Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

 DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 5/5/2022, for application 16/592,206 has been entered.
This Office Action is in response to the amendment filed 5/5/2022 for application 16/592,206.
Claims 1-22 have been examined and are pending.  Claims 1, 6, 11, and 21 have been amended. Claims 1, 11, 21, and 22 are independent claims.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 5/5/2022, with respect to claims 1-22, have been fully considered but they are not persuasive.
Applicant remarked as follows:  Applicant agrees with the Examiner's interpretation of the claims to the extent they are aligned with the intent of the inventor with respect to the claimed subject matter (See Official Action at pp. 12 - 14). To the extent the Examiner's interpretation is inconsistent with the claimed subject matter, Applicant disagrees with such interpretation and reserves the right to challenge any such interpretation in this or future applications. 
9VP/#56190982.5Examiner respectfully notes that teachings from the prior art have been applied in rejecting the invention as claimed.
Docket No. 56614.00.0003 Applicant remarked as follows:  During the interview, Applicant's representative reviewed the proposed claim amendments along with the supporting disclosure with the Examiner. Applicant's representative and the Examiner specifically discussed how the proposed claim amendments overcome the cited prior art. The Examiner agreed that the proposed amendments possibly overcome the cited prior art of record but noted further review will be needed The Examiner also brought up a new reference Paz (US20150339474) and discussed briefly the Examiner's findings related to Paz. Towards the end of the interview, the Examiner suggested Applicant file a response to the FOA.  An initial review of Paz shows that the reference does not disclose or teach or provide motivation to a POSITA to arrive at Applicant's claimed system, method or device. 
Examiner respectfully notes that the interview summary for the interview held April 18 2022 is as follows: The applicant alleged differences between the prior art and proposed amended claims. The examiner pointed out his position that the proposed amended claims possibly overcome the prior art of record but further review is needed. A brief discussion of Paz (US20150339474) was conducted. The applicant agreed to consider further amendment that will be submitted for further examination.
Applicant remarked as follows:  First, the subject matter that must be obvious in order to deny patentability under Section 103 is the entirety of the claimed invention-a concept Congress nailed down with the statutory phrase "as a whole." See 35 U.S.C. § 103; MPEP § 2141.02. The Federal Circuit has also emphasized the importance of basing obviousness determinations on the totality of the record in its review of the Board's decision in In re Chu, 66 F.3d 292 (Fed. Cir. 1995). See Ruiz v. A.B. Chance Co., 357 F.3d 1270, 1275 (Fed. Cir. 2004) ("The 'as a whole' instruction in title 35 prevents evaluation of the invention part by part. . . . This form of hindsight reasoning, using the invention as a roadmap to find its prior art components, would discount the value of combining various existing features or principles in a new way to achieve a new result - often Docket No. 56614.00.0003Appl. No.: 16/592,206the very definition of invention."). Further, in considering obviousness under Section 103, the Manual of Patent Examining Procedure (MPEP) instructs the Examiner to step back in time and into the shoes of the hypothetical person of ordinary skill in the art (POSITA) when the invention was unknown and just before it was made - before the effective filing date of the invention. MPEP § 2142. 
 Examiner respectfully disagrees.  In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
Applicant remarked as follows:  Put simply, if one steps backward in time and into the shoes worn by a POSITA when this invention was "unknown" and just before it was made (or filed), Applicant's claimed invention "as a whole" would not have been obvious at that time to that person. Ruiz v. A.B. Chance Co., 357 F.3d 1257 (Fed. Cir. 2004). 
Examiner respectfully disagrees.  Applicant’s effective filing date of October 3 2019 is after the effective filing dates of Suryanarayanan, filed May 20, 2014, Angara, filed September 24, 2018, and van der Linden, filed May 3, 2010.  Each of Suryanarayanan, Angara, and van der Linden are directed to cloud technology.  
Applicant remarked as follows:  Second, none of the cited references, alone or in combination, disclose, teach or provide motivation to a POSITA to combine the cited references to arrive at Applicant's claimed system, method or device. For instance, primary reference Suryanarayanan is directed to accessing a cloud workspace via implementation of a virtual private cloud for the workspace service that extends out to certain security gateway or access gateway components in multiple geographically distributed locations. (See, e.g., Suryanarayanan at ¶[0017]-[0019] and FIG. 1, also shown below.) 
12  Examiner respectfully disagrees.  Applicant’s effective filing date of October 3 2019 is after the effective filing dates of Suryanarayanan, filed May 20, 2014, Angara, filed September 24, 2018, and van der Linden, filed May 3, 2010.  Each of Suryanarayanan, Angara, and van der Linden are directed to cloud technology.  
Applicant remarked as follows:  Suryanarayanan is not like the claimed invention. Applicant's secure access system and method consist of one or more client devices that forms a first secure connection to a server infrastructure and which, in turn, forms a second secure connection to a secure database system. In order to form the first secure connection,  Docket No. 56614.00.0003Appl. No.: 16/592,206the client device is configured to authenticate user credentials utilizing a smartcard authenticator - the authenticator further configured to authenticate the smartcard credentials directly from a smartcard reader or from derived credentials from the smartcard. Further, in Applicant's claimed system and/or method, the user device, once authenticated, forms a first secure connection to a server infrastructure using encryption algorithms in order to encrypt the connection between a client device and the server infrastructure. 
Examiner respectfully notes that because of Applicant’s amendment of claims 1, 11, and 21, these references are now rejected by Suryanarayanan in combination with Angara and one or more of  van der Linden, Lu, Karimzadeh, and Higgins.
