Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/26/2022 has been entered.


Response to Arguments
In response to communication filed on 03/24/2022, applicant amends claims 1, 5-8, 10, 11, 14-18, 20, and 21.  Applicant cancels claims 4, 13, 19 and adds new claim 22-24.  The following claims, 1-3, 5-12, 14-18, and 20-24 are presented for examination.   

Applicant’s arguments, see Pages 7-11, filed March 24, 2022, with respect to the rejection(s) of claim(s) 1-8, 11-16, 18-21 under 35 USC 102 and claim 9, 10, 17 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art reference, view of Ryman et al. (US10572124 B2, file date 08/06/2013).


Upon further consideration and based on claim amendments, a new ground of rejection of claims 1-3, 5-12, 14-18, and 20-24 is set forth below.  



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-8, 11-16, and 18-24 are rejected under 35 U.S.C. 103 as being unpatentable over Mukkara et al. (US2011/0213956 A1, publish date 09/01/2011) in view of Ryman et al. (US10572124 B2, file date 08/06/2013).

Claims 1, 11, 18:
With respect to claims 1, 11, 18, Mukkara et al. discloses a computer system/a method of/a non-transitory computer readable medium storing processor executable instructions to authorizing an application hosted within a virtual computing session to access at least one resource using a computer system (a secure communication session management system, Figures 1, 3, and 4) comprising/the method comprising/the instructions comprising instructions to: 
one or more memories ("client communication service") is implemented in a machine-accessible and computer-readable storage medium as instructions that execute on one or more processors of a network, 0028); 
one or more network interfaces (The non-browser application includes a web interface to interact with and communicate with a browser, 0011); and 
at least one processor (processor or processor-enabled devices, 0013, 0028) coupled to the memory and the or nor more network interfaces and configured to ("server communication service", the server communication service represents processing for a Secure Socket Layer (SSL) Virtual Private Network (VPN) (referred to as an SSL VPN) performed by a server, 0016-0017) intercept a request transmitted by an application hosted within a virtual computing session (the server communication service detects a request for a secure communication session between a non-browser application and a server, 0018) (non-web based applications (such as a Secure Socket Layer (SSL) Virtual Private Network (VPN)), 0003) (the secure communication session is a SSL VPN session with a secure communication tunnel established between the non-browser application 301 and the server 302, 0047), the request being a request to be authorized to access a resource (identifies the request as a request for the secure communication session to a SSL VPN between the non-browser application and the server, 0019) (resource, 0009); 
pass the request to a virtualization agent hosted outside the virtual computing session (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, a browser is used as an intermediary to initially establish the secure communication session, 0020) (Browser 303, Figure 3);
receive a response to the request, the response including a credential granting authorization to access the resource (the server communication service maps a session cookie that the browser uses with the secure communication session to a secure token, 0022); and 
pass the response to the application to authorize the application to access the resource through use of the credential (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022).

Mukkara et al. does not disclose via execution of a host virtualization agent; pass the request to a local virtualization agent hosted outside the virtual computing session; pass the request from the local virtualization agent to a browser hosted locally to the local virtualization agent; receive, via execution of the host virtualization agent, a response to the request as claimed. 

Ryman et al. teaches via execution of a host virtualization agent (a client agent 1112, a server agent 1114 (e.g., a desktop/application virtualization system such as CITRIX XenApp), The client and server, as illustrated in FIG. 11A, may communicate through an established protocol (e.g., the HDX/ICA protocol in the case of CITRIX XenDesktop/XenApp), an operating environment involving client virtualization platforms, such as Citrix XenClient, where the applications are securely hosted in a work virtual machine (VM) and remoted to the user VM on the same device, as illustrated in FIG. 11B, Column 23, line 61-Column 24, line 27) (Figure 11B); pass the request to a local virtualization agent hosted outside the virtual computing session; pass the request from the local virtualization agent to a browser hosted locally to the local virtualization agent; receive, via execution of the host virtualization agent, a response to the request  (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Ryman et al. in Mukkara et al. for via execution of a host virtualization agent; pass the request to a local virtualization agent hosted outside the virtual computing session; pass the request from the local virtualization agent to a browser hosted locally to the local virtualization agent; receive, via execution of the host virtualization agent, a response to the request as claimed for purposes of providing the system of Mukkara et al. a hybrid approach may be used in which the virtualization server and the computing device share responsibility for performing various steps and divide that responsibility. (see Ryman et al. Column 2, lines 47-51)

Claims 2, 12:
With respect to claims 2, 12, Mukkara et al. discloses the request comprising a scope parameter specifying a scope of access requested for the resource (the server communication service maps a session cookie that the browser uses, 0022).

