Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action is in response to amendment filed on 4/21/2022. Claims 1, 9 and 15 are amended. Claims 1-20 are pending. 
Response to Arguments
Examiner’s Remarks – Specification (Objection)
The examiner contends that applicant’s usage of the abbreviation of (B2B) noted in applicant’s title of the invention, is insufficient. The following title is suggested: “Providing Users Secure Access to Business-to-Business Applications (B2B)”. The examiner maintains the objection. 
Examiner’s Remarks - 35 USC § 103
The examiner notes that the applicant has amended each independent claim to recite the new feature(s) of, “wherein the tunnel is an inside-out encrypted tunnel”. The examiner notes that the applicant now alleges a deficiency on the part of the cited prior art in view of the new feature(s). The examiner introduces the teachings of prior art reference Morar et al. (US Patent Publication No. 2002/0111818), to the record in view of applicant’s claim amendment(s). The examiner notes that Morar teaches a security mechanism for securing data communication similarly to applicant’s newly amended claim feature(s). See rejection below.  
Specification (Title)
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
The following title is suggested: “Providing Users Secure Access to Business-to-Business Applications (B2B)”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-9, 11-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi et al. (US Patent Publication No. 2014/0006347 and Qureshi hereinafter) in view of Burch et al. (US Patent Publication No. 2011/0231840 and Burch hereinafter) and further in view of Morar et al. (US Patent Publication No. 2002/0111818 and Morar hereinafter).

As to claims 1 and 9, Qureshi teaches method comprising: 
displaying the one or more B2B applications that the user is authorized to access (i.e. …teaches in par. 12 the following: “user interface for selecting and launching enterprise applications”); 
responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system (i.e., …teaches in par. 0074 the following: “A mobile device's enterprise access request can be sent to the secure mobile gateway 128 via a connection 146, and the gateway 128 can send the request to an enterprise resource 1802 via an internal connection 154. Further, the enterprise system 110 can use the connections 142, 146 to send information back to the mobile device 120, such as data responsive to the device's enterprise access request.”.);  
and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system (i.e., …teaches in par. 0099 the following: “The mobile device management system 126 can also act as a tunneling mediator for application tunnels between the mobile devices 120 and the enterprise resources 130 or other network resources within or even outside the enterprise system 110.”).

Qureshi does not expressly teach:
	responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user. 
In this instance the examiner notes the teachings of Burch. 
With regards to applicant’s claim limitation element of, “responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user”, Burch teaches in par. 0058 the following: “At 1, a User1 (requestor) establishes a remote connection to a VDI cloud and accesses his/her VM using RDP. This process includes the following steps (which are not shown in the FIG. 4). [0059] User accesses his/her portal. If not authenticated, redirection happens to an Identity Provider (IDP also referred to as an identity service and described with the FIG. 1”.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi with the teachings of Burch by including the feature of authentication redirection. Utilizing authentication redirection as taught by Burch above allows a system to provide comprehensive authentication and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Qureshi's system will obtain the capability to provide enhanced access control. 

The system of Qureshi and Burch do not expressly teach:
wherein the tunnel is an inside-out encrypted tunnel. 
In this instance the examiner notes the teachings of prior art reference Morar. 
Morar teaches in par. 0061 the following: “[0061] As an example, FIG. 8 (which uses for convenience the same exemplary network architecture as in FIGS. 2-7) illustrates a system configuration in which cryptographic techniques are used to provide a secure and private data path, session or "tunnel" 26 through an insecure public network, in this case the Extended Network 1A. As was stated previously, the Extended Network 1A could include the Internet. In this embodiment the secure tunnel 26 is made between two network gateways 24A and 24B connected to Local Network-1 and Local Network-2, respectively. In this embodiment the operation of the filter 10, positioned as in the embodiment of FIG. 7, is not limited by the encryption used by the gateways 24A and 24B to construct and maintain the secure private tunnel 26. The same applies when the filters 10 are located higher in the e-commerce hierarchy, as in the embodiments illustrated in FIGS. 5 and 6.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi and Burch with the teachings of Morar by including the feature of secure private tunnel. Utilizing authentication redirection as taught by Morar above allows a system to provide comprehensive data security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Qureshi and Burch will obtain the capability to provide enhanced communication security. 

