DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted applicant’s initial time of filing for patent. 
Priority
Applicant’s instant application is a CON and claims domestic priority under 35 USC 120 to non-provisional application # 16/812,904, filed on 03/09/2020, now US PAT # 11012239, which in turn is CON and claims domestic priority under 35 USC 120 to non – provisional application # 15/825509, filed on 11/29/2017, now US PAT # 10630480. 
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 06/28/2021, the submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Applicant’s drawings filed on 04/09/2021 have been inspected and is in compliance with MPEP 608.02.
Specification
Applicant’s specification filed on 04/09/2021 has been inspected and is in compliance with MPEP 608.01. 
Claim Objections
Claim[s] 10 is objected to because of the following informalities: the claim limitations does not end in proper grammatical punctuation. 
Appropriate correction is required.
Claim[s] 10, 15 are objected to because of the following informalities: Claim[s] 10 is objected to under 37 CFR 1.75 as being a substantial duplicate of claim[s] 15. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).
  	Appropriate correction is required.
Claim Interpretation – 35 USC 112th 6th or F 
It is in the examiner’s opinion that claim[s] 1 – 20 do not invoke means for or step plus functional claim language. 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim[s] 1, 9, 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. It is unclear from the claim language how or why or the relationship of the received cryptographic machine registration digest and the collected client security factors is used for determination to access the protected resource of the server as recited.  
Appropriate action required. 
Claim Rejections – 35 USC § 101
NO rejections warranted at applicant’s time of filing the instant application. 
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based e-Terminal Disclaimer may be filled out completely online using web-screens. An e-Terminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about e-Terminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim[s] 1, 6 – 9, 16 are rejected on the ground of non-statutory double patenting as being unpatentable over claim[s] 1, 7 – 10, 19 of U.S. Patent No. 11012239. 
Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of both the pending application and the patented subject matter are not distinct in the following manner:
A server authorizes a client queried operation to access a protected resource or service based on trusted client security factors that are obtained at client machines and then provided to the server. Where the server will determine that the client is trusted based on the gathered client security factors, then allow access to the requested secured resource or server. 
	Also, see the table below for a claim by claim comparison. 
US Pending Application # 17/227032
US PAT # 11012239
1. A method comprising, 

at a server machine:










receiving a cryptographic machine registration digest from a client machine;

sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;

receiving the one or more client security factors collected by the client program based on the sending the instruction;

receiving, from the client program, a request comprising a command to access a protected resource or a protected service; and

allowing the command to access the protected resource or the protected service based on at least one of the one or more client security factors.

1. A method comprising, 

at a client machine comprising one or more processors:

producing a machine registration digest using a cryptographic hash algorithm and a digest of a client program installed on the client machine, the digest provided as input to the cryptographic hash algorithm;



the client program sending the machine registration digest to a server;

the client program receiving an instruction from the server to collect one or more client security factors;


based on the receiving the instruction from the server, the client program collecting the one or more client security factors;

the client program providing the one or more client security factors to the server;


the client program sending a request to the server, the request including a command to access a resource protected by the server; and

the client program causing the server to allow the command to access the resource based on at least one of the one or more client security factors.

6. The method of Claim 1, further comprising:


the instruction to collect one or more specified client security factors indicates that a particular client security factor of the one or more client security factors is to be collected using a particular client security factor provider that operates as a plugin to the client program.

7. The method of Claim 1, wherein:



the instruction received from the server to collect one or more specified client security factors indicates that a particular client security factor of the one or more client security factors is to be collected using a particular client security factor provider;

the particular client security factor provider operates as a plugin to the client program; and

the method further comprises:

the client program using a cryptographic hash algorithm to compute a digest of
the particular client security factor provider, and the client program providing the digest of the particular client security factor provider to the server.

