Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the amendment filed on 05/16/2022, in which, claim(s) 1-20 are pending. Claim(s) 1, 3, 7, 9, 14 and 16 are amended. No claim(s) are cancelled or newly added.

Response to Arguments
Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s arguments with respect to the rejection of claim(s) 1-20 have been considered but are moot in view of the new ground(s) of rejection.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Singh et al. (US 2020/0314133 A1) in view of Lin et al. (US 2015/0169864 A1).
Regarding Claims 1, 7, and 14, Singh discloses
receiving, at an authentication service of an enterprise network and from a user device, a request to access an application ([0022], “a mobile application requesting access to enterprise resources”, [0045], “receives requests from a client machine…provide the client 240 with access to an identified application”, [0115], “transmitting first user credentials to the sensitive content management system 650. The credentials may be authentication, login, and/or secondary credentials”); 
receiving, at the authentication service from an identity service engine, a user status associated with the request based on information ([0022], “perform a validation process that determines whether a mobile application requesting access to enterprise resources has accurately identified itself”, [0115], “transmitting first user credentials”); 
Singh does not explicitly teach but Lin teaches
The application is a specific application ([0046], “the specific applications”);
determining, at the authentication service and based on the received user status, whether the user device meets a set of security parameters for accessing the specific application to yield a determination ([0050], “verifying the user devices are sufficiently secured and/or compliant with requirements of the mobile device management system to access the trusted resource system”, [0067], “The first-level security profile may contain information about the user, such as the user's network login credentials”, [0068], “the first second-level security profile may require the first user device to be protected by password and/or biometric authentication techniques, have an updated blacklist and/or whitelist of (specific) applications and/or websites”); and 
determining, at the authentication service and based on the determination, whether to grant the user device specific access to the application or deny the request for accessing the specific application ([0046], “determine the types of applications and the specific applications the user devices 105 are or are not allowed to install and/or execute”, i.e. to access),
Singh and Lin are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lin with the disclosure of Singh. The motivation/suggestion would have been to ensure users only access the organization's network using devices that are sufficient secure (Lin, [0003]).

Regarding Claims 2, 8 and 15, the combined teaching of Singh and Lin teaches 
wherein the user status indicates a status of a user with an organization associated with the enterprise network (Lin, [0003], “an organization's members”, [0042], “enterprise networks”, [0067], “the user's network login credentials”).

Regarding Claims 3, 9 and 16, the combined teaching of Singh and Lin teaches 
wherein the set of security parameters include one or more of: 
the user device is MDM compliant (Lin, [0050], “the user devices are sufficiently secured and/or compliant with requirements of the mobile device management system”).

Regarding Claims 4, 10 and 17, the combined teaching of Singh and Lin teaches 
wherein the request includes a valid login credential provided at the user device (Singh, [0022], “perform a validation process that determines whether a mobile application requesting access to enterprise resources has accurately identified itself”, [0115], “transmitting first user credentials to the sensitive content management system 650. The credentials may be authentication, login, and/or secondary credentials”)

Regarding Claims 5, 11 and 18, the combined teaching of Singh and Lin teaches 
wherein the determination is that the user device does not meet the set of security parameters and the request is denied (Lin, [0050], “verifying the user devices are sufficiently secured and/or compliant with requirements of the mobile device management system to access the trusted resource system”, [0046], “determine the types of applications and the specific applications the user devices 105 are or are not allowed”).

Regarding Claims 6, 12 and 19, the combined teaching of Singh and Lin teaches 
receiving information on a network policy associated with the user status, wherein the request is granted if the network policy allows access to the application for the user status and the determination indicates that the user device meets the set of security parameters (Lin, [0067], “The first-level security profile may contain information about the user, such as the user's network login credentials”, [0068], “the first second-level security profile may require the first user device to be protected by password and/or biometric authentication techniques, have an updated blacklist and/or whitelist of (specific) applications and/or websites”, [0046],  “determine the types of applications and the specific applications the user devices 105 are or are not allowed).

Regarding Claims 13 and 20, the combined teaching of Singh and Lin teaches 
wherein the device is an analytics engine of a network traffic monitoring system (Singh, [0071], “traffic from the mobile device 502 to the public Internet”, [0112], “continue monitoring the virtual session while maintaining the session with the more secure device”).

Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497