DETAILED ACTION
Responsive to the Applicant reply filed on 04/25/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in the following.  Claims 1-20 are pending with claims 1, 6, 11, and 16 being in independent form.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The claim amendments and remarks filed by the Applicant on 04/25/2022, have been carefully considered and are responded in the following.
Regarding the non-statutory obviousness-type double patenting rejections, the amendments have overcome the issue. Therefore, the obviousness-type double patenting rejections are withdrawn.  See also Applicant’s remarks on page 23.
In response to the Applicant arguments, page(s) 18 of the Remarks, regarding the claim objections, the amendments have resolved the issues. Therefore, the objections are withdrawn.
In response to the Applicant arguments, page(s) 18, regarding claims 2-3, 5, 8-9, 12-13, 15-16, and 18-20 being rejected under 35 U.S.C. 112(b), the amendments have resolved the issues. Therefore, the rejections are withdrawn.

Applicant’s arguments, page(s) 19-23 of the Remarks, with regards to claims 1-5, 7-10, 11-15, and 17-20 being rejected under 35 U.S.C. § 103 have been considered carefully. 
First, Applicant argues that “the security tokens are used to protect the application server against malicious behavior by the user-agent applications (clients) and in contrast, the tokens in Starnes are used to protect clients … This is the opposite direction of the protection recited in claim 1; see page 19 of the Remarks filed on 04/25/2022.
In response, the Examiner respectfully disagrees because the application token generated and issued by the trust broker service 130 may be used by any party that concerns the authenticity and trustworthiness; see par. 0021-0023.  For example, the application token may be used by network access enforcers (e.g. firewalls); par. 0021.  In Starnes, a client application 185 and a server application 110 … may [each and individually] use the application token programmatically (emphasis added); par. 0025. In the Applicant case analysis (i.e. case 1 and case 2), Applicant emphasizes the token use by client application 185.  However, other system elements in FIG. 1 also uses the application token to ensure the continuous trustworthiness of the target application, such as a network access enforcer, network security device, authentication broker, network router, etc.; see par. 0018 and 0023.  While the token is an indication of trust of the target application, the trust requestor is not only limited to the client, but includes others such as a network access enforcer, network security device, authentication broker, and a network router; each of them can individually request a score-evaluation from the trust broker service, and is, in turn, evaluated by one or more trust evaluation servers belonging to a trust scoring system; par. 0018.  Evidently, the security token of Starnes can be used by a server for protection against malicious behavior from a web application.  Therefore, Applicant’s arguments are not persuasive.
Secondly, it is noted that, among many other changes, at least the selecting step of the limitation “selecting and sending over a network, by a security verification system to a plurality of client devices executing user-agent applications accessing services from an application server, sets of security tests which, when executed by the user-agent applications, profile behaviors of the user-agent applications” is newly added.  With respect to this newly added limitation, the Applicant argument is moot in view of the new ground of rejection necessitated by the Applicant's amendment.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-2, 4-5, 7-9, 11-12, 14-15, 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Starnes (US 20110179477 A1) in view of Demirjian (US 9361446 B1; hereinafter “Demi”).

As per claim 1, Starnes teaches a method comprising: 
receiving, at the security verification system from the client devices, sets of test results from the execution of the sets of security tests by the user-agent applications (Starnes, par. 0023: The trust evaluation server (acting as a security verification system) may perform a real time measurement and verification of the target application or lookup the most recent verification test results based on a continuous monitoring schedule… [gets] a set of test results of security verification, and then generates and returns an application token 150); 
generating and sending, by the security verification system to the client devices, security tokens based on the sets of test results, wherein the security tokens verify security of the user-agent applications and security policies at the application server are enforced based on the security tokens (Starnes, the Abstract and par 0006 and 0011. a trust broker may generate an application token having comprising a weighted trust score; par. 0020-0021 and 0025: the trust broker service issues an application token, and sends the token…).
However, Starnes does not explicitly disclose a step of selecting and sending to a plurality of client devices sets of security tests which, when executed by the user-agent applications, profile behaviors of the user-agent applications.  This aspect of the claim is identified as a difference.
In a related art, Demi teaches,
selecting and sending over a network, by a security verification system to a plurality of client devices executing user-agent applications accessing services from an application server, sets of security tests which, when executed by the user-agent applications, profile behaviors of the user-agent applications (Demi, col. 6, lines 53-67: selecting … a non-blocking CAPTCHA for security tests… select a set of signatures to test over a period of time in order to determine [result] and  allow the online retailer to collect additional signals that may be correlated to better indicate whether a particular signature is associated with a human or automated agent. Once an automated agent has been detected, obtain information corresponding to the behavior of the automated agent in the past and update the automated agent detection model based at least in part on the past behavior; col. 8, lines 47-67: cause the security check 104 to be transmitted in the response 114 to the request 112); 
Starnes and Demi are analogous art, because they are in a similar field of endeavor in improving security tests to protect online services.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Starnes’ system with Demi’s technique of using selected CAPTCHA tests to determine a potential automated agent or a bot.  For this combination, the motivation would have been to protect the service provider with updated tests on a client application.