As to claims 3 and 11 and, system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 1, further comprising logging activity of the user with the one or more B2B applications and storing the activity with a plurality of users associated with the one or more B2B applications (i.e. …teaches in par. 193 the following: “The illustrated logging steps 608 and 616 of FIG. 6 can allow an enterprise to keep track of data that flows through the resource network connection (e.g., connections 152, 162 of FIGS. 1A-1C) between the tunneling mediator and the enterprise resource 130. The use of application tunnels for such logging enables user and device behaviors to be tracked at more granular level, and with a greater level of control. For example, because each application tunnel is ordinarily tied to a particular mobile device 120, user, and mobile application, data transmitted over that tunnel can be stored in association with this mobile device, user and application. This gives an enterprise greater visibility into the activities of its mobile device users 115. The tunneling mediator (or other component associated therewith) can be configured to log various types of information, such as the actual data sent through the resource network connection, the amounts of data sent through the resource network connection, types of data sent through the resource network connection, names of files sent through the resource network connection, the number of times a particular user accesses one or more enterprise resources 130, the times at which a user requested access to one or more enterprise resources 130, etc. Analytics can be generated from the logged data. The mobile device management system 126 can set rules based on such analytics. As one example, access to one or more enterprise resources 130 can be restricted for a mobile device 120 with a high volume of downloads.”).

As to claim 4, system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 3, further comprising providing a Graphical User Interface including visualizations related to user transactions with the one or more B2B applications (i.e. …teaches in par. 193 the following: “The illustrated logging steps 608 and 616 of FIG. 6 can allow an enterprise to keep track of data that flows through the resource network connection (e.g., connections 152, 162 of FIGS. 1A-1C) between the tunneling mediator and the enterprise resource 130. The use of application tunnels for such logging enables user and device behaviors to be tracked at more granular level, and with a greater level of control. For example, because each application tunnel is ordinarily tied to a particular mobile device 120, user, and mobile application, data transmitted over that tunnel can be stored in association with this mobile device, user and application. This gives an enterprise greater visibility into the activities of its mobile device users 115. The tunneling mediator (or other component associated therewith) can be configured to log various types of information, such as the actual data sent through the resource network connection, the amounts of data sent through the resource network connection, types of data sent through the resource network connection, names of files sent through the resource network connection, the number of times a particular user accesses one or more enterprise resources 130, the times at which a user requested access to one or more enterprise resources 130, etc. Analytics can be generated from the logged data. The mobile device management system 126 can set rules based on such analytics. As one example, access to one or more enterprise resources 130 can be restricted for a mobile device 120 with a high volume of downloads.”).

As to claim 5, system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 3, further comprising analyzing the activity of the user and the plurality of users to detect usage patterns and providing an alert responsive to any deviating behavior, for both security and operational reasons (i.e. …teaches in par. 193 the following: “The illustrated logging steps 608 and 616 of FIG. 6 can allow an enterprise to keep track of data that flows through the resource network connection (e.g., connections 152, 162 of FIGS. 1A-1C) between the tunneling mediator and the enterprise resource 130. The use of application tunnels for such logging enables user and device behaviors to be tracked at more granular level, and with a greater level of control. For example, because each application tunnel is ordinarily tied to a particular mobile device 120, user, and mobile application, data transmitted over that tunnel can be stored in association with this mobile device, user and application. This gives an enterprise greater visibility into the activities of its mobile device users 115. The tunneling mediator (or other component associated therewith) can be configured to log various types of information, such as the actual data sent through the resource network connection, the amounts of data sent through the resource network connection, types of data sent through the resource network connection, names of files sent through the resource network connection, the number of times a particular user accesses one or more enterprise resources 130, the times at which a user requested access to one or more enterprise resources 130, etc. Analytics can be generated from the logged data. The mobile device management system 126 can set rules based on such analytics. As one example, access to one or more enterprise resources 130 can be restricted for a mobile device 120 with a high volume of downloads.”).

As to claims 6 and 12 and system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 1, wherein the one or more B2B applications include business facing applications including any of Supply Chain Management (SCM) applications, inventory management applications, ordering applications, financial applications, and payroll applications (i.e. …teaches in par. 0005 the following: “software applications for email, customer relationship management (CRM), document management”.).