Applicant remarked as follows:  Suryanarayanan does not disclose, teach or even remotely suggest to a POSITA to arrive at Applicant's claimed system, method or device. For instance, Suryanarayanan fails to disclose, teach or suggest a method for connecting to a secure database through a cloud workspace comprising the steps of authenticating a user, the user utilizing a user device and connecting the user device to a smartcard having smartcard derived credentials, as recited in amended independent claim 1. Suryanarayanan also fails to disclose, teach or suggest any method of affirmatively authenticating a user via a smartcard authenticator application and establishing a first secure connection between the user device and a cloud workspace wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure, as recited in amended independent claims 11 and 21. Finally, Suryanarayanan also fails to disclose, teach or suggest any secure device comprising a wireless transceiver, a microprocessor coupled to the wireless transceiver, a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to receive a first request to connect to a secured database from a secured application on a cloud server workspace, as recited in independent claim Docket No. 56614.00.0003Appl. No.: 16/592,20622. 
Examiner respectfully disagrees.  Regarding claim 22, Suryanarayanan discloses, in paragraph 0115,  a secure device comprising: a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to; in paragraphs 0021 and 0083, receive a first request to connect to a secured database from a secured application on a cloud server workspace; and, in paragraph 0076, enable the secured application to connect to the secured database.
Applicant remarked as follows:  The secondary references do not overcome any of the deficiencies of the primary reference and/or provide the alleged motivation to combine the references. For instance, Angara is directed to systems and methods to allow a user to seamlessly log in to compatible websites that are set up with multi-factor authentication security features. (See, e.g., Angara, col. 4:4-27 and col. 9:1-10.) The remaining secondary references, namely North Wales Police (dated January 14, 2016), Hu (US20190361697), Caputo 071 (US5778071), Van der Linden (US20110022812), Johnson (US20160004741), Combet (US8862880) and Lu (US20170180351), alone or in combination, do not disclose, teach or even remotely suggest to a POSITA to arrive at Applicant's claimed system, method or device. Applicant's claimed invention is more than just authenticating website logins or securing access to cloud workspace or creating connections to certain security gateway or access gateway components in multiple geographically distributed locations. The deficiencies of the cited references, alone or in combination, clearly show that without the benefit of Applicant's disclosure there is no teaching, suggestion or motivation for a POSITA to combine the references and arrive at Applicant's claimed system, method or device. There is no plausible rationale as to why a POSITA-just before the invention was made and confronted by the same problems as the inventors here and with no knowledge of the claimed invention- would select the various elements from the cited references and combine them in the claimed manner. Nothing in the cited prior art as a whole suggests the desirability and thus the obviousness of making the selective combination. See Panduit Corp. v. Dennison Mfg. Co., 810 F.2d 1561. 
15 VP/#56190982.5 Examiner respectfully disagrees.  Applicant’s effective filing date of October 3 2019 is after the effective filing dates of Suryanarayanan, filed May 20, 2014, Angara, filed September 24, 2018, and van der Linden, filed May 3, 2010.  Each of Suryanarayanan, Angara, and van der Linden are directed to cloud technology.  Angara discloses, in col. 8, lines 47-67, receive a first response from the wireless transceiver from the one or more secured database servers for authentication; in col. 8, lines 47-67, generate a second request to the secured application for authentication where second request encompasses multi-factor authentication that a user has previously accessed, in col. 8, lines 47-67, route the second request for authentication to the secured application where second request encompasses multi-factor authentication that a user has previously accessed; in col. 8, lines 47-67, receive a second response from the secured application; in col 8, lines 47-67, receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled where third response encompasses multi-factor authentication that a user has previously accessed;  dashboard 500 may indicate that multi-factor authentication is disabled on websites 504 and 510, for a user”.  Van der Linden discloses, in paragraph 0410, a wireless transceiver; in paragraphs 0065 and 0410, a microprocessor coupled to the wireless transceiver; in paragraph 0410, route the first request to the wireless transceiver, in paragraph 0410, enable the wireless transceiver to transmit the first request to the one or more secured database servers, in paragraph 0410, route the second response to the wireless transceiver, in paragraph 0410, enable the wireless transceiver to transmit the second response to one or more secured database servers; in paragraph 0387. wherein the second response is an indication the first request originated from a pre-determined device.Appl. No.: 16/592,206 
Applicant argues as follows:  In sum, the cited references alone or in combination fail to disclose, teach or provide motivation to a POSITA to arrive at a system, method and/or device for connecting a cloud workspace containing a client's private data and systems to a secured cloud database comprising a user device, the user device, once authenticated, forming a first secure connection to a server infrastructure; wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure having affirmatively authenticated the user via a smartcard authenticator application and establishing a first secure connection between the user device and a cloud workspace.  Based on the foregoing, the cited references alone or in combination-at a minimum-do not provide a basis for modification and/or do not teach, disclose or even remotely suggest or provide a motivation to a POSITA to arrive at the claimed elements of independent claims 1, 11, 21 (as amended) and 22. As such, Applicant respectfully submits that the FOA fails to make a prima facie case of obviousness. Thus, Applicant respectfully requests that the rejections be withdrawn. 
Examiner respectfully disagrees.  Angara, col. 1, lines 34-37, discloses enabling multi-factor authentication for seamless website logins and van der Linden, paragraphs 0002 and 0310, discloses  integrating/ leveraging functionality for delivering resources between local and remote sites.  Suryanarayanan, Angara, and van der Linden are directed to cloud technologies and have CPC classifications in G06F9.
The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270 5002 to schedule an interview.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: the communication component configured to accept in claim 21, lines 4-5, and communication component further configured to request in claim 21, lines 8-9.  Paragraph 0036 of Applicant’s originally filed specification discloses “Computer hardware may include one or more processor, non-volatile memory, and/or a communication component.”
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claims 1, 5, and 8-10 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Karimzadeh (US20160080364), filed August 27, 2015.