Claim 3:
With respect to claim 3, Mukkara et al. discloses the response comprising a token granting the scope of access to the resource (the server communication service maps a session cookie that the browser uses with the secure communication session to a secure token, 0022).

Claims 5, 14:
With respect to claims 5, 14, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claims 1 and 11, as addressed. 

Mukkara et al. discloses the virtualization agent being further configured to: receive the response; and pass the response to the host virtualization agent (the server communication service establishes the secure communication session between the non-browser application and the server via a browser, browser is used as an intermediary to initially establish the secure communication session, 0020) (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022) (Generate secret token, pass the secret token, Figure 4).

Ryman et al. teaches the virtualization agent being further configured to: receive the response; and pass the response to the host virtualization agent (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.

Claim 6:
With respect to claim 6, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claim 1, as addressed. 

Mukkara et al. discloses the local virtualization agent being further configured to intercept the response (The request for the SSL VPN connection is made to a browser or intercepted and initially handled by the browser on behalf of the client communication service, 0031).

Ryman et al. teaches the local virtualization agent being further configured to intercept the response (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.

Claims 7, 15:
With respect to claims 7, 15, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claims 1 and 11, as addressed. 

Mukkara et al. discloses further comprising the browser, the browser being configured to pass the response to one or more of the local virtualization agent or the host virtualization agent (then the server communication service instructs the browser to supply the secure token to the non-browser application, 0022) (browser, Figure 4).

Ryman et al. teaches further comprising the browser, the browser being configured to pass the response to one or more of the local virtualization agent or the host virtualization agent (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.

Claims 8, 16, 20:
With respect to claims 8, 16, 20, Mukkara et al. discloses the request comprising an authorization request, the response comprising an authorization response (The user attempts to establish a secure tunnel between the workstation and the corporate server.  The user is prompted to input his/her credentials and the user is authenticated, 0055), and the browser being further configured to:
transmit the authorization request to an authorization server (the web browser opens up the URL and connects to the SSL VPN Server, SSL VPN Server, forwards the request to the SSL VPN authentication service provider (SSLVPN Embedded Authentication Service Provider (ESP), 0059);
receive, from the authorization server, a request to authenticate a user as an owner of the resource (performs a Single Sign On (SSO) operation and redirects the user back to the SSL VPN server., 0060) (login me 3, Figure 4);
authenticate the user as the owner of the resource using one or more of biometrics or multifactor authentication (a user identifier, name, etc. Some examples of identifiers include social security number (SSN), user identifier and password pair, account number, retina scan, fingerprint, face scan, etc., 0010) (user for credentials, 0060);
transmit, to the authorization server, a response to the request to authenticate the user (performs a Single Sign On (SSO) operation and redirects the user back to the SSL VPN server., 0060) (login me 3, Figure 4); and
receive the authorization response from the authorization server (At this point the SSL VPN server generates a secret token (ST) and associates this secret token with cookie CK1, pass the secret cookie information, 0065-0066) (Pass the secret token, Figure 4).

Claim 21:
With respect to claim 21, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claim 1, as addressed. 

Ryman et al. teaches the host virtualization agent being configured to pass the request to the local virtualization agent hosted outside the virtual computing session (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.


Claim 22:
With respect to claim 21, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claim 1, as addressed. 

Ryman et al. teaches the host virtualization agent being configured to pass the response to the application to authorize the application to access the resource thought use of the credential (The virtual private network connections may support and enable single-sign-on authentication processes 554. The single-sign-on processes may allow a user to provide a single set of authentication credentials, which are then verified by an authentication service 558. The authentication service 558 may then grant to the user access to multiple enterprise resources 504, Column 16, lines 62-Column 17, line 1).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.