7. The method of Claim 1, further comprising:


the one or more client security factors collected at the client machine and received by the server machine include one or more of:



information collected from a trusted platform module (TPM) device of the client machine,



a serial number of the client machine,

a media access control (MAC) address of the client machine, 

an operating system version of the client machine, 

an operating system kernel patch level of the client machine, 




a list of services that are enabled at the client machine,

information collected from an operating system registry of the client machine,

an attribute of an operating system of the client machine,

contents collected from a filesystem file at the client machine,

a list of processes executing at the client machine,

information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,

information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client machine,


a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request
sent from the client machine,

a result obtained at the client machine from a call to an operating system application
programming interface,

a result obtained at the client machine from a representational state transfer (REST) request,

a result obtained at the client machine from a call to an application programming interface of the client program, or

a result obtained at the client machine from a call to an application programming interface of a virtual machine.

8. The method of Claim 1, wherein the one or more client security factors
collected at the client machine and provided to the server include one or more of:






information collected from a trusted platform module (TPM) device of the client machine,



a serial number of the client machine,


a media access control (MAC) address of the client machine, an operating system version of the client machine, 



an operating system kernel patch level of the client machine,




a list of services that are enabled at the client machine,

information collected from an operating system registry of the client machine,

an attribute of an operating system of the client machine,

contents collected from a filesystem file at the client machine,

a list of processes executing at the client machine,

information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,

information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client
machine,

a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request sent from the client machine,

a result obtained at the client machine from a call to an operating system application
programming interface,

a result obtained at the client machine from a representational state transfer (REST) request, 

a result obtained at the client machine from a call to an application programming interface of the client program, or

a result obtained at the client machine from a call to an application programming
interface of a virtual machine.


8. The method of Claim 1, further comprising:

prior to receiving the request from the client program, receiving a re-collected set of the one or more client security factors from the client program;



authorizing the command to access the protected resource based on at least one client security factor of the re-collected set of the one or more client security factors.

9. The method of Claim 1, further comprising:

prior to the client program sending the request to the server, the client program re-collecting a set of the one or more client security factors and sending the re-collected set of the one or more client security factors to the server, 

wherein the server authorizes the command to access the resource based on at least one client
security factor of the re-collected set of the one or more client security factors.

9. One or more non-transitory computer-readable media storing one or more programs, the one or more programs comprising instructions which, when executed by a server machine having one or more processors, are capable of causing the server machine to perform:








receiving a cryptographic machine registration digest from a client machine;

sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;

receiving the one or more client security factors collected by the client program based on the sending the instruction;


receiving, from the client program, a request comprising a command to access a protected resource or a protected 
service; and





allowing the command to access the protected resource or the protected service based on at least one of the one or more client security factors.

10. One or more non-transitory computer-readable media storing one or more programs, the one or more programs comprising instructions which, when executed by a client machine having one or more processors, are capable of causing the client machine to perform:

producing a machine registration digest using a cryptographic hash algorithm and a digest of a client program installed on the client machine, the digest provided as input to the cryptographic hash algorithm;


the client program sending the machine registration digest to a server;

the client program receiving an instruction from the server to collect one or more client security factors;


based on the receiving the instruction from the server, the client program collecting the one or more client security factors;

the client program providing the one or more client security factors to the server;



the client program sending a request to the server, the request including a command to access a resource protected by the server; and

the client program causing the server to allow the command to access the resource based on at least one of the one or more client security factors.

16. A server machine comprising:

one or more hardware processors;

storage media; and

a plurality of programs stored in the storage media, each program of the plurality of programs configured for execution by at least one of the one or more hardware processors, the plurality of programs comprising instructions which, when executed by the one or more hardware processors, are capable of causing the one or more hardware processors to perform:







receiving a cryptographic machine registration digest from a client machine;


sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;

receiving the one or more client security factors collected by the client program based on the sending the instruction;



receiving, from the client program, a request comprising a command to access a protected resource or a protected service; and


allowing the command to access the protected resource or the protected service based on at
least one of the one or more client security factors.

