Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
	This action is responsive to communication filed on: 16 May 2022 with acknowledgement of an original application filed on 14 December 2021.

Claims 1-4, 7-11, 13, and 14 are pending; claims 1, 13 and 14 are independent claims.  

e-Terminal Disclaimer
Applicants filed and approved e-Terminal Disclaimer is sufficient to overcome the Double Patenting Rejection of claims 1-14 of Patent 11245731 (application 17/081941).  Therefore the rejection is withdrawn.


Response to Arguments
Applicant’s arguments filed 16 May 2022 have been fully considered and they are persuasive.



Examiner’s Amendment
An examiner's amendment to the record is attached.  Please enter entire claim set.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  The examiner's amendment was authorized by attorney of record Robyn Wagner in phone interview on 19 May 2022 and confirming email sent on 19 May 2022.   


	The application has been amended as follows:


Amend the following claims 1, 5, 6, 12, 13, 14. 

(Currently Amended)	A system, comprising:
a processor configured to: 
receive at a browser isolation system, a request from a client browser executing on a client device to connect with a remote application;
provide, by the browser isolation system, a surrogate browser to facilitate communications between the client browser and the remote application in accordance with enforcement of a security policy, wherein the browser isolation system is configured to facilitate the communications at least in part by one of:
(1) receiving a first data transmission from the client device and determining, based on the security policy, whether to prevent transmission of the first data transmission, on behalf of the client device, to the remote application, or
(2) receiving a second data transmission from the remote application and determining, based on the security policy, to convert at least a portion of the second data transmission prior to transmission, on behalf of the remote application, to the client device, wherein the second data transmission comprises a file attachment in a first format that is not HTML, and wherein conversion is performed by the browser isolation system from the first format to HTML format; and
enforce, by the browser isolation system, the security policy; and
a memory coupled to the processor and configured to provide the processor with instructions.
(Previously presented)	The system of claim 1, wherein enforcing the security policy includes preventing the client browser from performing a text-field POST to the remote application.
(Previously presented)	The system of claim 1, wherein enforcing the security policy includes preventing a file upload by the client device to the remote application.
(Previously presented)	The system of claim 1 wherein enforcing the security policy includes preventing a file download by the client device to the remote application.
(Cancelled)	
(Cancelled)	
(Previously presented)	The system of claim 1, wherein the processor is further configured to prompt a user to provide a credential associated with a file the user is attempting to upload.
(Previously presented)	The system of claim 7, wherein the processor is further configured to decrypt the file using the credential.
(Previously presented)	The system of claim 1, wherein the processor is further configured to obfuscate URLs provided to the client browser.
(Previously presented)	The system of claim 1, wherein the browser isolation system is further configured to provide the client device with a thin client that executes in the client browser.
(Previously presented)	The system of claim 1, wherein the remote application comprises an ssh web application.
(Cancelled)	
(Currently Amended)	A method, comprising:
receiving at a browser isolation system, a request from a client browser executing on a client device to connect with a remote application accessible via a private network;
providing, by the browser isolation system, a surrogate browser to facilitate communications between the client browser and the remote application in accordance with enforcement of a security policy, wherein the browser isolation system is configured to facilitate the communications at least in part by one of:
(1) receiving a first data transmission from the client device and determining, based on the security policy, whether to prevent transmission of the first data transmission, on behalf of the client device, to the remote application, or
(2) receiving a second data transmission from the remote application and determining, based on the security policy, to convert at least a portion of the second data transmission prior to transmission, on behalf of the remote application, to the client device, wherein the second data transmission comprises a file attachment in a first format that is not HTML, and wherein conversion is performed by the browser isolation system from the first format to HTML format; and
enforcing, by the browser isolation system, the security policy.
(Currently Amended)	A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions for:
receiving at a browser isolation system, a request from a client browser executing on a client device to connect with a remote application accessible via a private network;
providing, by the browser isolation system, a surrogate browser to facilitate communications between the client browser and the remote application in accordance with enforcement of a security policy, wherein the browser isolation system is configured to facilitate the communications at least in part by one of:
(1) receiving a first data transmission from the client device and determining, based on the security policy, whether to prevent transmission of the first data transmission, on behalf of the client device, to the remote application, or
(2) receiving a second data transmission from the remote application and determining, based on the security policy, to convert at least a portion of the second data transmission prior to transmission, on behalf of the remote application, to the client device, wherein the second data transmission comprises a file attachment in a first format that is not HTML, and wherein conversion is performed by the browser isolation system from the first format to HTML format; and
enforcing, by the browser isolation system, the security policy.



Allowable Subject Matter
Claims 1-25 are allowed.

The following is an examiner’s statement of reasons for allowance: the combination of Song et al. and Sng et al. discloses a surrogate browsing system, a checker proxy validates data against a security policy before sending to the client, surrogate browser enforces the same-origin policy. Song et al. whether alone or in combination with the other prior arts of record fail to teach or render obvious

“receive at a browser isolation system, a request from a client browser executing on a client device to connect with a remote application;
provide, by the browser isolation system, a surrogate browser to facilitate communications between the client browser and the remote application in accordance with enforcement of a security policy, wherein the browser isolation system is configured to facilitate the communications at least in part by one of:
(1) receiving a first data transmission from the client device and determining, based on the security policy, whether to prevent transmission of the first data transmission, on behalf of the client device, to the remote application, or
(2) receiving a second data transmission from the remote application and determining, based on the security policy, to convert at least a portion of the second data transmission prior to transmission, on behalf of the remote application, to the client device, wherein the second data transmission comprises a file attachment in a first format that is not HTML, and wherein conversion is performed by the browser isolation system from the first format to HTML format” as recited in claims 1, 13, and 14.


Therefore independent claims 1, 13 and 14 are allowable over the prior arts of record.
Consequently claims 2-4, 7-11 are directly or indirectly dependent upon claims 1 and therefore, they are also allowable over the prior arts of record.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 


Conclusion

Any inquiry concerning this communication or earlier communications from the
examiner should be directed to HELAI SALEHI whose telephone number is (571) 270-7468. The examiner can normally be reached on Monday-Friday, 9am – 5pm, every other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571- 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433