DETAILED ACTION
This office action is in response to the correspondence filed on 03/08/2022. Claims 1-20 are still pending and are examined. Claims 1, 13, and 15 are amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Arguments
Applicant’s arguments with respect to claims 1, 13, and 15 have been considered. The following are applicant arguments recited in the Remarks followed by Examiner's response:
Applicant argues the features of the amended independent claims are not taught or made obvious by the Vishnepolsky et al. reference. For example, the suffix proxy 140 as taught in the Vishnepolsky et al. reference are performed remotely from the client device 130-N, and the Vishnepolsky et al. reference does not teach or make obvious "converting a resource address" server via a wrapper module tethered to the application at the client device as defined in the amended claims. For example, there is no teaching or fair suggestion that a wrapper module be at the client device or that a wrapper module be tethered to an application at the client device. The Chaubey et al. publication is silent as to this feature (Remarks, pg. 5)
Examiner respectfully disagrees. Even if the suffix proxy 140 as taught in the Vishnepolsky et al. reference are performed remotely from the client device 130-N, it does not contradict the instant claim language of a proxy server coupled to a client device. The 
Furthermore, it is unclear if the address converting has to be performed in the client device by interpreting the instant specification and drawings. Regardless, even though the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.
Applicant argues the Vishnepolsky et al. reference does not teach or make obvious "converting a resource address" server via a wrapper module tethered to the application at the client device as defined in the amended claims. (Remarks, pg. 5)
Examiner respectfully disagrees. Please see the new mapping for the latest amendments below (see “wrapper module” in Vishnepolsky et al. Fig. 1, [0033], [0039]). Also, note that per the instant specification [0025], Fig. 3, the drawing shows that wrapper 302 as a separate component connecting to the client 202. 
Examiner encourages applicant to further amend the claim to distinguish the invention and clarify the difference with support by the specification. Additional features are likely needed to move the prosecution forward besides the precise location of the proxy and where the address converting takes place.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-8, 11-13, 15-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Vishnepolsky et al. (WO 2016/040753 A1 per IDS, referred to as Vishnepolsky), in view of Chaubey et al. (US Pub No. 2020/0169535 A1, referred to as Chaubey).
Regarding claims 1, 13, and 15, taking claim 15 as exemplary, Vishnepolsky discloses,
15. A system, comprising:
a memory device to store a set of instructions; and (Vishnepolsky: [0081])
a processor to execute the set of instructions to: (Vishnepolsky: [0081];
convert a resource address accessible in an application at a client device (Vishnepolsky: [0022]; cloud applications 115 are typically accessed by users using a client device via a web browser.) into a proxy address with a suffix domain of a proxy server; (Vishnepolsky: [0028]; "... the suffix proxy 140 can be configured to inspect the network traffic and detect cloud-based application's 115 addresses. Examples for such addresses include, for example, uniform resource locators (URLS), uniform resource identifiers (URIs), and so on.” [0029]; "... the suffix proxy 1406 can be configured to modify webpages and codes (e.g., JavaScript) executed therein and on the cloud-computing platform 170, so that no network addresses are provided to the client device 130 that would direct the client device 130 to access the cloud application 115 directly. If such a network address is detected, the suffix proxy 140 is configured to rewrite that address, for example, appending a redefined domain name to the original via a wrapper module tethered to the application at the client device; and (Vishnepolsky: Fig. 1; [0033]; the suffix proxy 140 is configured to provide a security sandbox (wrapper module) which is a runtime component executed over the client device 130. Certain function of the security sandbox can be performed in the suffix proxy. The security sandbox is labeled as a security sandbox 145. [0039]; the sandbox 145 during run-time resolves the wrappers in order to enforce suffix and unsuffix of network addresses.)
verify a network resource of the resource address at the proxy server coupled to the client device, (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to notify of suspicious network traffic and behavior; block threats; perform application control, URL filtering, and malware protection on the network traffic; establish visibility to application layer parameters (e.g., list of users, devices, locations, etc.); generate profiles of users using the cloud applications 115; provide alerts on specific or predefined events; generate audit logs; and so on.")
Vishnepolsky does not explicitly disclose, however Chaubey teaches,
wherein verify includes a determination as to whether to permit communication between the client device and the resource or between the client device the proxy server. (Chaubey: [0014]; the PAC file may configure the client device to transmit traffic associated with a particular web application such that the traffic is transmitted using a proxy server device, and may configure the client device to transmit traffic associated with another web application such that the traffic associated with the other application is transmitted without using a proxy server device or using a different proxy server device, 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Chaubey of into the teachings of Vishnepolsky with a motivation to decreases latency between a client device and the destination which in turn improves user experience associated with the client device and the web application associated with the traffic; moreover, it decreases the quantity of packets that is to be processed by the proxy server device, which decreases processing, memory, and networking resource usage of the proxy server device, reduces the time it takes to process traffic at the proxy server device, by selectively routing the traffic through the proxy (Chaubey: [0014]).


Regarding claim 3, the combination of Vishnepolsky and Chaubey discloses,
3. The method of claim 1 
Vishnepolsky further discloses,
wherein the proxy server directs traffic between the client device and the network resource. (Vishnepolsky: Fig. 1; [0020]; proxy directs traffic between clients and resources.)