As per claim 2, the references as combined above teach the method of claim 1, further comprising: 
receiving, at the security verification system from the client devices, requests to verify security of the user-agent applications, the requests specifying one or more characteristics of the user-agent applications executing on the client devices (Demi, col. 6, lines 57-63: the online retailer may select a set of low confidence automated agent signatures to present a non-blocking CAPTCHA); 
wherein selecting the sets of security tests is based on the one or more characteristics of the user-agent applications (Demi, col. 7, lines 12-16: The online retailer may then determine, based on a history corresponding to the signature, particular automated agent behaviors and update the automated agent detection model based at least in part on the determined behaviors).

As per claim 4, the references as combined above teach the method of claim 1, wherein the user-agent applications include web browsers and the sets of security tests include scripts for execution by the web browsers (Demi, col. 8, lines 48-57: generate a CAPTCHA, also referred to as a security check, … included in the HTML file 120… which may include a script or similar executable code, obviously run by web browsers).

As per claim 5, the references as combined above teach the method of claim 1, wherein the sets of security tests executed by the user- agent applications comprise at least one of (Note: optional limitations are recited herein):
a test identifying a user's interactions with the user- agent application (Demi, col. 7, lines 12-16: a non-blocking CAPTCHA … interaction with one or more applications running on a request routing service 306 of the online retailer 310), 
a test identifying a display by the user-agent application of the service accessed from the application server (Note that this limitation is optional, not examined), 
a test identifying the user-agent application's interaction with the application server (Note that this limitation is optional, not examined), and 
a test identifying an executing environment of the user-agent application (Note that this limitation is optional, not examined).

As per claim 7, the references as combined above teach the method of claim 1, wherein the security tokens for the user-agent applications comprise identifications of the sets of security tests (Starnes, par. 0020: ratings; par. 0027: using the checklist for comparison - scan and verify the state of the running applications).

As per claim 8, the references as combined above teach the method of claim 1, wherein generating the security tokens based on the sets of test results comprises comparing the sets of test results to sets of expected test results (Starnes, par. 0020: ratings; par. 0027: using the checklist for comparison. See par. 0033-0034 for the verification and validation from the trust broker service 370; Evidently, Starnes discloses using checklist as a way to compare the test results to a set of expected properties, components, and results); and 
generating the security tokens based on differences between the sets of test results and the sets of expected test results (Starnes, par. 0020-0021 and 0025: the trust broker service issues an application token, and sends the token to the web browsers).

As per claim 9, the references as combined above teach the method of claim 8, wherein, for at least some of the sets of test results, comparing the set of test results to the set of expected test results comprises comparing the set of test results to one or more expected client characteristics, an expected profile of application content when accessed, and expected user activity (Note: optional limitation is recited here) (Starnes, par. 0028 and 0032: The trust monitor service 220 actively monitors the target device including a runtime application profile being accessed.  The Starnes tests also include expected user activity such as the user clicking on “application trust attestation logo” which is shown application instance specific trust score information issued (digitally-signed) by the trust broker service for that given target web application).

As per claim 11, Starnes teaches a non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor to perform steps comprising: 
receiving, at the security verification system from the client devices, sets of test results from the execution of the sets of security tests by the user-agent applications (Starnes, par. 0023: The trust evaluation server (acting as a security verification system) may perform a real time measurement and verification of the target application or lookup the most recent verification test results based on a continuous monitoring schedule… [gets] a set of test results of security verification, and then generates and returns an application token 150); 
generating and sending, by the security verification system to the client devices, security tokens based on the sets of test results, wherein the security tokens verify security of the user-agent applications and security policies at the application server are enforced based on the security tokens (Starnes, the Abstract and par 0006 and 0011. a trust broker may generate an application token having comprising a weighted trust score; par. 0020-0021 and 0025: the trust broker service issues an application token, and sends the token…).
However, Starnes does not explicitly disclose a step of selecting and sending to a plurality of client devices sets of security tests which, when executed by the user-agent applications, profile behaviors of the user-agent applications.  This aspect of the claim is identified as a difference.
In a related art, Demi teaches,
selecting and sending over a network, by a security verification system to a plurality of client devices executing user-agent applications accessing services from an application server, sets of security tests which, when executed by the user-agent applications, profile behaviors of the user-agent applications (Demi, col. 6, lines 53-67: selecting … a non-blocking CAPTCHA for security tests… select a set of signatures to test over a period of time in order to determine [result] and  allow the online retailer to collect additional signals that may be correlated to better indicate whether a particular signature is associated with a human or automated agent. Once an automated agent has been detected, obtain information corresponding to the behavior of the automated agent in the past and update the automated agent detection model based at least in part on the past behavior; col. 8, lines 47-67: cause the security check 104 to be transmitted in the response 114 to the request 112); 
Starnes and Demi are analogous art, because they are in a similar field of endeavor in improving security tests to protect online services.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Starnes’ system with Demi’s technique of using selected CAPTCHA tests to determine a potential automated agent or a bot.  For this combination, the motivation would have been to protect the service provider with updated tests on a client application.