19. A system comprising:

one or more hardware processors;

storage media; and

a plurality of programs stored in the storage media, each program of the plurality of programs configured for execution by at least one of the one or more hardware processors, the
plurality of programs comprising instructions which, when executed by the one or more hardware processors, are capable of causing the one or more hardware processors to perform:

producing a machine registration digest using a cryptographic hash algorithm and a digest of a client program installed on a client machine, the digest provided as input to the cryptographic hash algorithm;

the client program sending the machine registration digest to a server;


the client program receiving an instruction from the server to collect one or more client security factors;


based on the receiving the instruction from the server, the client program collecting the one or more client security factors;

the client program providing the one or more client security factors to the server;

the client program sending a request to the server, the request including a command to access a resource protected by the server; and

the client program causing the server to allow the command to access the resource based
on at least one of the one or more client security factors.



Claim[s] 1, 6 – 9, 16 are rejected on the ground of non-statutory double patenting as being unpatentable over claim[s] 1, 7 – 10, 20 of U.S. Patent No. 10630480.
Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter of both the pending application and the patented subject matter are not distinct in the following manner:
A server authorizes a client queried operation to access a protected resource or service based on trusted client security factors that are obtained at client machines and then provided to the server. Where the server will determine that the client is trusted based on the gathered client security factors, then allow access to the requested secured resource or server. 
	Also, see the table below for a claim by claim comparison. 
US Pending Application # 17/227032
US PAT # 10630480
1. A method comprising, 

at a server machine:













receiving a cryptographic machine registration digest from a client machine;

sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;

receiving the one or more client security factors collected by the client program based on the sending the instruction;







receiving, from the client program, a request comprising a command to access a protected resource or a protected service; and

allowing the command to access the protected resource or the protected service based on at least one of the one or more client security factors.

1. A method comprising:

at a client machine comprising one or more processors:

using a cryptographic hash algorithm to compute a machine registration digest;

wherein both of the following are provided as input to the cryptographic hash algorithm to compute the machine registration digest: (a) a digest of a client program installed on the client machine, and (b) a machine identifier of the client machine;

the client program sending the machine registration digest to a server;

the client program receiving instruction from the server to collect one or more specified client security factors;

based on the receiving the instruction from the server, the client program collecting the one more specified client security factors at the client machine;

the client program providing the one or more specified client security factors collected at
the client machine to the server;

the client program sending a request to the server, the request including a command to access a resource protected by the server; and

wherein the server authorizes the command to access the resource based on at least one of the one or more client security factors collected at the client machine and provided to the server.

6. The method of Claim 1, further comprising:


the instruction to collect one or more specified client security factors indicates that a particular client security factor of the one or more client security factors is to be collected using a particular client security factor provider that operates as a plugin to the client program.

7. The method of Claim 1, wherein: the instruction received from the server to collect one or more specified client security factors indicates that a particular specified client security factor of the one or more specified client security factors is to be collected using a particular client security factor provider;

the particular client security factor provider operates as a plugin to the client program;

the method further comprises:

the client program using a cryptographic hash algorithm to compute a digest of
the particular client security factor provider, and

the client program providing the digest of the particular client security factor
provider to the server.

7. The method of Claim 1, further comprising:


the one or more client security factors collected at the client machine and received by the server machine include one or more of:



information collected from a trusted platform module (TPM) device of the client machine,



a serial number of the client machine,

a media access control (MAC) address of the client machine, 

an operating system version of the client machine, 

an operating system kernel patch level of the client machine, 




a list of services that are enabled at the client machine,

information collected from an operating system registry of the client machine,

an attribute of an operating system of the client machine,

contents collected from a filesystem file at the client machine,

a list of processes executing at the client machine,

information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,

information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client machine,


a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request sent from the client machine,

a result obtained at the client machine from a call to an operating system application programming interface,

a result obtained at the client machine from a representational state transfer (REST) request,

a result obtained at the client machine from a call to an application programming interface of the client program, or

a result obtained at the client machine from a call to an application programming interface of a virtual machine.