Regarding claim 1, Suryaranarayan discloses a method for connecting to a secure database through a cloud workspace comprising, 
authenticating a user, the user utilizing a user device (Suryanarayanan, paragraph 0074, “In some embodiments, these virtual workspaces may be intended to replace a desktop computer, e.g., they may be intended to run the same software programs that a member of the organization or enterprise on whose behalf they were instantiated and configured would access on a desktop computer in an office setting (e.g., applications that perform end-user productivity tasks).  Note that these applications may or may not be stand-alone applications.  For example, in some cases, each of the virtual workspaces (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual workspace have been authenticated.”);
having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”);
having established the first secure connection, accessing the cloud workspace having a secured application client by the user (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”);
having accessed the cloud workspace (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”).
Suryanarayanan discloses having accessed the cloud workspace, but does not explicitly disclose the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database.
However, in an analogous art, Angara discloses the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; the secured application client being a software that when launched, causes the cloud workspace to establish a second secure connection to a secure database system requiring two-factor authentication to access the secure database and having a secured application server software; having accessed the cloud workspace, launching the secured application client by the user, wherein the secured application client, when in communication with the secured application server software, disables the two-factor authentication requirement of the secure database system such that the user, having previously been affirmatively authenticated, obtains access to the secure database.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara disclose having affirmatively authenticated the user, establishing a first secure connection between the user device and a cloud workspace; but do not explicitly disclose connecting the user device to a smartcard having smartcard derived credentials, having affirmatively authenticated the user via a smartcard authenticator application, establishing a first secure connection between the user device and a cloud workspace.
However, in an analogous art, Karimzadeh discloses connecting the user device to a smartcard having smartcard derived credentials, having affirmatively authenticated the user via a smartcard authenticator application, establishing a first secure connection between the user device and a cloud workspace (Karimzadeh, paragraph 0033, smart card connects to user device, smart card receives and verifies credential; paragraph 0098, credentials may be stored on a smart card; paragraph 0117, app for authenticating).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include connecting the user device to a smartcard having smartcard derived credentials, having affirmatively authenticated the user via a smartcard authenticator application, establishing a first secure connection between the user device and a cloud workspace.
One would have been motivated to provide users with the benefits of  a secure communication channel for authentication between a first device and a second device (Karimzadeh: paragraphs 0002 and 0015).
Regarding claim 5, Suryanarayanan, Angara, and Karimzadeh discloses the method of claim 1.  Angara discloses wherein authenticating a user includes utilizing two-factor authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 8, Suryanarayanan, Angara, and Karimzadeh discloses the method of claim 1.  Angara discloses wherein the user device is a mobile device (Angara, col. 1, lines 7-18, “Sophisticated network attacks often render simple password authentication insufficient to protect unauthorized access to enterprise and consumer networks and applications.  Traditional solutions to combat these threats include multi-factor (e.g., second factor) authentication that may include obtaining out-of-band user approval for user login events using a mobile device.  For example, a traditional second factor authentication solution may include requesting a user to enter an additional one-time password (i.e., a mobile credential) that a website's authentication server sends to the user's mobile device, in addition to providing a username/password combination.”).
Regarding claim 9, Suryanarayanan, Angara, and Karimzadeh discloses the method of claim 1.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 10, Suryanarayanan, Angara, and Karimzadeh discloses the method of claim 1.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a dedicated connection (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Claims 2 and 3 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Karimzadeh (US20160080364), filed August 27, 2015, and Niche, North Wales Police, January 14, 2016, one page.
Regarding claim 2, Suryanarayanan, Angara, and Karimzadeh disclose the method of claim 1.
Suryanarayanan, Angara, and Karimzadeh do not explicitly disclose wherein the secured application client is a NicheRMS application.
However, in an analogous art, Niche discloses wherein the secured application client is a NicheRMS application (NicheRMS, North Wales Police, next to last paragraph, “They also provide access to the national police computer system (PNC) and useful web-based applications like the voters’ register — the local electoral roll featuring current addresses — the national police/legal database (PNLD), and operational briefing sheets. With query-only capability for RMS at the outset of the project, NWP have now taken the next step to add reporting.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Niche with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Karimzadeh to include wherein the secured application client is a NicheRMS application.
One would have been motivated to provide users with the benefits of providing their suppliers with a web-based service that allows access to RMS data, and developing a mobile- compatible reporting functionality (Angara: col. 1, lines 38-40).
Regarding claim 3, Suryanarayanan, Angara, and Karimzadeh disclose the method of claim 1.
Suryanarayanan, Angara, and Karimzadeh do not explicitly disclose wherein the secured database is a NicheRMS database.
However, in an analogous art, Niche discloses wherein the secured database is a NicheRMS database(NicheRMS, North Wales Police, next to last paragraph, “They also provide access to the national police computer system (PNC) and useful web-based applications like the voters’ register — the local electoral roll featuring current addresses — the national police/legal database (PNLD), and operational briefing sheets. With query-only capability for RMS at the outset of the project, NWP have now taken the next step to add reporting.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Niche with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Karimzadeh to include wherein the secured database is a NicheRMS database.
One would have been motivated to provide users with the benefits of providing their suppliers with a web-based service that allows access to RMS data, and developing a mobile- compatible reporting functionality (Angara: col. 1, lines 38-40).
Claims 4 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Karimzadeh (US20160080364), filed August 27, 2015, and Hu (US20190361697), filed October 30, 2018.
Regarding claim 4, Suryanarayanan, Angara, and Karimzadeh discloses the method of claim 1.
Suryanarayanan, Angara, and Karimzadeh do not explicitly disclose wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
However, in an analogous art, Hu discloses wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application (Hu, paragraph 0134, “records management activities, such as identity management, transaction processing, and others”; paragraph 0186, “The various metrics to be used in such a determination (608) may be used to enable a monitoring module (e.g., a module of computer program instructions executing on computer hardware such as a CPU) to make such a determination (608).  In fact, such a determination (608) may be generated through the use of a formula that takes many metrics into consideration in a weighted or unweighted fashion.”).