Claim 23:
With respect to claim 23, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claim 11, as addressed. 

Ryman et al. teaches wherein passing the response to the application comprises passing, via execution of the hose virtualization agent, the response to the application (the activation request may be forwarded (step 712) by a client agent 1112 to a server agent 1114 at a virtualization server 1104. Column 26, lines 11-13) (Once the system (e.g., server agent or client agent) has calculated the zoomed area and zoom factor, in some embodiments, a request may be sent (step 714) by the server agent to the client agent to generate the contextual zoom overlay. The zoom metrics (e.g., zoom area, zoom factor, and/or other data) may be passed within this request, Column 27, lines 31-36).

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.

Claim 24:
With respect to claim 24, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claim 18, as addressed. 

Ryman et al. teaches the request comprising a scope parameter specifying a scope of access requested for the resource (Authentication services 558 may use certificates. Column 17, lines 38-51) (a client side certificate for certain applications 610, certificate-based authentication using ActiveSync protocol may be supported, wherein a certificate from the client agent 604, 
Each managed application may have one associated client certificate, identified by a label, Column 21, lines 46-56)

Mukkara et al. and Ryman et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al. and Ryman et al. is recited in claims 1, 11, 18.



Claims 9, 10, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mukkara et al. (US2011/0213956 A1, publish date 09/01/2011) in view of Ryman et al. (US10572124 B2, file date 08/06/2013) further in view of SUBRAMANIAN et al. (US2018/0075231 A1, publish date 03/15/2018).  (on Applicants IDS filed 08/02/2021)

Claims 9, 17:
With respect to claims 9, 17, the combination of Mukkara et al. and Ryman et al. discloses the limitations of claims 1 and 11, as addressed. 

Neither Mukkara et al. nor Ryman et al. discloses the request comprising a callback parameter specifying a uniform resource identifier (URI) of the application as claimed. 

However, SUBRAMANIAN et al. teaches Cloud Gate is implemented by a web server plugin,  Cloud Gate is implemented by a web/proxy server plugin that provides a web Policy Enforcement Point ("PEP") for protecting HTTP resources based on OAuth (0120, Figure 7), the request (the first request is received by a security gate such as Cloud Gate, 0399) comprising a callback parameter specifying a uniform resource identifier (URI) of the application (OAuth microservice 1004 then redirects browser 1002 to a callback URL with an authorization ("AZ") code, browser 1002 sends the AZ code to OAuth microservice 1004 to request the required tokens 10320186).

Mukkara et al., Ryman et al. and SUBRAMANIAN et al. are analogous art because they are from the same field of endeavor of virtual authorization.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use SUBRAMANIAN et al. in Mukkara et al. and Ryman et al. for the request comprising a callback parameter specifying a uniform resource identifier (URI) of the application as claimed for purposes of providing the system of Mukkara et al. secure access to cloud-based applications, or applications located anywhere, regardless of from what device type or by what user type the applications are accessed (see SUBRAMANIAN et al. 0003)

Claim 10:
With respect to claim 10, the combination of Mukkara et al., Ryman et al. and SUBRAMANIAN et al. discloses the limitations of claim 9, as addressed. 

SUBRAMANIAN et al. teaches the local virtualization agent being configured to rewrite the callback parameter to specify a URI of the local virtualization agent prior to passage of the request to the browser (OAuth microservice 1004 then redirects browser 1002 to a callback URL with an authorization ("AZ") code, browser 1002 sends the AZ code to OAuth microservice 1004 to request the required tokens 10320186).

Mukkara et al., Ryman et al. and SUBRAMANIAN et al. are analogous art because they are from the same field of endeavor of virtual authorization.

The motivation for combining Mukkara et al., Ryman et al. and SUBRAMANIAN et al. is recited in claim 9.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO-Form 892)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to jeffrey c pwu whose telephone number is (571)272-6798.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm., every other Friday off
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433