Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action is response to amendment filed on 1/26/2022. Claims 1, 10 and 19 are amended. Claims 1, 2, 4-11 and 13-20 are pending.  
Response to Arguments
Examiner’s Remarks - 35 USC § 103
The examiner notes that the applicant has amended each independent claim to further recite, “wherein the lightweight connector is associated with specific applications or file shares”. The examiner notes that the applicant now alleges a deficiency on the part of the cited prior art. In view of the claim amendment(s), the examiner introduces the teachings of prior art reference Budhani et al. (US Patent Publication No. 2015/0264016) to the record. The examiner notes that Budhani teaches a connector associated with specific applications or files shares. See rejection below. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4-11 and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dave (US Patent No. 9,507,949) in view of Sama et al. (US Patent Publication No. 2016/0036920 and Sama hereinafter) and further in view of Budhani et al. (US Patent Publication No. 2015/0264016 and Budhani hereinafter).

As to claims 1, 10, and 19, Dave teaches a secure application access system comprising: 
a lightweight connector comprising a network interface, a processor communicatively coupled to the network interface (i.e., …illustrates in figure 1 figure element 102 a processor), 
and memory storing instructions that (i.e., …illustrates in figure 1 figure element 124 a memory), when executed, cause the processor to connect to a cloud-based system, via the network interface (i.e., …Dave teaches in column 2 lines 45-50 the following: “cloud security server…brokers connection to the cloud service providers), 
connect to one or more of a file share and an application, via the network interface (i.e., ....teaches in col. 4 lines 20-25 the following: “client computing devices 104 are further configured to access data from the cloud service providers 106 and/or the local storage device 108, using the cloud security server 102. Each of the client computing devices 104 may be owned or controlled by the owner of the shared data or may be owned or controlled by another entity. For example, the owner of the shared data may register a client computing device 104 of a family member, friend, coworker, or other entity with the cloud security server 102, in order to grant access to shared data.”.),
and provide access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system (i.e., ...teaches in col. 5 lines 50-55 the following: “data access module 216 brokers a connection between the client computing device 104 and the data source containing the requested data”. The examiner notes that brokering is another form of stitching together connections).

Dave does not expressly teach:
wherein the lightweight connector is configured to only dial out for connections over the Internet via the cloud-based system and is configured to reject inbound connection of any kind.
In this instance the examiner notes the teachings of prior art reference Sama.
	With regards to applicant’s claim limitation of, “wherein the lightweight connector is configured to only dial out for connections over the Internet via the cloud-based system and is configured to reject inbound connection of any kind”, Sama teaches in par. 0028 the following: “The tenant application may establish a secured outbound connection to the connector service. "Outbound" means that the secured connection is initiated by the tenant application within the tenant's communication system. this relieves the configuration concern for deployment for not having to drill a hole in the firewall. The outbound connection may be secured, for example, using transaction layer security (TLS) secured TCP/IP or using standard secure HTTPS protocols. This approach may avoid the need to drill any firewall holes in the tenant's network for inbound connections. Thus, the tenant's communication system may not admit or process inbound connection requests. This limits the exposure of the tenant's communication system to the cloud, and may provide additional security against flooding denial of service (DoS) attacks against the tenant's communication system.”. …further teaches in par. 0037 the following: “the tenant application 100 may initiate the establishment of the bridge 150, and the tenant application 100 may not respond to inbound connection requests from external communication systems, which may enhance the security and/or stability of the tenant's private communication system 10.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dave with the teachings of Sama by including the feature of inbound traffic control. Utilizing inbound traffic control as taught by Sama above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Dave's system will obtain the capability to provide enhanced system security. 

The system of Dave and Sama does not expressly teach: 
wherein the lightweight connector is associated with specific applications or files shares.
In this instance the examiner notes the teachings of prior art reference Budhani. Budhani teaches in par. 0055 the following: “the application delivery system 102 stitches together application network connections (belonging to a connection pool initiated by an application agent) and end-user device network connections on a per user, per hosted application and per provider system basis so as to isolate communication traffic based upon user, based upon hosted application and based upon provider of the hosted application. Thus, for example, multiple different application provider systems can share
compute resources of the application delivery system 102, while maintaining separation of
communication traffic for different applications hosted by the same provider system and while also
maintaining separation of communication traffic for the same application hosted by different providers
systems, for example. This isolation of communication traffic allows for provision of different,
customized, services and different, customized, accessibility/availability levels for different hosted
applications and/or for different provider systems, for example.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of
the claimed invention to combine the teachings of Dave and Sama with the teachings of Budhani by
including the feature(s) of application identity recognition. Utilizing application identity recognition as
taught by Budhani above allows a system to provide comprehensive application access and
therefore provides the motivation in this instance to combine the references. The examiner contends
that by combining the references, the system of Dave and Sama will obtain the capability to provide
enhanced connection security.
As to claims 2 and 11, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches secure application access system of claim 1, wherein the lightweight connector is in front of the file share and the application (i.e., ....teaches in col. 4 lines 20-25 the following: “client computing devices 104 are further configured to access data from the cloud service providers 106 and/or the local storage device 108, using the cloud security server 102. Each of the client computing devices 104 may be owned or controlled by the owner of the shared data or may be owned or controlled by another entity. For example, the owner of the shared data may register a client computing device 104 of a family member, friend, coworker, or other entity with the cloud security server 102, in order to grant access to shared data.”).

3. (Canceled)

As to claims 4 and 13, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches a secure application access system of claim 1, wherein the cloud- based system includes a plurality of cloud nodes with the user device and the network interface each connected to a different cloud node (i.e., … See figure 1).

As to claims 5 and 14, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches secure application access system of claim 4, wherein the cloud- based system includes a central authority configured to form the stitched connection (i.e., ...teaches in col. 5 lines 50-55 the following: “data access module 216 brokers a connection between the client computing device 104 and the data source containing the requested data”. The examiner notes that brokering is another form of stitching together connections).

As to claims 6 and 15, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches a secure application access system of claim 1, wherein the one or more of the file share and the application are located in an enterprise network and the user device is located remote from the enterprise network (i.e., … See figure 1).

As to claims 7 and 16, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches a secure application access system of claim 6, wherein the user device is associated with a user having specific access rights such that the user device only has visibility of the one or more of the file share and the application, based on configuration of the specific access rights (i.e. …teaches in col. 2 lines 40-55 the following: “a plurality of trust levels to the client computing devices… On such data access, the cloud security server 102 verifies and enforces the assigned trust levels”.).

As to claims 8 and 17, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches a secure application access system of claim 1, wherein the one or more of the file share and the application are located in a data center and the user device is located remote from the data center (i.e., … See figure 1).

As to claims 9, 18 and 20, the system of Dave, Sama and Budhani as applied to claim 1 teaches access control, specifically Dave teaches a secure application access system of claim 1, wherein the instructions that, when executed, cause the processor to receive a query for discovery, and respond to the query based on the one or more of the file share and the application connected thereto (i.e., …teaches in col.5 lines 45-50 the following: “receive requests for data from client computing devices”.).

12. (Canceled)
Art of Record
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497