Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
Applicant's submission filed on 12/06/2021 has been entered. Claims 1, 8 and 15 are amended. Claims 1-20 are pending.
Response to Arguments
Examiner Remarks - 35 USC § 103 
The examiner notes that the applicant has amended each independent claim to include the limitation of, “wherein the request identifies the application”.  In view of applicant’s claim amendment, the examiner notes the teachings of prior art reference Budhani et al. (US Patent Publication No. 2015/0264016) to the record. The examiner notes that Budhani teaches receiving a request for a specific application (i.e., request identifies the application). The examiner further notes that Budhani further teaches “stitching” together communication connections as claimed by the applicant. See rejection below.
 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dave (US Patent Publication No. 2014/0096199) in view of Collins (US Patent Publication No. 2007/0115929) and further in view of Budhani et al. (US Patent Publication No. 2015/0264016 and Budhani hereinafter).

As to claims 1, 8 and 15, Dave teaches a non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to perform the steps of: 
receiving a request, in a cloud system from a user device, to access an application (i.e., …teaches in par. 0014 the following: “a plurality of client computing devices 104, a plurality of cloud service providers 106, and a local storage device 108, all in communication with each other over a network 110. In use, as discussed in more detail below, the cloud security server 102 is configured to associate a plurality of trust levels to the client computing devices 104, the cloud service providers 106, and the local storage device 108. Individual client computing devices 104 are configured to request data from the cloud security server 102”), 
wherein the application is in one of a public cloud, a private cloud, and an enterprise network (i.e., …teaches in figure 1 illustrates of a cloud network”), 
and wherein the user device is remote over the Internet (i.e., …teaches in figure 1 illustrates of a cloud network”); 
determining if the user device is permitted to access the application (i.e., …teaches in par. 0014 the following: “a plurality of client computing devices 104, a plurality of cloud service providers 106, and a local storage device 108, all in communication with each other over a network 110. In use, as discussed in more detail below, the cloud security server 102 is configured to associate a plurality of trust levels to the client computing devices 104, the cloud service providers 106, and the local storage 
and in response to determining that the user device is permitted to access the application (i.e., …teaches in par. 0014 the following: “a plurality of client computing devices 104, a plurality of cloud service providers 106, and a local storage device 108, all in communication with each other over a network 110. In use, as discussed in more detail below, the cloud security server 102 is configured to associate a plurality of trust levels to the client computing devices 104, the cloud service providers 106, and the local storage device 108. Individual client computing devices 104 are configured to request data from the cloud security server 102”… …teaches in paragraph 0031 the following: “The cloud security server account provides a single logical connection point for distributed data sources, authorized client devices,” …figure 2 illustrates a lightweight connector to provide access to cloud service providers).

Dave does not expressly teach:
in response to determining that the user device is not permitted to access the application, notifying the user device the application does not exist, 
wherein the user device is prevented from ascertaining an existence of applications that the user device is not permitted to access. 
In this instance the examiner notes the teachings of prior art reference Collins. 
With regards to applicant’s claim limitation element of, “in response to determining that the user device is not permitted to access the application, notifying the user device the application does not exist”, Collins teaches in paragraph 393 the following: “Information about a private service, including the existence of the service, may not be disclosed to users who are not permitted to access at least one private content packager that offers access to the service.”.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dave with the teachings of Collins by including the feature of application status. Utilizing application status as taught by Collins above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Dave’s system will obtain the capability to provide enhanced communication security. 

The system of Dave and Collins do not expressly teach:
	wherein the request identifies the application;
and stitching together a connection between the cloud system and the user device and a connection between the cloud system and the application via a lightweight connector to provide access to the application. 
In this instance the examiner notes the teaching of prior art reference Budhani. 
With regards to applicant’s claim limitation element of, “wherein the request identifies the application”, Budhani teaches in par. 0101 the following: “a request from the agent 118-1 for a hosted application 116-1”.  The examiner notes that request will be for a specific hosted application. 
With regards to applicant’s claim limitation element of, “stitching together a connection between the cloud system and the user device and a connection between the cloud system and the application via a lightweight connector to provide access to the application”, Budhani teaches par. 0055 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dave and Collins with the teachings of Budhani by including the feature(s) of application identity recognition. Utilizing application identity recognition as taught by Budhani above allows a system to provide comprehensive application access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Dave and Collin will obtain the capability to provide enhanced application security. 

As to claims 2, 9 and 16, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 1, wherein the determining includes determining if a user associated with the user device is permitted to access the application (i.e., …teaches in paragraph 0028 the following: “cloud service providers 106 such as user credentials.”).

As to claims 3, 10 and 17, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 1, wherein the stitching together the connections includes the cloud system creating both a connection to the user device and to the application to enable the user device and the application to communicate (i.e., ….figure 1 of Dave illustrates stitching together the connections).

As to claims 4 and 11, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 3, wherein the stitching together the connections includes at least two tunnels between the user device and the application (i.e., ….figure 1 of Dave illustrates stitching together the connections).

As to claims 5, 12 and 18, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 1, wherein the application is connected to a connector operating on a computer and communicatively coupled to the cloud system (i.e., ….figure 1 of Dave illustrates connections between computer and cloud).

As to claims 6, 13 and 19, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 1, wherein the user device executes one of a browser and an application to provide the request and to access the application (i.e,. …teaches in paragraph 0046 the following: “data access may be performed by a specialized data access application of the client computing device 104. In other embodiments, data access may be performed in the same manner as for a cloud service provider 106 or a local storage device 108, as through a web browser or a file browser”.).

As to claims 7, 14 and 20, the system of Dave, Collins and Budhani as applied to claim 1 above, specifically Dave teaches a non-transitory computer-readable medium of claim 1, wherein the determining includes communicating with a central authority to check if the user device is permitted and for a determination of connection information for the stitching together the connections (i.e., …teaches in par. 0014 the following: “a plurality of client computing devices 104, a plurality of cloud service providers 106, and a local storage device 108, all in communication with each other over a network 110. In use, as discussed in more detail below, the cloud security server 102 is configured to associate a plurality of trust levels to the client computing devices 104, the cloud service providers 106, and the local storage device 108. Individual client computing devices 104 are configured to request data from the cloud security server 102”).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497