Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 1, 9, 15 and 19 are objected to because of the following informalities:
In claim 1: line 22, “both of” should be “both”.
In claim 1: line 20, “but not allowed” should be “and if the request is not allowed”.
In claim 9: line 8, “to determine whether requests from a second computer can be allowed to proceed” should be “to determine whether requests from a second computer are allowed to proceed”.
In claim 15: line 8, “determine whether resource requests should be issued by a second computer” should be “determine whether resource requests are issued by a second computer”.
In claim 15: line 10, “determine whether the resource requests from the second computer should be allowed” should be “determine whether the resource requests from the second computer need to be allowed”.
In claim 15: line 11, “providing the second set of rules” should be “provide the second set of rules”.
In claim 19: line 4, “a domain name that should not be known” should be “a domain name that is not be known”.
Appropriate corrections are required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
In claim 1 limitation “if the request is not allowed according to the first instance of the first set of rules, stop accepting at least some subsequent requests from the second computer even if the at least some subsequent requests would be allowed according to both of the first instance of the first set of rules and the first instance of the second set of rules”, claims languages or terms “some”, “even if”, and “would be” render the claim ambiguous. The term “some” in “stop accepting at least some subsequent request” suggests unspecified amount or number of the subsequent requests and therefore it is not clear how many or which of the subsequent requests need to be accepted and which are not accepted. The term “even if”, “some” and “would be” created further ambiguity. The term “even if” is suggesting “despite the possibility that”, and “would be” is suggesting a desire or a hopeful expectation. It is not clear how many or which of the subsequent requests are allowed.  In order to appraise boundary and scope of the claim limitations, these terms (“some”, “even if” and “would be”) need to be replaced with a clear and precise claim languages or phrases that asserts the intended invention without ambiguity. 
Claim 1 recites the limitation “allow the request to proceed to access the protected resource if allowed according to the first instance of the first set of rules and the first instance of the second set of rules” and the phrase “if allowed” renders the limitation ambiguous. It is not clear what entity is allowed or what condition needs be satisfied by “if allowed”.
In claim 9, the limitation “block the first request and stop accepting at least some subsequent requests from the second computer that would be allowed according to the first set of rules” and “block the first request while continuing to allow the at least some subsequent requests from the second computer” are rendered ambiguous by “some” and “would be” for similar reasons discussed above. 
Furthermore, in claims 2,7, 8, 13 and 14 the term “some” has similarly rendered respective limitations in each claim ambiguous. 
In claim 20, the phrase "attempt" renders the claim indefinite because it is unclear whether the second computer is scanning the network protected by the first computer is occurring or not to establish the intended association.
Claim 15 recites the limitation "the protected resource" in lines 2-3.  There is insufficient antecedent basis for this limitation in the claim.
Dependent claims 2-8, 10-14 and 16-20 are also rejected, for lacking to remedy the above identified deficiencies of their respective independent claims, and therefore rejected as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Therefore, claims 1-20 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.

Allowable Subject Matter
Claims 1-20 would be allowable provided that the above outstanding rejections and objection have been resolved. 
The current application is intended to improve Zero Trust Network Access (ZTNA) that uses Secure Trust Broker in a network environment that may use access control list (ACL) to control per-request access to resources from specific client. Client initiated ZTNA implementations follow Cloud Security Alliance (CSA) specifications for Software Defined Perimeter (SDP) that may include endpoint agent that sends security context to a controller. However, there is a need for real-time detection and mitigation of security threats caused by attempts to request disallowed resources. The current application provides an Access Control Rules (ACR) with Access control List (ACL) implemented by Access Controller with Client Nodes (CN) and Access Nodes (AN) to request access and authorization for protected resources over network. Access requests for subsequent requests are processed according to a set of rules and condition defined for the CN and AN from ACR and ACL.  

The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.
KANAI US 20090083831 A1 discusses policy-based access control decision. The access control is conducted to allow or prohibit what type of access is defined for which user by managing an ACL (Access Control List). In the access control decision system, information for determining the access control is converted into information having abstraction degree similar to an organizational security policy and therefore determine the access control in accordance with the security policy being abstract. This is achieved by a security policy, comprising a rule description showing a rule regulating whether or not an operation is allowed based on a first security attribute of subject information directed to the operation and a second security attribute of a user requesting the operation for the subject information, wherein the rule description regulates to allow the operation when a requirement is satisfied.
Ishikawa US 20110321123 A1 provides an access control list conversion system with the access control list including at least one access control rule, a set of an access target resource to be accessed, an accessing actor user who accesses the access target-resource, and an access right that defines whether to permit or prohibit the access of the accessing actor user to the access target resource, and reads the access control rule described in the access control list; a first rule for determining whether the read access control rule is a permission rule which permits the access of the accessing actor user to the access target resource or a prohibition rule which prohibits the access of the accessing actor user to the access target resource. The access control list conversion system generates an access control list, the access target resource included in an already-existing permission rule that is to be eliminated from a new prohibition rule that has containment relationship with the already-existing permission rule without restriction in description order.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/             Primary Examiner, Art Unit 2494