Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-20 have been examined.

Information Disclosure Statement
2.	The information disclosure statements (IDS) submitted on 08/27/2022 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. 

Drawings
3.	The drawings filed on 08/27/2022 are acceptable for examination proceedings.
Specification
4.	The specification filed on 08/27/2022 is acceptable for examination proceedings.

Internet Communications
5. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 


Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.       Claims 1-10 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bauer-Hermann et al. (US 2011/0202987 A1) in view of Jain et al. (US 2010/0125897 A1).

	Bauer-Hermann provide field of identity management and service access control.

	Jain et al. provide computer network security, and more specifically to monitoring the security of digital communications over a computer network.

Regarding claim 1, Bauer-Hermann discloses a method comprising: receiving a selection of a link; determining whether the link is associated with a security policy (para. 0007 discloses receiving a service request (such as a web page access request) from a user; inspecting said request to determine if the request includes valid user credential data required by the service); and in response to determining that the link is associated with the security policy: activating a profile identified by the security policy, and opening the link according to the security policy (para. 0008 discloses the service request to determine whether the request includes valid user credential data required by the service; a user credential insertion module for inserting user credential data obtained from an identity provider into said service request, for example). 

Bauer-Hermann does not expressly discloses wherein opening the link according to the security policy comprises redirecting the opening of the link to the secure file from a first application to a second application.  

However, Jain discloses wherein opening the link according to the security policy comprises redirecting the opening of the link to the secure file from a first application to a second application (paragraph 0003 discloses an endpoint device such as a computer attempts to connect with a corporate network server using a VPN client installed on the computer  and paragraph 0006 discloses the security agent repeatedly monitors the compliance of the endpoint device with a security policy stored on the endpoint device and only enables unrestricted access to the secure network if the endpoint device is in compliance with the security policy).

Bauer-Hermann and Jain are analogous art because they both are directed to field of identity management and service access control and one of ordinary skill in the art would have had a reasonable expectation of success to modify Jain with the specified features of Bauer-Hermann because they are from the same field of endeavor.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Jain with the teachings of   Bauer-Hermann in order to monitoring the security of digital communications over a computer network [paragraph 0001 of Jain].
  
Regarding claim 2, Bauer-Hermann discloses wherein the policy comprises a virtual private network (VPN) policy  (fig 5 of Bauer-Hermann discloses the access network 74 may be the Internet, furthermore paragraph 0002 of Bauer-Hermann discloses “Access to different services, such as Internet services, often requires user authentication”, i.e. covers a private network across a public network, such as the Internet, furthermore paragraph 0030 of Bauer-Hermann  discloses, “the gateway identifies the access request and seeks the required user credentials from the IDM 8 in message exchange 24 and 26”). 

Regarding claim 3, Bauer-Hermann discloses wherein determining whether the link is associated with the security policy comprises determining whether the link is associated with an e- mail (paragraph 0051, discloses, by way of example, consider a scenario in which a user wishes to send an email using the smtp protocol).

Regarding claim 4, Bauer-Hermann discloses wherein determining whether the link is associated with the security policy comprises determining whether an address of the link is associated with an intranet (paragraph 0015 of Bauer-Hermann discloses the services may include a web server and/or an email server” and paragraph 0002 discloses resources via a secure connection to their employer's computer network. A well-known method of providing a secure connection to a network is to establish a Virtual Private Network (VPN), which is private network having secure lines created over a public network, such as the Internet. Virtual privacy of communications over a VPN is established using secure tunnels to encapsulate the data as it is transferred along the secure lines). 

Regarding claim 5, Bauer-Hermann discloses wherein determining whether the link is associated with the security policy comprises determining whether the link is associated with at least one secure source site (paragraph 0002 discloses resources via a secure connection to their employer's computer network. A well-known method of providing a secure connection to a network is to establish a Virtual Private Network (VPN), which is private network having secure lines created over a public network, such as the Internet. Virtual privacy of communications over a VPN is established using secure tunnels to encapsulate the data as it is transferred along the secure lines).
The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 1 which is set forth above.