 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Karimzadeh to include wherein the two-factor authentication requirement is disabled through an addition of the code TLSSmartcardMonitorEnable=0 in the NicheRMS application.
One would have been motivated to provide users with the benefits of supporting the storage or use of blockchains (Hu: paragraph 0134).
Claims 6 and 7 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and Karimzadeh (US20160080364), filed August 27, 2015, and Caputo 071 (US5778071), filed August 12, 1996.
Regarding claim 6, Suryanarayanan, Angara, and Karimzadeh disclose the method of claim 1.
Suryanarayanan, Angara, and Karimzadeh do not explicitly disclose wherein the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials.
However, in an analogous art, Caputo discloses wherein the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials (Caputo 071, col. 6, line 62, through col. 7, line 36, “Accordingly, since most industry-standard smartcards may be utilized with the present invention to provide the functionality to be described herein, the particular design of the smartcard utilized in accordance with the present invention is not critical.  Therefore, a smartcard 19 may interface with device 10C when inserted into receptacle 18.  As will be fully described below in the context of the operation of the present invention, the smartcard 19 cooperatively functions with device 10C to provide the novel encrypting/authenticating features of the present invention.  For example, the smartcard may be used to: enter the personal identification number (PIN) of the user; authenticate a user; change encryption algorithms used by the device and/or generally to configure the device.” “Keypad 212 interfaces with the other components of the present invention, as will be described in detail later, in such a manner as to permit the user to enter a PIN or some other numerical data during authentication and/or encryption operations.  If a smartcard interface is also provided, then a user may enter a PIN either by use of the keypad 212 or by inserting the smartcard.  Furthermore, while keypad 212 is illustrated in FIG. 1D as including numerically labeled keys, the present invention also contemplates the use of alphanumerically labeled keys.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Karimzadeh to include wherein the smartcard authenticator application receives a correct personal identification number input from the user that matches the smartcard derived credentials.
One would have been motivated to provide users with the benefits of transportably encrypting and authenticating communications device (Caputo: column 2, lines 23-28).
Regarding claim 7, Suryanarayanan, Angara, and Karimzadeh disclose the method of claim 1.
Suryanarayanan, Angara, and Karimzadeh do not explicitly disclose wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace.
However, in an analogous art, Caputo discloses wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace  (Caputo 071, col. 6, line 62, through col. 7, line 36, “Accordingly, since most industry-standard smartcards may be utilized with the present invention to provide the functionality to be described herein, the particular design of the smartcard utilized in accordance with the present invention is not critical.  Therefore, a smartcard 19 may interface with device 10C when inserted into receptacle 18.  As will be fully described below in the context of the operation of the present invention, the smartcard 19 cooperatively functions with device 10C to provide the novel encrypting/authenticating features of the present invention.  For example, the smartcard may be used to: enter the personal identification number (PIN) of the user; authenticate a user; change encryption algorithms used by the device and/or generally to configure the device.” “Keypad 212 interfaces with the other components of the present invention, as will be described in detail later, in such a manner as to permit the user to enter a PIN or some other numerical data during authentication and/or encryption operations.  If a smartcard interface is also provided, then a user may enter a PIN either by use of the keypad 212 or by inserting the smartcard.  Furthermore, while keypad 212 is illustrated in FIG. 1D as including numerically labeled keys, the present invention also contemplates the use of alphanumerically labeled keys.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hu with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Karimzadeh to include wherein the user device is connected to a smartcard reader and authenticating the user further includes a smartcard authenticator affirmatively authenticating the user provided the user inserts a smartcard, having an assigned user, into the smartcard reader and the smartcard authenticator, reading the smartcard, establishes that the user assigned to the smartcard has permissions to access the cloud workspace.
One would have been motivated to provide users with the benefits of transportably encrypting and authenticating communications device (Caputo: column 2, lines 23-28).
Claims 11-16, 18, and 19 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, van der Linden (US20110022812), filed May 3, 2010 and Higgins (US11240007), filed August 14, 2018.
Regarding claim 11, Suryanarayanan discloses a system for connecting a cloud workspace containing a client’s private data and systems to a secured cloud database comprising: a user device, the user device, once authenticated (Suryanarayanan, paragraph 0074, “In some embodiments, these virtual workspaces may be intended to replace a desktop computer, e.g., they may be intended to run the same software programs that a member of the organization or enterprise on whose behalf they were instantiated and configured would access on a desktop computer in an office setting (e.g., applications that perform end-user productivity tasks).  Note that these applications may or may not be stand-alone applications.  For example, in some cases, each of the virtual workspaces (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual workspace have been authenticated.”);
configured to form a first secure connection to a server infrastructure (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”);
at least one cloud workspace, the cloud workspace being a virtualized operating system having a secured application client (Suryanarayanan, paragraph 0022, “In some embodiments, the resource instances may, for example, be implemented according to hardware virtualization technology that enables multiple operating systems to run concurrently on a host computer, i.e. as virtual machines (VMs) on the hosts.  A hypervisor, or virtual machine monitor (VMM), on a host may present the VMs on the host with a virtual platform and monitors the execution of the VMs.  Each VM may be provided with one or more private IP addresses; the VMM on a host may be aware of the private IP addresses of the VMs on the host.  An example of a system that employs such a hardware virtualization technology is illustrated in FIG. 4 and described in detail below.”; paragraph 0073, “In this example, once the virtual desktop instances have been set up and credentials have been provided, one or more end users may launch a client application on their a client device (e.g., a computer, tablet device, or other mobile device) and enter the credentials for the virtual desktop instance, after which they may be logged into a virtual workspace environment.  Although the virtual workspace environment is implemented by virtualized resource instances in the cloud computing environment, it may appear to the end user as if it were a local desktop and it may operate as if it were an independent computer to which the user is connected.  In some embodiments, the virtual workspace environment may provide access to productivity software and other software programs to which the user would typically have access if the user were logged onto a physical computer owned by the organization or enterprise.”);
the server infrastructure further passing the first secure connection to the cloud workspace (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Suryanarayanan does not explicitly disclose the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
However, in an analogous art, Angara discloses the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include the first VLAN configured to enable a connection to a site-to-site secure connection client, the site-to-site secure connection client establishing a second secure connection to a site-to-site secure connection server on a secure database system; the secure database system having the site-to-site secure connection server, a secured application server, and a secure database, the secure database system having a two-factor authentication requirement to access the secure database, the secure application server being a software application that, when accessed by the secure application client, disables the two-factor authentication requirement.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN.