8.The method of Claim 1, wherein the one or more specified client security factors collected at the client machine and provided to the server include one or more of the following client security factors:



information collected from a trusted platform module (TPM) device of the client machine,

a serial number of the client machine, 
a media access control (MAC) address of the client machine, 
an operating system version of the client machine, 
an operating system kernel patch level of the client machine, 


a list of services that are enabled at the client machine,
information collected from an operating system registry of the client machine, 
an attribute of an operating system of the client machine, 
contents collected from a filesystem file at the client machine, 

a list of processes executing at the client machine,
information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,
information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client machine,

a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request sent from the client machine,
a result obtained at the client machine from a call to an operating system application programming interface,
a result obtained at the client machine from a representational state transfer (REST) request,
a result obtained at the client machine from a call to an application programming interface of the client program, or
a result obtained at the client machine from a call to an application programming
interface of a virtual machine.

8. The method of Claim 1, further comprising:

prior to receiving the request from the client program, receiving a re-collected set of the one or more client security factors from the client program;



authorizing the command to access the protected resource based on at least one client security factor of the re-collected set of the one or more client security factors.

9. The method of Claim 1, further comprising:

prior to the client program sending the request to the server, the client program re- collecting at least one of the one or more specified client security factors and sending the at least one re-collected client security factor to the server; 


and wherein the server authorizes the
command to access the resource based on the at least one re-collected client security factor.

9. One or more non-transitory computer-readable media storing one or more programs, the one or more programs comprising instructions which, when executed by a server machine having one or more processors, are capable of causing the server machine to perform:










receiving a cryptographic machine registration digest from a client machine;






sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;

receiving the one or more client security factors collected by the client program based on the sending the instruction;






receiving, from the client program, a request comprising a command to access a protected resource or a protected  service; and

allowing the command to access the protected resource or the protected service based on at least one of the one or more client security factors.

10. A method comprising:

at a server comprising one or more processors and storage media:













receiving a machine registration digest from a client machine;


verifying existence of a registration entry in a trusted machine registry containing the machine registration digest;



based on the verifying existence of the registration entry, sending instruction to the client machine to collect one or more specified client security factors;

receiving the one or more specified client security factors collected by the client machine from the client machine;


setting the one or more client security factors received from the client machine in a server session;

receiving a request from the client machine, the request including a command to access a resource protected by the server; and

authorizing access to the resource protected by the server based on at least one of the one or more client security factors set in the server session.

16. A server machine comprising:

one or more hardware processors;

storage media; and


a plurality of programs stored in the storage media, each program of the plurality of programs configured for execution by at least one of the one or more hardware processors, the plurality of programs comprising instructions which, when executed by the one or more hardware processors, are capable of causing the one or more hardware processors to perform:








receiving a cryptographic machine registration digest from a client machine;


sending, to a client program installed on the client machine, an instruction to collect one or more client security factors;


receiving the one or more client security factors collected by the client program based on the sending the instruction;






receiving, from the client program, a request comprising a command to access a protected resource or a protected service; and


allowing the command to access the protected resource or the protected service based on at
least one of the one or more client security factors.

20. A system comprising:

a plurality of hardware processors;

storage media; and


a plurality of programs stored in the storage media, each program of the plurality of programs configured for execution by at least one of the plurality of processors, the plurality of programs comprising instructions which, when executed by the plurality of processors, are capable of causing the system to perform:



computing a machine registration digest based on both: (a) a digest of a client program of the plurality of programs, and (b) an identifier of a client machine;

verifying existence of a trusted machine registration entry containing the machine registration digest;


based on the verifying existence of the trusted machine registration entry, sending instruction to the client machine to collect one or more specified client security factors;

receiving the one or more specified client security factors collected by the client machine from the client machine;

setting the one or more client security factors received from the client machine in a server
session;

receiving a request from the client machine, the request including a command to access a
resource protected by a server; and

