170Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	The response of 07/25/22 was received and considered.  Claims 1-12 are presented for examination.

	Response to Arguments
Applicant’s amendments and arguments, filed 07/25/22, with respect to 35 USC 112 have been fully considered and are persuasive.  The 35 USC 112 rejection of claims 1-12 has been withdrawn. 
Applicant's arguments filed 07/25/22 have been fully considered but they are not persuasive.   Applicant argues Mumick does not disclose, teach or suggest “identifying a security service of a cloud-based security service” and Mumick is unrelated to the invention set forth in independent claims 1 and 7.  The examiner respectfully disagrees.  Mumick teaches wherein the cloud media platform 213 operates through implementing security policies in paragraphs 0026, 0049.   Mumick further teaches in paragraph 0054: “The distributed and hybrid architecture of the call routing system 206 operates with carriers with different security policies that permit or restrict access between servers inside the carrier's data center and the user devices connected over the public data network 212.”.   Lastly, Mumick teaches, paragraph 0082, the cloud media platform 213 operating system manages security, peripheral devices, and network connections. 
As per claims 2-6 and 8-12, Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
As per claims 2-6 and 8-12, Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claims 1-3 and 7-9 are rejected under 35 U.S.C. 102(a)(1)/(a)(2)  as being anticipated by Mumick et al, US 2017/0237860.

Regarding claim 1, Mumick discloses a method performed within an agent running on an endpoint device by a processing resource of the endpoint device (paragraph 0050: call receiving client application CRCA 205c deployed on one or more user devices), the method comprising: 
identifying a security service of a cloud-based security service is not reachable or is unresponsive, wherein the security service is associated with a particular security function implemented by the agent (0052: FIG. 2, further comprising the cloud media platform 213 implemented in a distributed cloud computing environment, for routing an incoming call made to one of multiple numbers of a user, to the call receiving client application (CRCA) 205c deployed on one or more user devices, for example, called party devices 205a and 205b when one of the numbers being called is not reachable. In this embodiment, the call routing System 206 optionally uses the cloud media platform 213 when there are restrictions between the carrier’s data center and user devices outside the data center.); 
when the security service is not reachable or is unresponsive, determining whether the endpoint device is within a trusted network of a plurality of trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service (0052:  The carrier media platform 207 communicates with the cloud media platform 213 through the secure data network 211. If the CRCA 205c is registered, then the carrier media platform 207 communicates with the CRCA 205c using the cloud media platform 213 as a relay); 
when said determining is affirmative, configuring the particular security feature for operating inside one of the plurality of trusted networks; and when said determining is negative, configuring the particular security feature for operation outside of the plurality of trusted networks (0052: if the response from the carrier ICRS 208 to the query from the carrier media platform 207 indicates that the CRCA 205c is not registered, then the cloud media platform 213 routes the call to the voicemail/MCA server 214 via the carrier media platform 207.).  

Regarding claim 2, Mumick discloses the method of claim 1, wherein the particular security feature comprises micro- segmentation, and wherein the method further comprises: maintaining a local cache of security rules received from the security service; intercepting a communication attempt at the endpoint device (0049: Each carrier media platform 207 communicates directly with the CRCA 205c where a security policy of the carrier allows the direct communication, or communicates with the CRCA 205c over the public data network 212 using the cloud media platform 213 as a relay where the carrier's security policy does not permit direct communication with the CRCA 205c.); and attempting to determine whether the communication attempt is authorized by the security service by querying the security service (0026: allow selective access from authorized servers and devices outside the carrier's data center to servers inside the carrier's data center); wherein configuration of the particular security feature for operating inside one of the plurality of trusted networks comprises configuring the micro-segmentation to allow or disallow the communication attempt based on the security rules in the local cache; and wherein configuration of the particular security feature for operation outside of the plurality of trusted networks comprises configuring the micro-segmentation to allow the communication attempt (0026: security policies of the carrier do not allow direct communication between the media platform in the carrier's data center, herein referred to as a “carrier media platform”, and the CRCA on one or more user devices, the call routing system comprises the carrier ICRS, the cloud ICRS, the carrier media platform, and a cloud media platform implemented in the distributed cloud computing environment, where the carrier media platform communicates with the cloud media platform over the secure data network.  0054:  call routing system 206 operates with carriers with different security policies that permit or restrict access between servers inside the carrier's data center and the user devices connected over the public data network 212.).  

Regarding claim 3, Mumick discloses the method of claim 2, wherein the communication attempt comprises a connection attempt between the endpoint device and a second endpoint device, wherein the security rules comprise Internet Protocol (IP)-based security rules (0056: The carrier media platform 207 communicates with the CRCA 205c using one of multiple voice over internet protocols (VoIPs).  0058, ).  

As per claims 7-9, this is a device version of the claimed method discussed above in claims 1-3 wherein all claimed limitations have also been addressed and/or cited as set forth above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-6 and 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over Mumick  as applied to claims 1-3 and 7-9 above, and further in view of US 2002/0078809 to V et al.

Regarding claim 4, Mumick  lacks or does not expressly disclose a Secure Access Service Edge (SASE) platform.  However, V discloses wherein the cloud-based security service comprises a Secure Access Service Edge (SASE) platform and wherein the security service comprises a segmentation controller that maintains potentially dynamically changing user-based security rules and IP-based security rules (a secure access service edge (SASE) device executing at least one security service, at least one data set defining intelligence provided by the at least one security service, defining at least one policy based at least in part on the intelligence provided by the at least one security service, and managing a trusted application (TA) based on the at least one policy.).  It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Mumick with V, to include a Secure Access Service Edge (SASE) platform, in order to define and enforce policies, as taught by V, paragraph 0014-0015.

Regarding claim 5, Mumick, as modified above, further discloses the method of claim 4, wherein the endpoint device comprises a client computer system and the second endpoint device comprises a server computer system and wherein the connection attempt comprises an outbound connection attempt from the client computer system to the server computer system (fig. 2, user devices 205 and call routing system servers 207-210).  

Regarding claim 6, Mumick, as modified above, further discloses the method of claim 4, wherein the endpoint device comprises a server computer system and the second endpoint device comprises a client computer system and wherein the connection attempt comprises an inbound connection attempt from the client computer system to the server computer system (0044: the call routing system 206 is implemented as a system of multiple servers, for example, the carrier media platform 207, the voicemail/missed call alert (MCA) server 209, the carrier incoming call routing server (ICRS) 208, and the cloud ICRS 210, that routes an incoming call made to one of multiple numbers of a user, to the call receiving client application (CRCA) 205c deployed on one or more called party devices 205a and 205b when one of the numbers is not reachable.).  

As per claims 10-12, this is a device version of the claimed method discussed above in claims 4-6 wherein all claimed limitations have also been addressed and/or cited as set forth above.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 9,251,384 to Potlapally teaches a trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.
US 2013/0254831 to Roach et al. teaches an approach is provided for causing a change in a security policy of a device based on contextual information. The approach involves determining context information associated with a device. The approach also involves determining a security policy of the device. The approach further involves determining a change of the context information. The approach additionally involves processing the determined change of the context information to cause, at least in part, a revision of the security policy of the device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUBREY H WYSZYNSKI/Examiner, Art Unit 2434                                                                                                                                                                                                        
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434