As to claims 7 and 13, system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 1, wherein the one or more B2B applications are web-based applications and the request is a Uniform Resource Locator (URL) (i.e., …teaches in par. 0061 the following: “Secure Web Browser," involves the use of a mobile browser application that implements the various enterprise security features. Like the secure virtual machine approach, mobile applications (or web pages accessed by the browser) that are configured to run within the secure browser effectively inherit the security mechanisms implemented by the secure browser.”).

As to claims 8 and 14, system of Qureshi, Burch and Morar as applied to claim 1 above teaches application selection, specifically Qureshi teaches a method of claim 1, wherein the user provides the request via a web browser executed on a user device (i.e., …teaches in par. 0061 the following: “Secure Web Browser," involves the use of a mobile browser application that implements the various enterprise security features. Like the secure virtual machine approach, mobile applications (or web pages accessed by the browser) that are configured to run within the secure browser effectively inherit the security mechanisms implemented by the secure browser.”).

As to claim 15, Qureshi teaches a cloud-based system comprising: 
a plurality of enforcement nodes interconnected to one another (i.e., …illustrates in figure 1B plurality of nodes connected together); 
and a central authority interconnected to the plurality of enforcement nodes (i.e., …illustrates in figure 1B plurality of nodes connected together with a central authority), 
wherein any of the plurality of enforcement nodes are connected to one or more Business-to-Business (B2B) applications, via corresponding connectors, and to a user (i.e. …illustrates in figure 1B nodes connected to applications and users by way of tunnel connectors); 
cause a display of the one or more B2B applications that the user is authorized to access (i.e. …teaches in par. 12 the following: “user interface for selecting and launching enterprise applications”); 
and responsive to a selection of a B2B application of the one or more B2B applications and responsive to creation of a first tunnel from the B2B application to a broker in the cloud-based system (i.e., …teaches in par. 0074 the following: “A mobile device's enterprise access request can be sent to the secure mobile gateway 128 via a connection 146, and the gateway 128 can send the request to an enterprise resource 1802 via an internal connection 154. Further, the enterprise system 110 can use the connections 142, 146 to send information back to the mobile device 120, such as data responsive to the device's enterprise access request.”.), 
stitch the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system (i.e., …teaches in par. 0099 the following: “The mobile device management system 126 can also act as a tunneling mediator for application tunnels between the mobile devices 120 and the enterprise resources 130 or other network resources within or even outside the enterprise system 110.”.).

Qureshi does not expressly teach:
	wherein the cloud-based system is configured to responsive to a request from the user for the one or more Business-to-Business (B2B) applications, redirect the request, by a cloud-based system, to an identity provider to authorize the user. 
In this instance the examiner notes the teachings of Burch. 
With regards to applicant’s claim limitation element of, “responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user”, Burch teaches in par. 0058 the following: “At 1, a User1 (requestor) establishes a remote connection to a VDI cloud and accesses his/her VM using RDP. This process includes the following steps (which are not shown in the FIG. 4). [0059] User accesses his/her portal. If not authenticated, redirection happens to an Identity Provider (IDP also referred to as an identity service and described with the FIG. 1”.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi with the teachings of Burch by including the feature of authentication redirection. Utilizing authentication redirection as taught by Burch above allows a system to provide comprehensive authentication and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Qureshi's system will obtain the capability to provide enhanced access control. 

The system of Qureshi and Burch do not expressly teach:
wherein the tunnel is an inside-out encrypted tunnel. 
In this instance the examiner notes the teachings of prior art reference Morar. 
Morar teaches in par. 0061 the following: “[0061] As an example, FIG. 8 (which uses for convenience the same exemplary network architecture as in FIGS. 2-7) illustrates a system configuration in which cryptographic techniques are used to provide a secure and private data path, session or "tunnel" 26 through an insecure public network, in this case the Extended Network 1A. As was stated previously, the Extended Network 1A could include the Internet. In this embodiment the secure tunnel 26 is made between two network gateways 24A and 24B connected to Local Network-1 and Local Network-2, respectively. In this embodiment the operation of the filter 10, positioned as in the embodiment of FIG. 7, is not limited by the encryption used by the gateways 24A and 24B to construct and maintain the secure private tunnel 26. The same applies when the filters 10 are located higher in the e-commerce hierarchy, as in the embodiments illustrated in FIGS. 5 and 6.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi and Burch with the teachings of Morar by including the feature of secure private tunnel. Utilizing authentication redirection as taught by Morar above allows a system to provide comprehensive data security and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Qureshi and Burch will obtain the capability to provide enhanced communication security. 