Regarding claim 4, the combination of Vishnepolsky and Chaubey discloses,
4. The method of claim 1 
Vishnepolsky further discloses,
wherein the proxy address is an address of a security service. (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud 


Regarding claim 5, the combination of Vishnepolsky and Chaubey discloses,
5. The method of claim 4 
Vishnepolsky further discloses,
wherein the security service determines whether the network resource is safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic.)


Regarding claim 6, the combination of Vishnepolsky and Chaubey discloses,
6. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service passes communication to the network resource if the security service determines the network resource is safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic (let safe traffic thru).)


Regarding claim 7, the combination of Vishnepolsky and Chaubey discloses,
7. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service blocks communication to the network resource if the security service determines the network resource is not safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic.)


Regarding claim 8, the combination of Vishnepolsky and Chaubey discloses,
8. The method of claim 5 
Vishnepolsky further discloses,
wherein the security service issues a warning to the client device if the security service determines the network resource is not safe. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to notify of suspicious network traffic and behavior (warning).)


Regarding claim 11, the combination of Vishnepolsky and Chaubey discloses,
11. The method of claim 1 
Vishnepolsky further discloses,
wherein the resource address corresponds with a web server. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. As non-limiting examples, the managed network proxy 120 can be configured to block threats; perform application control, URL filtering, and malware protection on the network traffic (address of some web servers).)


Regarding claim 12, the combination of Vishnepolsky and Chaubey discloses,
12. The method of claim 1 
Vishnepolsky further discloses,
wherein the resource address is converted into the proxy address when the resource address is accessed in the application. and (Vishnepolsky: [0029]; "... the suffix proxy 1406 can be configured to modify webpages and codes (e.g., JavaScript) executed therein and on the cloud-computing platform 170, so that no network addresses are provided to the client device 130 that would direct the client device 130 to access the cloud application 115 directly. If such a network address is detected, the suffix proxy 140 is configured to rewrite that address, for example, appending a redefined domain name to the original network address. The added domain name may refer or redirect the browser to the managed network proxy 120. For example, the URL (network address) http://www.somesite com would be accessed through http://www.somesite com.network-proxy-service.com." (convert address).)


Regarding claim 16, the combination of Vishnepolsky and Chaubey discloses,
16. The system of claim 15 
Vishnepolsky further discloses,
wherein the instructions to convert and verify are implemented with a security service. (Vishnepolsky: [0026]; the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110. (Proxy can provide security services).)


Regarding claim 17, the combination of Vishnepolsky and Chaubey discloses,
17. The system of claim 16 
Vishnepolsky further discloses,
wherein the security service is a cloud access security broker. (Vishnepolsky: [0026]; "the managed network proxy 120 can be configured to detect and mitigate network threats against the cloud applications 115 and/or the infrastructure of the cloud computing platform 110.” (Cloud applications security).)


Regarding claim 19, the combination of Vishnepolsky and Chaubey discloses,
19. The system of claim 16 
Vishnepolsky further discloses,
wherein the security service logs access of the resource address. (Vishnepolsky: [0026]; the managed network proxy 120 can generate audit logs.)



Claims 2, 9-10, 14, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Vishnepolsky, in view of Chaubey, further in view of Adallom et al. (WO 2015/070260 A1 per IDS, referred to as Adallom).
Regarding claims 2 and 20, taking claim 20 as exemplary, the combination of Vishnepolsky and Chaubey discloses,
20. The system of claim 15 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the proxy server is a reverse proxy server to direct web traffic between the client device and a webserver. (Adallom: abstract and [38]; proxy can be a reverse proxy between the service provider and a client.)
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teachings Adallom of into the combination of Vishnepolsky and Chaubey with a motivation to securing communications networks and systems by monitoring and securing communications using various types of proxies and take action on the network traffic based on predefined policies (Adallom abstract and [4]).


Regarding claims 9 and 14, taking claim 14 as exemplary, the combination of Vishnepolsky and Chaubey discloses,
14. The computer readable storage device of claim 13 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the instructions to control the processer include instructions to control the processor to determine whether the network resource is safe based on a defined policy. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules.)
The same motivation that was utilized for combining Vishnepolsky, Chaubey, and Adallom as set forth in claim 2 is equally applicable to claim 14.


Regarding claim 10, the combination of Vishnepolsky, Chaubey and Adallom discloses,
10. The method of claim 9 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the defined policies include global policies and user policies. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules (various policies can be used).)
The same motivation that was utilized for combining Vishnepolsky, Chaubey and Adallom as set forth in claim 2 is equally applicable to claim 10.


Regarding claim 18, the combination of Vishnepolsky and Chaubey discloses,
18. The system of claim 17 
The combination of Vishnepolsky and Chaubey does not explicitly disclose, however Adallom teaches,
wherein the cloud access security broker enforces security policies. (Adallom: [30]; the network proxy can be configured so that traffic between a client device and the SaaS provider passes through the network proxy. Because the network proxy intermediates the communications, it can be used to monitor the network traffic between these points and take action on the network traffic based on predefined policies and rules.)
The same motivation that was utilized for combining Vishnepolsky, Chaubey and Adallom as set forth in claim 2 is equally applicable to claim 18.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Wang; Lei et al.	USPAT		US 9716701 B1		Method for scanning web traffic using local proxy
Tubi; Lior et al.	US-PGPUB	US 20160142375 A1	Techniques to authenticate a client to a proxy through a domain name server intermediary including a local proxy

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435