Regarding claim 6, Jain discloses in response to determining that the link is associated with the security policy, determining whether a virtual private network (VPN) is connected and in response to determining that the VPN is connected, allowing the link to be opened in at least one of a plurality of applications (fig. 1 furthermore paragraph 0022 discloses VPN client 110 may be implemented as software executing on computer 100. VPN client may use VPN profiles 114 stored in a client-accessible location on storage 120. The VPN profiles 114 store, among other things, connection information related to the VPN server 152, such as the VPN server Internet Protocol (IP) address or Universal Resource Locator (URL). VPN profiles 114 may also comprise authentication parameters, details of digital certificates used for authentication, or any other information used in establishing a secure connection between client 110 and VPN server 152. For example, permissions information in a VPN profile may be used by VPN server 152 to restrict access of an endpoint device to only a portion of the secure network 150). 

Regarding claim 7, Jain discloses in response to determining that the VPN is not connected, activating a VPN profile (fig. 1 furthermore paragraph 0022 discloses VPN client 110 may be implemented as software executing on computer 100. VPN client may use VPN profiles 114 stored in a client-accessible location on storage 120. The VPN profiles 114 store, among other things, connection information related to the VPN server 152, such as the VPN server Internet Protocol (IP) address or Universal Resource Locator (URL).   
The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 1 which is set forth above.

Regarding claim 8, Jain discloses wherein activating the VPN profile comprises connecting to a secure server (fig. 1 furthermore paragraph 0022 discloses VPN client 110 may be implemented as software executing on computer 100. VPN client may use VPN profiles 114 stored in a client-accessible location on storage 120. The VPN profiles 114 store, among other things, connection information related to the VPN server 152, such as the VPN server Internet Protocol (IP) address or Universal Resource Locator (URL). VPN profiles 114 may also comprise authentication parameters, details of digital certificates used for authentication, or any other information used in establishing a secure connection between client 110 and VPN server 152. For example, permissions information in a VPN profile may be used by VPN server 152 to restrict access of an endpoint device to only a portion of the secure network 150). 

The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 1 which is set forth above.
 
 	Regarding claim 9, Jain further discloses using the secure server as a proxy server (paragraph 0003 discloses an endpoint device such as a computer attempts to connect with a corporate network server using a VPN client installed on the computer).
The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 35 which is set forth above.

Regarding claim 10, Bauer-Hermann discloses wherein the link comprises a link to a web page (paragraph 0015 of Bauer-Hermann discloses the services may include a web server and/or an email server”).

Regarding claim 16 Bauer-Hermann discloses a computer-readable medium which stores a set of instructions that when executed performs a method executed by the set of instructions comprising (para. 0018 discloses computer program product may include a computer readable medium and fig. 6, the system in fig. 6 comprises processor, furthermore see paragraph 0055): receiving a selection of a link to a resource; determining whether the resource comprises a secure resource; and in response to determining that the resource comprises a secure resource: activating a security policy (para. 0007 discloses receiving a service request (such as a web page access request) from a user; inspecting said request to determine if the request includes valid user credential data required by the service), and opening the link in accordance with the security policy (para. 0008 discloses the service request to determine whether the request includes valid user credential data required by the service; a user credential insertion module for inserting user credential data obtained from an identity provider into said service request, for example). 

 Bauer-Hermann does not expressly discloses wherein opening the link in accordance with the security policy comprises redirecting the opening of the link from a first application to a second application.  

However, Jain discloses wherein opening the link in accordance with the security policy comprises redirecting the opening of the link from a first application to a second application (paragraph 0003 discloses an endpoint device such as a computer attempts to connect with a corporate network server using a VPN client installed on the computer  and paragraph 0006 discloses the security agent repeatedly monitors the compliance of the endpoint device with a security policy stored on the endpoint device and only enables unrestricted access to the secure network if the endpoint device is in compliance with the security policy).