authorizing access to the resource protected by the server based on at least one of the one
or more client security factors set in the server session.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 4, 9, 12, 16, 19 is/are rejected under 35 U.S.C. 102[a][1] as being taught by Croft et al. [US PGPUB # 2007/0180493].
As per claim 1. Croft does teach a method [Croft, paragraph: 0003, line 1, Conventionally, users on a client machine have used a combination of a web browser and other client-based applications to access a content file or application retrieved from a remote location.] comprising, 
at a server machine: receiving a cryptographic machine registration digest from a client machine [Croft, paragraph: 0266, lines 5 – 7, The collection agent 704 gathers information 712 including, without limitation, machine ID of the client machine 10, operating system type, existence of a patch to an operating system, MAC addresses of installed network cards, a digital watermark on the client device..etc. Then further of Croft, at paragraph: 0014, lines 3 - 4, The collection agent gathers information about the client machine [i.e. applicant’s client machine]. The policy engine [i.e. applicant’s server machine] receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information. Where further of Croft, at paragraph: 0268, In some embodiments, the digital watermark includes data embedding. In some embodiments, the watermark comprises a pattern of data inserted into a file to provide source information about the file. In other embodiments, the watermark comprises hashed data [i.e. applicant’s cryptographic machine registration digest] files to provide tamper detection. Where further of Croft, at paragraph: 0262, lines 1 – 3, In more detail, the client machine 710 transmits to the policy engine 706 a request 206 for resource enumeration. In one embodiment, the policy engine 706 resides on a resource server 30'. In another embodiment, the policy engine 706 resides on a remote machine 30];
sending, to a client program installed on the client machine, an instruction to collect one or more client security factors [Croft, paragraph: 0016, lines 2 – 3, In another embodiment, the policy engine transmits instructions to the collection agent determining the type of information the collection agent gathers. Then further of Croft, paragraph: 0015, lines 1 – 3, In one embodiment, the collection agent executes on the client machine. In another embodiment, the policy engine transmits the collection agent to the client machine. In still another embodiment, the collection agent gathers information by running at least one script on the client machine.];
receiving the one or more client security factors collected by the client program based on the sending the instruction [Croft, paragraph: 0014, lines 3 - 4, The collection agent gathers information about the client machine. The policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information. See also Croft, paragraph: 0016.];
receiving, from the client program, a request comprising a command to access a protected resource or a protected service [Croft, paragraph: 0014, line 2, The client machine requests access to a resource.]; and
allowing the command to access the protected resource or the protected service based on at least one of the one or more client security factors [Croft, paragraph: 0014, lines 5 – 6, The broker server establishes, responsive to the assigned level of access, a connection between the client machine and a computing environment providing the requested resource, the computing environment provided by a virtual machine.].
As per claim 4. Coft does teach the method of Claim 1, further comprising:
evaluating at least one of a key and a value of at least one key-value pair of the one or more client security factors for (i) at least one of a condition, (ii) at least one pattern [Croft, paragraph: 0556, lines 4 – 5, Additionally, the session login mechanism 1545 may monitor any mouse and/or keyboard activity [i.e. applicant’s key and value pair] related to logging on or secure access of the remote machine 30, or any resource, application, network, or network provider.], or (iii) a combination of (i) and (ii).
As per non – transitory computer readable media claim 9 that includes the same or similar claim limitations as method claim 1, and is similarly rejected.
 
***The examiner notes that applicant’s recited “non-transitory computer-readable media,” “one or more programs,” and “one or more processors,” is taught by the prior art of Croft at paragraphs: 0164, 1217.

As per non – transitory computer readable media claim 12 that includes the same or similar claim limitations as method claim 4, and is similarly rejected. 

As per server machine claim 16 that includes the same or similar claim language as method claim 1, and is similarly rejected.

***The examiner notes that applicant’s recited: “one or more hardware processors,” “storage media,” and “plurality of programs,” are taught by the prior art of Croft at paragraphs: 0164, 1217.

