzed and interpreted as a non-transitory machine readable medium of claim 27.


- 29 -DOCS 123144-014UT1/2670836.1
Claims 21-23 and 32-34 are rejected under 35 U.S.C. 103 as being unpatentable over Luna and Zheng, and further in view of Kindlund et al. Patent No. US 9,565,202 B1 (Kindlund hereinafter).

Regarding claim 21, the method of claim 20,
Luna does not explicitly disclose
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node. 
Kindlund teaches:
wherein the GI agent is a network introspection agent that captures data through a set of filters that is defined in a network stack of the data compute node (col 5 rows 24-30 – a packet capturer 202 is configured to monitor at least 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 22, the method of claim 21,
Luna does not explicitly disclose
wherein the set of filters include a transport layer library filter. 
Kindlund teaches:
wherein the set of filters include a transport layer library filter (col 5 rows 42-45 – packet capturer 202 and packet inspector 125 may be implemented in any one or more of the layers of a network stack, such as a transport control protocol (TCP) layer). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 23, the method of claim 21,
Luna does not explicitly disclose
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4. 
Kindlund teaches:
wherein the set of filters incudes a filter that is defined in a library that handles communication protocol operations higher than layer 4 (col 5 rows 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Kindlund. The motivation for doing so is to determine that the captured data is implemented in a network stack.

Regarding claim 32, 
Claim 32 is analyzed and interpreted as a non-transitory machine readable medium of claim 21.


Regarding claim 33, 
Claim 33 is analyzed and interpreted as a non-transitory machine readable medium of claim 22.


Regarding claim 34, 
Claim 34 is analyzed and interpreted as a non-transitory machine readable medium of claim 23.



Claims 24 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Luna, Zheng and Kindlund, and further in view of Roth et al. Publication No. US 2013/0085880 A1 (Roth hereinafter).

Regarding claim 24, the method of claim 21,
Luna does not explicitly disclose
wherein the set of filters capture the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine network access policies without decrypting the data. 
Roth teaches:
wherein the set of filters capture the data before the data is encrypted, wherein the capturing of the unencrypted data allows the captured data to be used to examine network access policies without decrypting the data (para 0012 – when Hypervisor 102 receives an outgoing message from a guest operating system, the message is captured by the hypervisor. The hypervisor uses captured state information associated with the guest operating system and destination computing device to process and prepare secure message before the message is encrypted and sent to the destination; and [para 0034] the message also is captured and encrypted by a security component 730 inside Guest System C). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Roth. The motivation for doing so is to allow information in messages to/from Guest Operating systems of a host to be examined prior to being encrypted without “cracked” and “re-encrypted” the messages.

Regarding claim 35, 
Claim 35 is analyzed and interpreted as a non-transitory machine readable medium of claim 24.



Claims 28-29 and 39-40 are rejected under 35 U.S.C. 103 as being unpatentable over Luna and Zheng, and further in view of Nicodemus et al. Publication No. US 2007/0143851 A1 (Nicodemus hereinafter).

Regarding claim 28, the method of claim 26,
Luna does not explicitly disclose
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted. 
Nicodemus teaches:
wherein evaluating the identified policy comprises evaluating the identified policy to determine whether the website is accessible by a user that is using the machine while the network access is being attempted (Para 0015 – Network Access Policies include at least a policy that permits network addresses allowed to be accessed by the user). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 29, the method of claim 26,
Luna does not explicitly disclose
wherein the website access is for accessing a file, and evaluating the identified policy determines comprises evaluating the identified policy to determine whether the file is available for the network access. 
Nicodemus teaches:
wherein the website access is for accessing a file, and evaluating the identified policy determines comprises evaluating the identified policy to determine whether the file is available for the network access (Para 0036 – one or more policy-defined corrective actions, e.g. block access to a particular file). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Luna to include the teachings of Nicodemus. The motivation for doing so is to identify a particular user that is blocked for network access.

Regarding claim 39, 
Claim 39 is analyzed and interpreted as a non-transitory machine readable medium of claim 28.


Regarding claim 40, 

- 29 -DOCS 123144-014UT1/2670836.1

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DA T. TON whose telephone number is (571)272-9956. The examiner can normally be reached Mon-Fri (9am-5pm).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/DA T TON/Acting Patent Examiner of Art Unit 2445                                                                                                                                                                                                        

/YOUNES NAJI/Primary Examiner, Art Unit 2445