As per claim 12, the references as combined above teach the non-transitory computer-readable storage medium of claim 11 further comprising instructions that cause the processor to perform further steps of: 
receiving, at the security verification system from the client devices, requests to verify security of the user-agent applications, the requests specifying one or more characteristics of the user-agent applications executing on the client devices (Demi, col. 6, lines 57-63: the online retailer may select a set of low confidence automated agent signatures to present a non-blocking CAPTCHA); 
wherein selecting the sets of security tests is based on the one or more characteristics of the user-agent applications (Demi, col. 7, lines 12-16: The online retailer may then determine, based on a history corresponding to the signature, particular automated agent behaviors and update the automated agent detection model based at least in part on the determined behaviors).

As per claim 14, the references as combined above teach the non-transitory computer-readable storage medium of claim 11, wherein the user-agent applications include web browsers and the sets of security tests include scripts for execution by the web browsers (Demi, col. 8, lines 48-57: generate a CAPTCHA, also referred to as a security check, … included in the HTML file 120… which may include a script or similar executable code, obviously run by web browsers).

As per claim 15, the references as combined above teach the non-transitory computer-readable storage medium of claim 11, wherein the sets of security tests executed by the user-agent applications comprise at least one of (Note: optional limitations are recited herein): 
a test identifying a user's interactions with the user-agent application (Demi, col. 7, lines 12-16: a non-blocking CAPTCHA … interaction with one or more applications running on a request routing service 306 of the online retailer 310), 
a test identifying a display by the user-agent application of the service accessed from the application server (Note that this limitation is optional, not examined), 
a test identifying the user-agent application's interaction with the application server (Note that this limitation is optional, not examined), and 
a test identifying an executing environment of the user-agent application (Note that this limitation is optional, not examined).

As per claim 17, the references as combined above teach the non-transitory computer-readable storage medium of claim 11, wherein the security tokens for the user-agent applications comprise identifications of the sets of security tests (Starnes, par. 0020: ratings; par. 0027: using the checklist for comparison - scan and verify the state of the running applications).

As per claim 18, the references as combined above teach the non-transitory computer-readable storage medium of claim 11, wherein generating the security tokens based on the sets of test results comprises comparing the sets of test results to sets of expected test results (Starnes, par. 0020: ratings; par. 0027: using the checklist for comparison. See par. 0033-0034 for the verification and validation from the trust broker service 370; Evidently, Starnes discloses using checklist as a way to compare the test results to a set of expected properties, components, and results); and 
generating the security tokens based on differences between the sets of test results and the sets of expected test results (Starnes, par. 0020-0021 and 0025: the trust broker service issues an application token, and sends the token to the web browsers)..

As per claim 19, the references as combined above teach the non-transitory computer-readable storage medium of claim 18, wherein, for at least some of the sets of test results, comparing the set of test results to the set of expected test results comprises comparing the set of test results to one or more expected client characteristics, an expected profile of application content when accessed, and expected user activity (Note: optional limitation is recited here) (Starnes, par. 0028 and 0032: The trust monitor service 220 actively monitors the target device including a runtime application profile being accessed.  The Starnes tests also include expected user activity such as the user clicking on “application trust attestation logo” which is shown application instance specific trust score information issued (digitally-signed) by the trust broker service for that given target web application).

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Starnes and Demi, as applied to claim 1 above, and further in view of Madou (US 20170187743 A1).

As per claim 3, the references of Starnes and Demi as combined above teach the method of claim 2, but do not explicitly disclose that the characteristics of the application on which the set of security tests are based include types and versions of the applications.  This aspect of the claim is identified as a further difference.
In a related art, Madou teaches:
wherein the one or more characteristics of the user-agent applications comprise a type of the user-agent application and a version of the user-agent application and wherein identifying the sets of security tests based on the one or more characteristics of the user-agent applications comprises identifying the sets of security tests from a plurality of different sets of security tests, the sets of security tests associated with different combinations of types of user-agent applications and versions of user-agent applications (Madou, par. 0023 and 0028: security code analysis can include various types of static code analysis as well as version numbers used for determine vulnerability and patching; par. 0017: patching applications for testing so that applications of the same type and/or version as the application tested.).  
Madou is analogous art to the claimed invention in a similar field of endeavor in improving security testing.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Madou’s test parameter engine 121 to supply test parameters or codes to the target system.  For this combination, the motivation would have been to improve the consistency of the tests.