As per server machine claim 19 that includes the same or similar claim language as method claim 4, and is similarly rejected.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim(s) 2, 10, 15, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Zatko et al. [US PGPUB # 2016/0188909]
As per claim 2. Croft does teach what is taught in the rejection of claim 1 above. 
While Croft does teach receiving the one or more client security factors in the context of the trusted session [Croft, paragraph: 0014, lines 3 - 4, The collection agent gathers information about the client machine. The policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information. See also Croft, paragraph: 0016. Where further of Croft, at paragraph: 0232, lines 1 – 2, The resource authorization cache 448 may be a cache of the authorized user and group information for all the public (i.e., published) resources in a machine farm 38 or in a group of trusted domains. Each remote machine in a machine farm 38 can maintain its own resource-related information in persistent storage and build up the resource authorization cache 448 in volatile storage.];
receiving the request in the context of the trusted session [Croft, paragraph: 0014, line 2, The client machine requests access to a resource. Where further of Croft, at paragraph: 0232, lines 1 – 2, The resource authorization cache 448 may be a cache of the authorized user and group information for all the public (i.e., published) resources in a machine farm 38 or in a group of trusted domains. Each remote machine in a machine farm 38 can maintain its own resource-related information in persistent storage and build up the resource authorization cache 448 in volatile storage.].
Croft does not teach clearly the method of Claim 1, further comprising:
establishing a trusted session based on receiving the cryptographic machine registration digest.
However, Zatko does teach the method of Claim 1, further comprising:
establishing a trusted session based on receiving the cryptographic machine registration digest [Figure # 1, paragraph: 0086, In some embodiments, when a host 110 application wishes to communicate with a trusted device 130 application, it can: 1) generate an elliptic curve cryptography (ECC) key pair; 2) choose a random end-point number for itself; 3) allocate and initialize a session context structure; 4) register its key hash and end-point number with the session management library; and 5) send a connection request to the trusted device 130 via the first file system partition. The trusted device 130 application is then notified of the inbound connection request. The trusted device 130 then accepts the request or rejects it. If the connection is accepted, the host 130 application may send and receive data via the session. Upon termination of the session, session tear-down procedures common in session-based communication are followed.].
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft and Zatko in order for the authorization for accessing of the requested resource by the client machine by collection of the client information of Croft to include file restrictions of Zatko. This would allow for the request resource provider to require the client to open/use such resource in dictated conditions/environments of the client operating system. See paragraph: 0009 of Zatko. 
As per non – transitory computer readable media claim 10 that includes the same or similar claim limitations as method claim 2, and is similarly rejected. 

As per non – transitory computer readable media claim 15 that includes the same or similar claim limitations as method claim 2, and is similarly rejected. 

As per server machine claim 17 that includes the same or similar claim language as method claim 2, and is similarly rejected.

Claim(s) 3, 11, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Zatko et al. [US PGPUB # 2016/0188909] as applied to claim[s] 2 above, and further in view of Hinton et al. [US PGPUB # 2017/0149767]
As per claim 3. Croft and Zatko do teach what is taught in the rejection of claim 2 above. 	
Croft and Zatko do not clearly teach the method of Claim 2, further comprising:
establishing the trusted session based on determining a role of a user of the client machine in the context of the trusted session.
	However, Hinton does teach the method of Claim 2, further comprising:
establishing the trusted session based on determining a role of a user of the client machine in the context of the trusted session [paragraph: 0058, Here, an Identity Provider (IDP) is responsible for maintaining a user’s lifecycle credentials, including authentication credentials and role/permission information. Through pre-established trust relationships with Service Providers, the IDP is able to assert user information to each trusted SP, allowing the SP to authorize, initiate, and manage sessions with those users without having to manage user accounts, authentication credentials, and authorization permissions.].
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft as modified and Hinton in order for the authorization for accessing of the requested resource by the client machine by collection of the client information of Croft as modified to include using single sign on authentication operations of Hinton. This would allow for the resource provider to trust a third-party identity provider in obtaining vetted authentication data for a requesting client to be authenticated and simplify authentication operations and cost across different resource domain of the resource provider.  See paragraphs: 0003, 0005, 0006, 0008 of Hinton. 
As per non – transitory computer readable media claim 11 that includes the same or similar claim limitations as method claim 3, and is similarly rejected. 