Bauer-Hermann and Jain are analogous art because they both are directed to field of identity management and service access control and one of ordinary skill in the art would have had a reasonable expectation of success to modify Jain with the specified features of Bauer-Hermann because they are from the same field of endeavor.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Jain with the teachings of   Bauer-Hermann in order to monitoring the security of digital communications over a computer network [paragraph 0001 of Jain].

Regarding claim 17, Bauer-Hermann discloses wherein the security policy comprises a virtual private network configuration policy  (fig 5 of Bauer-Hermann discloses the access network 74 may be the Internet, furthermore paragraph 0002 of Bauer-Hermann discloses “Access to different services, such as Internet services, often requires user authentication”, i.e. covers a private network across a public network, such as the Internet, furthermore paragraph 0030 of Bauer-Hermann  discloses, “the gateway identifies the access request and seeks the required user credentials from the IDM 8 in message exchange 24 and 26).

Regarding claim 18, Jain discloses wherein the virtual private network configuration policy comprises a proxy-auto-configuration (PAC) file (paragraph 0003 discloses an endpoint device such as a computer attempts to connect with a corporate network server using a VPN client installed on the computer).
The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 16 which is set forth above.
 
Regarding claim 19, Bauer-Hermann discloses, wherein the first application comprises a default web browser application (fig. 4 discloses the system 40 comprises a web browser 42, a web application 48, a gateway 44 between the web browser and the web application and an identity management system (IDM) 46 operatively coupled to the gateway, for example).

Regarding claim 20, Jain discloses wherein the second application comprises a secure browser application (paragraph 0002 discloses resources via a secure connection to their employer's computer network. A well-known method of providing a secure connection to a network is to establish a Virtual Private Network (VPN), which is private network having secure lines created over a public network, such as the Internet. Virtual privacy of communications over a VPN is established using secure tunnels to encapsulate the data as it is transferred along the secure lines. For example).
The examiner supplies the same rationale for the combination of Bauer-Hermann as modified by Jain as in claim 16 which is set forth above.

7.       Claims 11-15 are rejected under 35 U.S.C. 103 as being unpatentable over Bauer-Hermann et al. (US 2011/0202987 A1) in view of Thomas (US 2014/0020072 A1).
	Thomas provide: security access protection of a user's data as stored in cloud-computing facilities by providing a security access layer between the user and the cloud-computing facilities.

Regarding claim 11, Thomas discloses a system comprising: a memory storage; and a processor coupled to the memory storage (fig 3 depicted a memory 304 storing access credentials 308 for enabling user 302 access to the proxy server 202 and a plurality of corresponding proxy access credentials 310 for enabling the proxy server 202 to link the user-provided access credentials 308 to the proxy access credentials 310 and furthermore 0054 discloses a portable memory storage device), wherein the processor is configured to: display a link (fig. 3a client device 208), receive a request to open the link (paragraph 0005 discloses receiving access … securing a communication link to the client device, i.e. url or sporting websites, for example), determine whether the link comprises a link to a secure file, in response to determining that the link comprises the link to the secure file, determine whether a security policy applies to opening the link to the secure file (paragraph 0047 discloses Personal firewalls may be able to control network traffic by providing prompts each time a connection is attempted and adapting security policy accordingly. Personal firewalls may also provide some level of intrusion detection, which may allow the software to terminate or block connectivity where it suspects an intrusion is being attempted), and in response to determining that the security policy applies to opening the link to the secure file, open the link to the secure file in accordance with the security policy(Abstract, furthermore paragraphs 0005, 0047, 0061discloses receiving access credentials from the user through the secure link; verifying an identity of the user with the access credentials; assessing a security state of the client device to determine if the client is in compliance with a security policy). 