However, in an analogous art, van der Linden discloses connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN (van der Linden, paragraph 0278, “In another embodiment, the system includes at least one server providing virtualization and hypervisor functionality and residing in the cloud services and hosting infrastructure 406; a virtualization and hypervisor provider may provide such a server.  In still another embodiment, the system includes at least one server providing functionality for executing virtual machines, the server residing in the cloud services and hosting infrastructure 406; a backbone hosting service provider may provide such a server.  In yet another embodiment, additional servers may reside in the cloud services and hosting infrastructure 406 and be provided by other service providers including, without limitation, infrastructure service providers, application service providers, platform service providers, tools service providers, and desktop service providers.”; paragraph 0305, “Referring now to FIG. 5A, a block diagram depicts one embodiment of a system in which a cloud services and hosting infrastructure hosts at least one service on behalf of an enterprise information technology network.  In one embodiment, a virtual local area network (VLAN) is defined that is accessible via a device such as an SSL VPN.”; paragraph 0310, “In other embodiments, implementation of the methods and systems described herein addresses needs that may arise in consolidating application services in a data center or hosting them in the cloud.  In one of these embodiments, a "virtual office appliance" is provided that runs virtual machine appliances locally to provide a subset of services for users in a branch or remote office.  In another of these embodiments, a "virtual office" includes a plurality of servers (one of which may provide failover functionality), executing a virtualization system (such as a hypervisor and control operating system 165).  In still another of these embodiments, the "virtual office" servers execute services and workflows that integrate/leverage functionality--such as that described above in connection with FIGS. 1F-3--to cache and run virtual machine appliances locally.  In some embodiments, virtual machine images are images from which a hypervisor may execute a virtual machine”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of van der Lindon with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include connected to a first VLAN wherein the first VLAN is a client-dedicated segregated VLAN, and stored in at least one non- volatile memory on server infrastructure, the server infrastructure having a hypervisor, the hypervisor managing one or more cloud workspace and one or more VLAN.
One would have been motivated to provide users with the benefits of integrating/ leveraging functionality for delivering resources between local and remote sites (van der Linden: paragraphs 0002 and 0310).
Suryanarayanan, Angara, and van der Linden do not explicitly disclose wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure.
However, in an analogous art, Higgins discloses wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure (Higgins, col. 7, lines 4-14, “At a first operation 240, the client device 210 may send a TLS hello message to the webserver 230. The client device 210 may be any suitable client device or server that desires a secure session or connection with the webserver 230. The client device 210 may also send a random value (that may be specific to the client) and/or a set of supported cipher suites to the webserver 230. The set of supported cipher suites may be the set of encryption or decryption algorithms that are supported by the client device 210. The webserver 230 may receive the TLS hello message and the optional random value and set of supported cipher suites.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Higgins with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and van der Linden to include wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure.
One would have been motivated to provide users with the benefits of protecting authentication credentials in unsecured locations (Higgins: col. 1, lines 7-18).
Regarding claim 12, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.  Angara discloses wherein the site-to-site secure connection server can only establish the second secure connection with the site-to-site secure connection client (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 13, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.  Angara discloses wherein the user device is a mobile device (Angara, col. 1, lines 7-18, “Sophisticated network attacks often render simple password authentication insufficient to protect unauthorized access to enterprise and consumer networks and applications.  Traditional solutions to combat these threats include multi-factor (e.g., second factor) authentication that may include obtaining out-of-band user approval for user login events using a mobile device.  For example, a traditional second factor authentication solution may include requesting a user to enter an additional one-time password (i.e., a mobile credential) that a website's authentication server sends to the user's mobile device, in addition to providing a username/password combination.”).
 Regarding claim 14, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.    Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a virtual private network connection established across the internet (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 15, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.  Suryanarayanan discloses wherein at least one of the first secure connection and the second secure connection is a dedicated connection (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Regarding claim 16, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.  Angara discloses wherein the cloud workspace maintains the second secure connection if the first secure connection is closed (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”).
Regarding claim 18, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.   Van der Linden discloses wherein the server infrastructure comprises one or more servers, each of the servers having one or more processor, one or more non-transitory memory, and one or more communication components (Van der Linden, paragraph 0316, “a separate domain is established in the cloud services and hosting infrastructure 406 for servers 106b that communicate with servers 106c in the enterprise IT network 408.  In other embodiments, no separate domain is implemented.  In still other embodiments, at least one server 106b residing in the cloud services and hosting infrastructure 406 establishes trust relationships and/or VPN sessions with a server 106c in the enterprise IT network 408; such a server may be referred to as a cloud domain controller”; paragraph 0318, “In one of these embodiments, for example, operations may include multiple sequenced steps for a single server 106b--such as, for example, instantiating a machine image, executing a machine based upon the machine image, provisioning at least one storage resource and associating the provisioned at least one storage resource with the server, and provisioning and associating an IP address with the server.  In another of these embodiments, and as another example, operations may include coordinated steps taken between multiple servers 106b--such as, for example, executing a domain controller server, associating a user profile store with the domain controller server, and instantiating at least one resource server associated with the domain controller server.”).