As per server machine claim 18 that includes the same or similar claim language as method claim 3, and is similarly rejected.

Claim(s) 5, 13, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Willden et al. [US PAT # 9697371]
As per claim 5. Croft does teach what is taught in the rejection of claim # 1 above. 
Croft does not teach clearly the method of Claim 1, further comprising:
querying a trusted registry based on the cryptographic machine registration digest. 
However, Willden does teach the method of Claim 1, further comprising:
querying a trusted registry based on the cryptographic machine registration digest [col. 22, lines 29 – 37, The method of example 1, wherein validating the second data comprises: using, by the TEE [i.e. applicant’s trusted registry], a cryptographic key to decrypt the second data, wherein the second data comprises a first hash value of the first data generated by the remote computing device; performing, by the TEE, a hashing algorithm on the first data to generate a second hash value of the first data; and determining, by the TEE, the second data is verified when the first hash value matches the second hash value [i.e. applicant’s querying a….based on the cryptographic machine registration digest].]. 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft as modified and Willden in order for the protection of the requested resource by resource provider before access by the requesting client machine of Croft as modified to include encrypting the resource data of Willden. This would allow for the resource provider to protect the requested resource data by encrypting such data while in transit to the client machine. See Col. 3, lines 15 – 21 of Willden. 
As per non – transitory computer readable media claim 13 that includes the same or similar claim limitations as method claim 5, and is similarly rejected. 

As per server machine claim 20 that includes the same or similar claim language as method claim 5, and is similarly rejected. 