Thomas does not expressly discloses wherein being operative to open the link to the secure file in accordance with the security policy comprises being operative to redirect the opening of the link to the secure file from a first application to a second application.  

However, Jain discloses wherein being operative to open the link to the secure file in accordance with the security policy comprises being operative to redirect the opening of the link to the secure file from a first application to a second application (paragraph 0003 discloses an endpoint device such as a computer attempts to connect with a corporate network server using a VPN client installed on the computer  and paragraph 0006 discloses the security agent repeatedly monitors the compliance of the endpoint device with a security policy stored on the endpoint device and only enables unrestricted access to the secure network if the endpoint device is in compliance with the security policy).
Thomas and Jain are analogous art because they both are directed to field of identity management and service access control and one of ordinary skill in the art would have had a reasonable expectation of success to modify Jain with the specified features of Thomas because they are from the same field of endeavor.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Thomas with the teachings of   Thomas in order to monitoring the security of digital communications over a computer network [paragraph 0001 of Jain].

 Regarding claim 12 Thomas discloses wherein being operative to open the link to the secure file in accordance with the security policy comprises being operative to activate a virtual private network (VPN) prior to opening the link to the secure file (paragraph 0025 discloses “… a security facility may access the rules within a policy facility to determine if the requested access is related to a sporting website … the security facility may analyze the requested website to determine if the website matches with any of the policy facility rules…”, i.e. opening of the link to the secure file from a first application to a second application and Paragraph 0020 discloses network access control may control access to virtual private networks ( VPN), where VPNs may be a communications network tunneled through another network, establishing a logical connection acting as a virtual network). 
 
Regarding claim 13 Thomas discloses wherein the first application comprises a default web browser (paragraph 0051 discloses “network threats may include threats from a plurality of sources, including websites 158, e-mail 160, IM 162, VoIP 164, application software”).
 
Regarding claim 14 Thomas discloses wherein the second application is operative to execute in a secure portion of the memory storage (fig. 3 furthermore paragraph 0061 discloses the user 302 against the access credentials 308, to assess a security state 318 of the client device 208, and to conditionally grant access 328 through the proxy server 202 to one of the plurality of cloud computing facilities 204 using a corresponding one of the plurality of proxy access credentials 310 when the security state 318 is in compliance with a security policy 320).

Regarding claim 15 Thomas discloses wherein the processor is further operative to: close the second application; and erase at least the secure portion of the memory storage used to open the link in the second application (paragraph 0062 discloses  a processor 312 configured to conditionally grant access 328 by the user 302 to one or more of the plurality of cloud computing facilities 204 through the proxy server 202, i.e. Network control may stop unauthorized, guest, or non-compliant systems from accessing networks).

Pertinent Art
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure Groenendaal Pub. No.: US 2005/0260996 A1 provide the example wireless agent is operable to dynamically determine an access point for wireless communications from a mobile device through a network. The wireless agent is further operable to automatically select one of a plurality of security profiles associated with a mobile device based, at least in part, on the determined access point, with each security profile including a plurality of security parameters for accessing at least one wireless network. The wireless agent then modifies at least one of plurality of network configuration options of the mobile device based on the selected security profile and automatically attempts to communicably connect the mobile device to the access point using the network configuration options and Gibson et al. US Patent No.: US 8,776,168 B1 provide Security policy changes can be implemented for a user or a user group based on behaviorally-derived risk information. A behavior-receiving module receives information about user behaviors for the user across various clients with which the user interacts. An attribute-receiving module receives one or more user attributes identified for a user. A profile-generating module generates a user risk profile for the user based on the received information about the user behaviors and the received user attributes. A user scoring module assigns the user a user risk score based on an evaluation of the user risk profile for the user. Similarly, groups of users can be given group risk scores, or users can have combined group/user scores. Finally, a remediation module automatically establishes a security policy requiring remediative actions for the user (or user group) based on the user risk score or combined score (or group score).

  Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
July 14, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434