Regarding claim 19, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.  Van der Linden discloses wherein at least one of the first secure connection and the second secure connection is an encrypted connection (Van der Linden, paragraph 0112, “In some embodiment, the appliance 205 has an encryption engine providing logic, business rules, functions or operations for handling the processing of any security related protocol, such as SSL or TLS, or any function related thereto.  For example, the encryption engine encrypts and decrypts network packets, or any portion thereof, communicated via the appliance 205.  The encryption engine may also setup or establish SSL or TLS connections on behalf of the client 102a-102n, server 106a-106n, or appliance 200, 205.  As such, the encryption engine provides offloading and acceleration of SSL processing.  In one embodiment, the encryption engine uses a tunneling protocol to provide a virtual private network between a client 102a-102n and a server 106a-106n.  In some embodiments, the encryption engine uses an encryption processor.  In other embodiments, the encryption engine includes executable instructions running on an encryption processor.”).
Claim 17 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, van der Linden (US20110022812), filed May 3, 2010 and Higgins (US11240007), filed August 14, 2018, and further in view of Johnson (US20160004741), filed July 1, 2014.
Regarding claim 17, Suryanarayanan, Angara, van der Linden, and Higgins disclose the system of claim 11.
Suryanarayanan discloses wherein the at least one cloud workspace is formed by the server infrastructure upon formation of the first secure connection (Suryanarayanan, paragraph 0102, “In some embodiments, configuring the virtual desktop instance for use as a virtual desktop (workspace) instance and beginning a workspace session may include establishing a communication channel between the virtual desktop (workspace) instance and the client on whose behalf the virtual desktop (workspace) instance was configured through a gateway component at a workspace POP location.  Once the virtual desktop instance is configured for use as a virtual desktop (workspace) instance and the communication channel has been established, the method may include managing the two-way interactive video traffic between the virtual desktop (workspace) instance and the client on parallel paths, both of which may include the gateway component.  For example, one path may be used to communicate a stream of pixels (and/or commands for generating and rendering pixels) from the client's virtual desktop (workspace) instance to the client, and another path may be used to communicate inputs from the client to the virtual desktop (workspace) instance.”).
Suryanarayanan, Angara, van der Linden, and Higgins do not explicitly disclose wherein each of the at least one cloud workspace is deleted daily 
However, in an analogous art, Johnson discloses wherein each of the at least one cloud workspace is deleted daily (Johnson, paragraph 0303, “It will also be appreciated that additional processes could be performed in a similar manner, such as deleting or renaming workspaces, modifying access permissions of users, removing users, or the like, and these will not therefore be described in detail.  In the above example, the first user could be an administrator, manager or the like, with the second user being any user authorised to access the workspace by the first user.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Johnson with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, van der Linden and Higgins to include wherein each of the at least one cloud workspace is deleted daily.
One would have been motivated to provide users with the benefits of managing corporate data (Johnson: paragraph 0006).
Claim 20 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, van der Linden (US20110022812), filed May 3, 2010 and Higgins (US11240007), filed August 14, 2018, and further in view of Combet (US8862880), filed September 23, 2011.
Regarding claim 20, Suryanarayanan, Angara, van der Linden, and Higgins discloses the system of claim 11.
Suryanarayanan, Angara, van der Linden, and Higgins do not explicitly disclose wherein each of the one or more non-volatile memory is encrypted.
However, in an analogous art, Combet discloses wherein each of the one or more non-volatile memory is encrypted (Combet, col. 6, lines 5-16, “An ASI/RSI lookup table "save" functionality may be optionally enabled in order to prevent the loss of ASI-RSI association when the NIS 135, or particular processes/applications running on it, are started or restarted.  In this case, the ASI/RSI lookup table 625 is periodically written to an encrypted file 655 in encrypted non-volatile memory 660 (such as a hard-disk drive or other stable storage) and then loaded into volatile memory upon startup/restart, as indicated by the arrow 665 in FIG. 6.  A conventional encryption algorithm such as AES-128 (Advanced Encryption Standard using a 128 bit cryptographic key) may be used to perform the encrypted write”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Combet with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, van der Linden, and Higgins to include wherein each of the one or more non-volatile memory is encrypted.
One would have been motivated to provide users with the benefits of providing a two stage anonymization process to monitored network traffic (Combet: col. 1, lines 33-37).
Claim 21 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, Lu (US20170180351), filed December 21, 2015, and Higgins (US11240007), filed August 14, 2018.
Regarding claim 21, Suryanarayanan discloses a server infrastructure comprising:
a plurality of servers, each server comprising (Suryanarayanan, paragraph 0086, server);
one or more processor (Suryanarayanan, paragraph 0114, processor);
one or more communication component, the communication component configured to accept a first secure connection from a user device to a cloud workspace, the first secure connection established by a cloud workspace client application on the user device (Suryanarayanan, paragraph 0084, “As illustrated in this example, virtual desktop (workspace) instance 632 and one or more other computing and/or network storage resource instances 638 may operate (participate) within a virtual private cloud 630 on the physical resources of virtual computing services provider 610 on behalf of a client and may communicate with each other over a virtual private network (VPN).  Similarly, virtual desktop (workspace) instance 642 and one or more other computing and/or network storage resource instances 648 may operate within a virtual private cloud 640 on the physical resources of virtual computing services provider 610 on behalf of a client (e.g., the same client or a different client) and may communicate with each other over a virtual private network (VPN).  As described herein, each of these virtual desktop (workspace) instances may include two separate and distinct network interfaces that serve different purposes.  For example, virtual desktop (workspace) instance 632 includes E0 interface 634 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 636 for communicating with other network entities 660, while virtual desktop (workspace) instance 642 includes E0 interface 644 for communicating with clients (e.g., via one of workspace gateways 626) and E1 interface 646 for communicating with other network entities 660.”).