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Fichter et al. [US PGPUB # 2017/0316455]
As per claim 6. Croft does teach what is taught in the rejection of claim # 1 above. 
Croft does not teach clearly the method of Claim 1, further comprising:
the instruction to collect one or more specified client security factors indicates that a particular client security factor of the one or more client security factors is to be collected using a particular client security factor provider that operates as a plugin to the client program.
However, Fichter does teach the method of Claim 1, further comprising:
the instruction to collect one or more specified client security factors indicates that a particular client security factor of the one or more client security factors is to be collected using a particular client security factor provider that operates as a plugin to the client program [Figure # 5, and paragraph: 0063, lines 1 – 5, FIG. 5 illustrates an example method for generating an accurate count of advertisement impressions. The example method is indicated by reference numeral 500 and begins with block 502 including one or more operations for receiving data collected by the collection plug-in.].
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft as modified and Fichter in order for the protection of the requested resource by resource provider before access by the requesting client machine of Croft as modified to include monitoring the number of requests for the resource or service of Fichter. This would allow for the resource provider to set a threshold and act when the number of client machine requests is above the nominal resource provider threshold. See paragraph: 0008, lines 11 – 14 of Fichter. 
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Fransazov et al. [US PGPUB # 2018/0288165]
As per claim 7. Croft does teach what is taught in the rejection of claim # 1 above. 
Croft does not teach clearly the method of Claim 1, further comprising:
the one or more client security factors collected at the client machine and received by the server machine include one or more of:
information collected from a trusted platform module (TPM) device of the client machine,
a serial number of the client machine,
a media access control (MAC) address of the client machine,
an operating system version of the client machine,
an operating system kernel patch level of the client machine,
a list of services that are enabled at the client machine,
information collected from an operating system registry of the client machine,
an attribute of an operating system of the client machine,
contents collected from a filesystem file at the client machine,
a list of processes executing at the client machine,
information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,
information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client machine,
a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request sent from the client machine,
a result obtained at the client machine from a call to an operating system application programming interface,
a result obtained at the client machine from a representational state transfer (REST) request,
a result obtained at the client machine from a call to an application programming interface of the client program, or
a result obtained at the client machine from a call to an application programming interface of a virtual machine. 
	However, Fransazov does teach the method of Claim 1, further comprising:
the one or more client security factors collected at the client machine and received by the server machine include one or more of:
information collected from a trusted platform module (TPM) device of the client machine,
a serial number of the client machine,
a media access control (MAC) address of the client machine,
an operating system version of the client machine,
an operating system kernel patch level of the client machine,
a list of services that are enabled at the client machine [Figure # 5 and paragraph: 0040, lines 1 – 14, and lines 21 – 24, At 504, the server computer 16 determines the initial configuration parameters for the cloud services session based on currently available information about, for example, the client computer 12, a user of the client computer, the server computer 16,……………… For further example, the server computer 16 may receive information about the anticipated amount of resources projected to be utilized by the client computer 12 during the session.],
information collected from an operating system registry of the client machine,
an attribute of an operating system of the client machine,
contents collected from a filesystem file at the client machine,
a list of processes executing at the client machine,
information collected from a Hypertext Transfer Protocol (HTTP) session at the client machine,
information obtained from a Hypertext Transfer Protocol (HTTP) cookie at the client machine,
a result received at the client machine from a Hypertext Transfer Protocol (HTTP) request sent from the client machine,
a result obtained at the client machine from a call to an operating system application programming interface,
a result obtained at the client machine from a representational state transfer (REST) request,
a result obtained at the client machine from a call to an application programming interface of the client program, or
a result obtained at the client machine from a call to an application programming interface of a virtual machine. 
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft as modified and Fransazov in order for the protection of the requested resource by resource provider before access by the requesting client machine of Croft as modified to include conditional restrictions of Fransazov. This would allow for the resource provider to give approval of access restrictions met, before access to the resource is allowed. See paragraph: 0007, lines 4 – 16 of Fransazov. 
Claim(s) 8, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Croft et al. [US PGPUB # 2007/0180493] in view of Birk et al. [US PAT # 7634803]
As per claim 8. Croft does teach what is taught in the rejection of claim # 1 above. 
Croft does not teach clearly the method of Claim 1, further comprising:
prior to receiving the request from the client program, receiving a re-collected set of the one or more client security factors from the client program;
authorizing the command to access the protected resource based on at least one client security factor of the re-collected set of the one or more client security factors.
However, Birk does teach the method of Claim 1, further comprising:
prior to receiving the request from the client program, receiving a re-collected set of the one or more client security factors from the client program [col. 2, lines 9 – 11, As a result, a “re-login” to the configured user registry is required by the application server to re-gather many of the security attributes.];
authorizing the command to access the protected resource based on at least one client security factor of the re-collected set of the one or more client security factors [col. 2, line 9, As a result, a “re-login” to the service provider for transaction purposes].
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Croft as modified and Birk in order for the protection of the requested resource by resource provider before access by the requesting client machine of Croft as modified to include multi-factor authentication of Birk. This would allow the resource provider to authenticate a requesting client machine based on a myriad of authentication attributes before access is allowed to the resource. See col. 1, lines 51 – 59 of Birk. 
As per non – transitory computer readable media claim 14 that includes the same or similar claim limitations as method claim 8, and is similarly rejected. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. NI [US PGPUB # 2014/0074716], who does teach a display detects a user interaction with a user interface of a first application and, in response to detecting the user interaction with the user interface of the first application, determines whether one or more security parameters are satisfied, where a first security parameter is satisfied when a network access point being used by the electronic device satisfies predefined criteria. In accordance with a determination that the one or more security parameters are satisfied, the device: displays a security keyboard on the display corresponding to a second application different from the first application; and receives user information input via the security keyboard by a user of the electronic device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/          Primary Examiner, Art Unit 2434