As to claim 17, system of Qureshi, Burch and Morar as applied to claim 15 above teaches application selection, specifically Qureshi teaches a cloud-based system of claim 15, wherein activity of the user with the one or more B2B applications is logged and store with activity from a plurality of users associated with the one or more B2B applications (i.e. …teaches in par. 193 the following: “The illustrated logging steps 608 and 616 of FIG. 6 can allow an enterprise to keep track of data that flows through the resource network connection (e.g., connections 152, 162 of FIGS. 1A-1C) between the tunneling mediator and the enterprise resource 130. The use of application tunnels for such logging enables user and device behaviors to be tracked at more granular level, and with a greater level of control. For example, because each application tunnel is ordinarily tied to a particular mobile device 120, user, and mobile application, data transmitted over that tunnel can be stored in association with this mobile device, user and application. This gives an enterprise greater visibility into the activities of its mobile device users 115. The tunneling mediator (or other component associated therewith) can be configured to log various types of information, such as the actual data sent through the resource network connection, the amounts of data sent through the resource network connection, types of data sent through the resource network connection, names of files sent through the resource network connection, the number of times a particular user accesses one or more enterprise resources 130, the times at which a user requested access to one or more enterprise resources 130, etc. Analytics can be generated from the logged data. The mobile device management system 126 can set rules based on such analytics. As one example, access to one or more enterprise resources 130 can be restricted for a mobile device 120 with a high volume of downloads.”.).

As to claim 18, system of Qureshi, Burch and Morar as applied to claim 15 above teaches application selection, specifically Qureshi teaches a cloud-based system of claim 15, wherein the one or more B2B applications include business facing applications including any of Supply Chain Management (SCM) applications, inventory management applications, ordering applications, financial applications, and payroll applications (i.e. …teaches in par. 0005 the following: “software applications for email, customer relationship management (CRM), document management”.).

As to claim 19, system of Qureshi, Burch and Morar as applied to claim 15 above teaches application selection, specifically Qureshi teaches a cloud-based system of claim 15 cloud-based system of claim 15, wherein the one or more B2B applications are web- based applications and the request is a Uniform Resource Locator (URL) (i.e., …teaches in par. 0061 the following: “Secure Web Browser," involves the use of a mobile browser application that implements the various enterprise security features. Like the secure virtual machine approach, mobile applications (or web pages accessed by the browser) that are configured to run within the secure browser effectively inherit the security mechanisms implemented by the secure browser.”.).

As to claim 20, system of Qureshi, Burch and Morar as applied to claim 15 above teaches application selection, specifically Qureshi teaches a cloud-based system of claim 15 cloud-based system of claim 15, wherein the user provides the request via a web browser executed on a user device (i.e., …teaches in par. 0061 the following: “Secure Web Browser," involves the use of a mobile browser application that implements the various enterprise security features. Like the secure virtual machine approach, mobile applications (or web pages accessed by the browser) that are configured to run within the secure browser effectively inherit the security mechanisms implemented by the secure browser.”.).

Claim 2, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Qureshi and Burch in view of Morar as applied to claims 1, 9 and 15 above and further in view of Cox et al. (US Patent Publication No. 2002/0032763 and Cox hereinafter).

As to claims 2, 10 and 16 system of Qureshi, Burch and Morar as applied to claims 1, 9 and 15 above teaches application selection, however neither reference teaches a method of claim 1, further comprising responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.
In this instance the examiner notes the teachings of Cox. 
	Cox teaches in par. 0070 the following: “a user logging in to system server 22 will be provided a user desktop for display which only includes icons for those applications for which the user is authorized. This same configuration grouping may be provided regardless of the client station 202 on which the user is accessing the system.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qureshi, Burch and Morar with the teachings of Cox by including the feature of authenticated software application. Utilizing authenticated software application as taught by Cox above allows a system to provide comprehensive access control and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Qureshi, Burch and Morar will obtain the capability to provide enhanced system security. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/Examiner, Art Unit 2497