Suryanarayanan does not explicitly disclose further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, configured to enable data communication between each of the plurality of servers and the one or more modem.
However, in an analogous art, Angara discloses further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
one or more modem, the modem configured to establish the internet connection with at least one internet service provider (Angara, col. 11, lines 19-38, “For example, in certain embodiments communication interface 622 may facilitate communication between computing system 610 and a private or public network including additional computing systems.  Examples of communication interface 622 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface.  In at least one embodiment, communication interface 622 may provide a direct connection to a remote server via a direct link to a network, such as the Internet.  Communication interface 622 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network, a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.”);
configured to enable data communication between each of the plurality of servers and the one or more modem (Angara, col. 11, lines 19-38, “For example, in certain embodiments communication interface 622 may facilitate communication between computing system 610 and a private or public network including additional computing systems.  Examples of communication interface 622 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface.  In at least one embodiment, communication interface 622 may provide a direct connection to a remote server via a direct link to a network, such as the Internet.  Communication interface 622 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network, a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include further configured to request a second secure connection between a site-to-site secure connection client accessed by a secured application client and a site-to-site secure connection server on a secure database system having a secure database and a secured application server; one or more non-volatile memory, the non-volatile memory storing at least a cloud workspace, the cloud workspace being a virtualized operating system configured to execute the secured application client, the secured application client being computer code that when executed by a processor, causes the processor to establish the second secure connection to the secure database system and remove the two-factor authentication requirement from the secure database system by causing the secured application server computer code to be executed; one or more modem, the modem configured to establish the internet connection with at least one internet service provider; and, configured to enable data communication between each of the plurality of servers and the one or more modem.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component; one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network.
However, in an analogous art, Lu discloses upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component (Lu, paragraph 0021, “The identity provider (IdP) 18 may be responsible for issuing identification information for network devices wanting to interact with the service provider 19 and for the actual authentication of users.  For example, the identity provider 18 may support various authentication mechanisms, including user/password based authentication for LDAP (Lightweight Directory Access Protocol), Kerberos authentication, SmartCard based authentication, and others.  The identity provider 18 may support a variety of protocols, including for example, SAML (Security Assertion Markup Language), which is an WL-based open standard data format that may be used to exchange authentication and authorization data between the identity provider and the service provider 19.  The identity provider 18 and service provider 19 may operate at one or more servers in communication with network 12.  The functions of one or more of the identity provider 18 and service provider 19 may also be embodied by processes running in a data center in a cloud computing environment, for example.”);
one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network (Lu, paragraph 0019, “The network may include any number of network devices in communication via any number of nodes (e.g., routers, switches, gateways, firewalls, controllers, access devices, aggregation devices, core nodes, intermediate nodes, or other network devices), which facilitate passage of data within the network.  The nodes may communicate over one or more networks (e.g., local area network (LAN), metropolitan area network (MAN), wide area network (WAN), virtual private network (VPN), virtual local area network (VLAN), wireless network, enterprise network, Internet, intranet, radio access network, public switched network, or any other network).”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lu with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include upon a successful completion of an authentication process utilizing a smartcard authenticator, the communication component; one or more network switch, each of the one or more network switch configured to segregate each user connection within a virtual local area network.
One would have been motivated to provide users with the benefits of facilitating passage of data (Lu: paragraph 0019).
Suryanarayanan, Angara, and Lu do not explicitly disclose wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure.
However, in an analogous art, Higgins discloses wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure (Higgins, col. 7, lines 4-14, “At a first operation 240, the client device 210 may send a TLS hello message to the webserver 230. The client device 210 may be any suitable client device or server that desires a secure session or connection with the webserver 230. The client device 210 may also send a random value (that may be specific to the client) and/or a set of supported cipher suites to the webserver 230. The set of supported cipher suites may be the set of encryption or decryption algorithms that are supported by the client device 210. The webserver 230 may receive the TLS hello message and the optional random value and set of supported cipher suites.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Higgins with the method/ system/ server infrastructure/ secure device of Suryanarayanan, Angara, and Lu to include wherein the first secure connection uses encryption algorithms to encrypt the connection between a client device and the server infrastructure.
One would have been motivated to provide users with the benefits of protecting authentication credentials in unsecured locations (Higgins: col. 1, lines 7-18).
Claim 22 is rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Suryanarayanan (US20150339136), filed May 20, 2014, in view of Angara (US11080385), filed September 24, 2018, and van der Linden (US20110022812), filed May 3, 2010.