As per claim 13, the references of Starnes and Demi as combined above teach the non-transitory computer-readable storage medium of claim 12, but do not explicitly disclose that the characteristics of the application on which the set of security tests are based include types and versions of the applications.  This aspect of the claim is identified as a further difference.
In a related art, Madou teaches:
wherein the one or more characteristics of the user-agent applications comprise a type of the user-agent application and a version of the user-agent application and wherein identifying the sets of security tests based on the one or more characteristics of the user-agent applications comprises identifying the sets of security tests from a plurality of different sets of security tests, each associated with different combinations of types of user-agent applications and versions of user- agent applications  (Madou, par. 0023 and 0028: security code analysis can include various types of static code analysis as well as version numbers used for determine vulnerability and patching; par. 0017: patching applications for testing so that applications of the same type and/or version as the application tested.).  
Madou is analogous art to the claimed invention in a similar field of endeavor in improving security testing.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Madou’s test parameter engine 121 to supply test parameters or codes to the target system.  For this combination, the motivation would have been to improve the consistency of the tests.

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Starnes and Demi, as applied to claim 1 above, and further in view of Bennett (US 20130007856 A1).

As per claim 10, the references of Starnes and Demi as combined above teach the method of claim 1, but do not explicitly disclose the steps for updating the security token based on the application action and providing the updated security token to the application. This aspect of the claim is identified as a further difference.
In a related art, Bennett teaches:
wherein, for at least some of the user-agent applications, the set of security tests is executed by a security module of the user-agent application, and wherein the method further comprises: 
receiving, responsive to sending the security token to the client device, an application action identified by the security module (Bennett, par. 0079‐0080: access the first application server (step 608));
updating, at the security verification system, the security token based on the application action (Bennett, par. 0079‐0080: In step 608, the process searches the user identification information to determine whether the user identifier is still valid; generating a new token); and 
providing, by the security verification system, the updated security token to the user- agent application (Bennett, par. 0082: that renewal of the security token and FIG. 7, BLOCK 726 indicating that the updated new token is provided to the browser, which is mapped to the application).
   Bennett is analogous art in a similar field of endeavor in improving security testing and verification systems.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use the updating method of Bennett to modify Starnes’ testing system to provide the updated security token to the application.  For this combination, the motivation would have been to improve the timely updates of security tokens for consistent testing results.

As per claim 20, the references of Starnes and Demi as combined above teach the non-transitory computer-readable storage medium of claim 11, but do not explicitly disclose the steps for updating the security token based on the application action and providing the updated security token to the application. This aspect of the claim is identified as a further difference.
In a related art, Bennett teaches:
wherein, for at least some of the user-agent applications, the set of security tests is executed by a security module of the user-agent application, and wherein the non-transitory computer-readable storage medium further comprises instructions that cause the processor to perform further steps of: 
receiving, responsive to sending the security token to the client device, an application action identified by the security module (Bennett, par. 0079‐0080: access the first application server (step 608)); 
updating, at the security verification system, the security token based on the application action (Bennett, par. 0079‐0080: In step 608, the process searches the user identification information to determine whether the user identifier is still valid; generating a new token); and 
providing, by the security verification system, the updated security token to the user- agent application (Bennett, par. 0082: that renewal of the security token and FIG. 7, BLOCK 726 indicating that the updated new token is provided to the browser, which is mapped to the application).
   Bennett is analogous art in a similar field of endeavor in improving security testing and verification systems.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use the updating method of Bennett to modify Starnes’ testing system to provide the updated security token to the application.  For this combination, the motivation would have been to improve the timely updates of security tokens for consistent testing results.

Allowable Subject Matter
Claims 6 and 16 are allowed over prior art of record for the following reasons.
Claims 6 and 16 as amended to independent claims each recite the following limitations:
“responsive to the security score being below a threshold: 
providing an additional set of security tests to the client device for execution by the application; and 
receiving, from the client device, an additional set of test results reflecting the execution of the additional set of security tests; and 
wherein generating the security token is further based on the additional set of test results.”  The limitations feature generating the security token based on additional tests in response to the security score being below a threshold. When considered in combination with the other limitations in the claims, the claimed invention is not anticipated by, nor made obvious over the prior art of record.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Don Zhao whose telephone number is (571)272-9953.  The examiner can normally be reached on 9 am to 5 pm Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Don G Zhao/
Examiner, Art Unit 2493
06/01/2022