Regarding claim 22, Suryanarayanan discloses a secure device comprising: a digital storage element on element coupled to the microprocessor and storing logic that when executed by the microprocessor causes the microprocessor to (Suryanarayanan, paragraph 0115, “System memory 1120 may be configured to store instructions and data accessible by processor(s) 1110.  In various embodiments, system memory 1120 may be implemented using any suitable memory technology, such as static random-access memory (SRAM), synchronous dynamic RAM (SDRAM), nonvolatile/Flash-type memory, or any other type of memory.  In the illustrated embodiment, program instructions and data implementing one or more desired functions, such as those methods, techniques, and data described above for providing low latency connections to workspaces in a cloud computing environment, are shown stored within system memory 1120 as code 1125 and data 1126.”);
receive a first request to connect to a secured database from a secured application on a cloud server workspace (Suryanarayanan, paragraph 0021, “An example computer system on which embodiments of the techniques for securing workspaces in a cloud computing environment described herein may be implemented is illustrated in FIG. 11.  Embodiments of various systems and methods for implementing these techniques are generally described herein in the context of a service provider that provides to clients, via an intermediate network such as the Internet, virtualized resources (e.g., virtualized computing and storage resources) implemented on a provider network of the service provider.  For example, clients of the service provider may access one or more services of the provider network via APIs to the services to obtain and configure resource instances and to establish and manage virtual network configurations that include the resource instances, for example virtualized private networks.”; paragraph 0083, “Such creation can be based on a specific request, such as from a client computing device, or the workspace service (or a workspace service management component thereof) may initiate dynamic creation of an instance of a virtual machine on its own.  Note that each virtual computing resource instance may include one or more storage devices for storing any type of data used in the delivery and processing of network or computing resources, including but not limited to user data, state information, processing requirements, historical usage data, and resources from content providers that will be processed by one or more of the virtual computing resource instances and transmitted to various client computers, in some embodiments.”);
enable the secured application to connect to the secured database (Suryanarayanan, paragraph 0076, “In some embodiments, the first network interface of each virtual desktop instance (the E0 interface) may be completely controlled by the service provider.  For example, in some embodiments, the only traffic allowed on that interface may be the video stream that is sent to the end user and traffic related to management functions that are under the control of the service provider.  The second interface (the E1 interface) may not be used directly by the end user of the virtual desktop instance, but may provide a network connection for the virtualized computing resource instance that is hosting the virtual desktop instance that is separate from the connection used for the video stream and that allows the virtual desktop instance (or applications or processing executing thereon) to access other networks and network entities on other networks.  In some embodiments, the E0 interface may be used to communicate the commands to launch a browser application on the virtual desktop instance, but the communications out to the Internet from that browser application may take place over the E1 interface.”),
Suryanarayanan does not explicitly disclose receive a first response from the wireless transceiver from the one or more secured database servers for authentication; generate a second request to the secured application for authentication; route the second request for authentication to the secured application; receive a first response from the secured application that its monitoring function is disabled; receive a second response from the secured application; receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled.
However, in an analogous art, Angara discloses receive a first response from the wireless transceiver from the one or more secured database servers for authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”);
generate a second request to the secured application for authentication (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.” --- second request encompasses multi-factor authentication that a user has previously accessed);
route the second request for authentication to the secured application (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”; second request encompasses multi-factor authentication that a user has previously accessed);
receive a second response from the secured application (Angara, col. 8, lines 47-67, “second response encompasses multi-factor authentication that a user has previously accessed);
receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled (Angara, col. 8, lines 47-67, “FIG. 5 is a block diagram of an example dashboard 500 in an example system for enabling multi-factor authentication for seamless website logins.  In some examples, dashboard 500 may be generated and displayed on computing device 202 by setup module 104.  For example, setup module 104 may display dashboard 500 showing multiple icons or screenshots representing websites 502, 504, 506, 508, 510, and 512 supporting multi-factor authentication that a user has previously accessed utilizing user login credentials 222.  In some embodiments, dashboard 500 may further include an indication of which websites 502-512 that a user does not currently have multi-factor authentication enabled.  For example, dashboard 500 may indicate that multi-factor authentication is enabled on websites 502, 506, 508, and 512, while multi-factor authentication is disabled on websites 504 and 510, for a user who has previously accessed websites 502-512 using user login credentials 222.  In some embodiments, setup module 104 may send a notification to the user, based on dashboard 500, inviting the user to enable multi-factor authentication for websites 504 and 510 utilizing the methods described above in FIGS. 3-4.”; third response encompasses multi-factor authentication that a user has previously accessed;  dashboard 500 may indicate that multi-factor authentication is disabled on websites 504 and 510, for a user”;).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Angara with the method/ system/ server infrastructure/ secure device of Suryanarayanan to include receive a first response from the wireless transceiver from the one or more secured database servers for authentication; generate a second request to the secured application for authentication; route the second request for authentication to the secured application; receive a first response from the secured application that its monitoring function is disabled; receive a second response from the secured application; receive a third response from the wireless transceiver from the one or more secured database that the authentication monitoring function is disabled.
One would have been motivated to provide users with the benefits of enabling multi-factor authentication for seamless website logins (Angara: col. 1, lines 34-37).
Suryanarayanan and Angara do not explicitly disclose a wireless transceiver; a microprocessor coupled to the wireless transceiver; route the request to the wireless transceiver; enable the wireless transceiver to transmit the first request to the one or more secured database servers; route the second response to the wireless transceiver; enable the wireless transceiver to transmit the response to one or more secured database servers; wherein the second response is an indication the first request originated from a pre-determined device.
However, in an analogous art, van der Linden discloses a wireless transceiver (van der Linden, paragraph 0410, “a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
a microprocessor coupled to the wireless transceiver (van der Linden, paragraph 0065, “In still even another of these embodiments, the computing device 100, such as a multicore microprocessor, combines two or more independent processors into a single package, often a single integrated circuit (IC)”; paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
route the first request to the wireless transceiver (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
enable the wireless transceiver to transmit the first request to the one or more secured database servers (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
route the second response to the wireless transceiver (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
enable the wireless transceiver to transmit the second response to one or more secured database servers (van der Linden, paragraph 0410, “the pool management component 164a includes a transmitter sending the request for the identification of the physical host to the host recommendation service 1002”);
wherein the second response is an indication the first request originated from a pre-determined device (van der Linden, paragraph 0387, response to request, identifiers, device correlation).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of van der Lindon with the method/ system/ server infrastructure/ secure device of Suryanarayanan and Angara to include a wireless transceiver; a microprocessor coupled to the wireless transceiver; route the second response to the wireless transceiver; enable the wireless transceiver to transmit the first request to the one or more secured database servers; enable the wireless transceiver to transmit the response to one or more secured database servers; wherein the second response is an indication the first request originated from a pre-determined device.
One would have been motivated to provide users with the benefits of integrating/ leveraging functionality for delivering resources between local and remote sites (van der Linden: paragraphs 0002 and 0310).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368. The examiner can normally be reached 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439                                                                                                                                                                                                        
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439